diff --git a/class_generator/schema/__cluster_version__.txt b/class_generator/schema/__cluster_version__.txt index aa78504a8e..8704c4bde9 100644 --- a/class_generator/schema/__cluster_version__.txt +++ b/class_generator/schema/__cluster_version__.txt @@ -1 +1 @@ -v1.33.2 +v1.33.10 diff --git a/class_generator/schema/__resources-mappings.json.gz b/class_generator/schema/__resources-mappings.json.gz index 4947291695..1b86ee993e 100644 Binary files a/class_generator/schema/__resources-mappings.json.gz and b/class_generator/schema/__resources-mappings.json.gz differ diff --git a/class_generator/schema/_definitions.json b/class_generator/schema/_definitions.json index d078b3d699..f53315a2af 100644 --- a/class_generator/schema/_definitions.json +++ b/class_generator/schema/_definitions.json @@ -91,7 +91,7 @@ "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "description": "Name of the environment variable.\nMay consist of any printable ASCII characters except '='.", "type": "string" }, "value": { @@ -110,7 +110,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -142,6 +142,35 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "fileKeyRef": { + "description": "FileKeyRef selects a key of the env file.\nRequires the EnvFiles feature gate to be enabled.", + "properties": { + "key": { + "description": "The key within the env file. An invalid key will prevent the pod from starting.\nThe keys defined within a source may consist of any printable ASCII characters except '='.\nDuring Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", + "type": "string" + }, + "optional": { + "default": false, + "description": "Specify whether the file or its key must be defined. If the file or key\ndoes not exist, then the env var is not published.\nIf optional is set to true and the specified key does not exist,\nthe environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist,\nan error will be returned during Pod creation.", + "type": "boolean" + }, + "path": { + "description": "The path within the volume from which to select the file.\nMust be relative and may not contain the '..' path or start with '..'.", + "type": "string" + }, + "volumeName": { + "description": "The name of the volume mount containing the env file.", + "type": "string" + } + }, + "required": [ + "key", + "path", + "volumeName" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { @@ -182,7 +211,7 @@ }, "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -212,16 +241,16 @@ "x-kubernetes-list-type": "map" }, "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source may consist of any printable ASCII characters except '='.\nWhen a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps", + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", "properties": { "configMapRef": { "description": "The ConfigMap to select from", "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -233,7 +262,7 @@ "x-kubernetes-map-type": "atomic" }, "prefix": { - "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", + "description": "Optional text to prepend to the name of each environment variable.\nMay consist of any printable ASCII characters except '='.", "type": "string" }, "secretRef": { @@ -241,7 +270,7 @@ "properties": { "name": { "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -273,7 +302,7 @@ "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", @@ -287,7 +316,7 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", @@ -343,7 +372,7 @@ "type": "object" }, "sleep": { - "description": "Sleep represents the duration that the container should sleep before being terminated.", + "description": "Sleep represents a duration that the container should sleep.", "properties": { "seconds": { "description": "Seconds is the number of seconds to sleep.", @@ -357,7 +386,7 @@ "type": "object" }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -388,7 +417,7 @@ "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", @@ -402,7 +431,7 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", @@ -458,7 +487,7 @@ "type": "object" }, "sleep": { - "description": "Sleep represents the duration that the container should sleep before being terminated.", + "description": "Sleep represents a duration that the container should sleep.", "properties": { "seconds": { "description": "Seconds is the number of seconds to sleep.", @@ -472,7 +501,7 @@ "type": "object" }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -498,6 +527,10 @@ } }, "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" } }, "type": "object" @@ -506,7 +539,7 @@ "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", @@ -525,7 +558,7 @@ "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -533,7 +566,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -543,7 +577,7 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", @@ -614,7 +648,7 @@ "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -700,7 +734,7 @@ "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", @@ -719,7 +753,7 @@ "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -727,7 +761,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -737,7 +772,7 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", @@ -808,7 +843,7 @@ "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -872,13 +907,17 @@ "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis field depends on the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, "required": [ @@ -928,9 +967,49 @@ "type": "object" }, "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis overrides the pod-level restart policy. When this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nAdditionally, setting the RestartPolicy as \"Always\" for the init container will\nhave the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the\ncontainer should be restarted on exit. The rules are evaluated in\norder. Once a rule matches a container exit condition, the remaining\nrules are ignored. If no rule matches the container exit condition,\nthe Container-level restart policy determines the whether the container\nis restarted or not. Constraints on the rules:\n- At most 20 rules are allowed.\n- Rules can have the same action.\n- Identical rules are not forbidden in validations.\nWhen rules are specified, container MUST set RestartPolicy explicitly\neven it if matches the Pod's RestartPolicy.", + "items": { + "description": "ContainerRestartRule describes how a container exit is handled.", + "properties": { + "action": { + "description": "Specifies the action taken on a container exit if the requirements\nare satisfied. The only possible value is \"Restart\" to restart the\ncontainer.", + "type": "string" + }, + "exitCodes": { + "description": "Represents the exit codes to check on container exits.", + "properties": { + "operator": { + "description": "Represents the relationship between the container exit code(s) and the\nspecified values. Possible values are:\n- In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", + "type": "string" + }, + "values": { + "description": "Specifies the set of values to check for container exit codes.\nAt most 255 elements are allowed.", + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator" + ], + "type": "object" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "securityContext": { "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { @@ -984,7 +1063,7 @@ "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { @@ -1035,7 +1114,7 @@ "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -1073,7 +1152,7 @@ "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", @@ -1092,7 +1171,7 @@ "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -1100,7 +1179,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1110,7 +1190,7 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", @@ -1181,7 +1261,7 @@ "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1286,7 +1366,7 @@ "type": "boolean" }, "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { @@ -1327,12 +1407,13 @@ "properties": { "configName": { "default": "DedicatedVirtualResources", - "description": "ConfigName determine how resource allocation will be done with ApplicationAwareResourceQuota.\nallowed values are: VmiPodUsage, VirtualResources, DedicatedVirtualResources or IgnoreVmiCalculator", + "description": "ConfigName determine how resource allocation will be done with ApplicationAwareResourceQuota.\nallowed values are: VmiPodUsage, VirtualResources, DedicatedVirtualResources, IgnoreVmiCalculator or GuestEffectiveResources", "enum": [ "VmiPodUsage", "VirtualResources", "DedicatedVirtualResources", - "IgnoreVmiCalculator" + "IgnoreVmiCalculator", + "GuestEffectiveResources" ], "type": "string" } @@ -1593,7 +1674,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -1601,7 +1682,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -1737,7 +1818,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -1745,7 +1826,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -1825,7 +1906,7 @@ "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and subtracting\n\"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -1878,7 +1959,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -1886,7 +1967,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2022,7 +2103,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2030,7 +2111,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2441,7 +2522,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2449,7 +2530,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2585,7 +2666,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2593,7 +2674,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2673,7 +2754,7 @@ "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and subtracting\n\"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -2726,7 +2807,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2734,7 +2815,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2870,7 +2951,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -2878,7 +2959,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -3111,423 +3192,37 @@ } ] }, - "addons.cluster.x-k8s.io/v1beta1/ClusterResourceSet": { - "description": "ClusterResourceSet is the Schema for the clusterresourcesets API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ClusterResourceSetSpec defines the desired state of ClusterResourceSet.", - "properties": { - "clusterSelector": { - "description": "Label selector for Clusters. The Clusters that are\nselected by this will be the ones affected by this ClusterResourceSet.\nIt must match the Cluster labels. This field is immutable.\nLabel selector cannot be empty.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resources": { - "description": "resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters.", - "items": { - "description": "ResourceRef specifies a resource.", - "properties": { - "kind": { - "description": "kind of the resource. Supported kinds are: Secrets and ConfigMaps.", - "enum": [ - "Secret", - "ConfigMap" - ], - "type": "string" - }, - "name": { - "description": "name of the resource that is in the same namespace with ClusterResourceSet object.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "strategy": { - "description": "strategy is the strategy to be used during applying resources. Defaults to ApplyOnce. This field is immutable.", - "enum": [ - "ApplyOnce", - "Reconcile" - ], - "type": "string" - } - }, - "required": [ - "clusterSelector" - ], - "type": "object" - }, - "status": { - "description": "ClusterResourceSetStatus defines the observed state of ClusterResourceSet.", - "properties": { - "conditions": { - "description": "conditions defines current state of the ClusterResourceSet.", - "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration reflects the generation of the most recently observed ClusterResourceSet.", - "format": "int64", - "type": "integer" - }, - "v1beta2": { - "description": "v1beta2 groups all the fields that will be added or modified in ClusterResourceSet's status with the V1Beta2 version.", - "properties": { - "conditions": { - "description": "conditions represents the observations of a ClusterResourceSet's current state.\nKnown condition types are ResourceSetApplied, Deleting.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "addons.cluster.x-k8s.io", - "kind": "ClusterResourceSet", - "version": "v1beta1" - } - ] - }, - "addons.cluster.x-k8s.io/v1beta1/ClusterResourceSetBinding": { - "description": "ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ClusterResourceSetBindingSpec defines the desired state of ClusterResourceSetBinding.", - "properties": { - "bindings": { - "description": "bindings is a list of ClusterResourceSets and their resources.", - "items": { - "description": "ResourceSetBinding keeps info on all of the resources in a ClusterResourceSet.", - "properties": { - "clusterResourceSetName": { - "description": "clusterResourceSetName is the name of the ClusterResourceSet that is applied to the owner cluster of the binding.", - "type": "string" - }, - "resources": { - "description": "resources is a list of resources that the ClusterResourceSet has.", - "items": { - "description": "ResourceBinding shows the status of a resource that belongs to a ClusterResourceSet matched by the owner cluster of the ClusterResourceSetBinding object.", - "properties": { - "applied": { - "description": "applied is to track if a resource is applied to the cluster or not.", - "type": "boolean" - }, - "hash": { - "description": "hash is the hash of a resource's data. This can be used to decide if a resource is changed.\nFor \"ApplyOnce\" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.", - "type": "string" - }, - "kind": { - "description": "kind of the resource. Supported kinds are: Secrets and ConfigMaps.", - "enum": [ - "Secret", - "ConfigMap" - ], - "type": "string" - }, - "lastAppliedTime": { - "description": "lastAppliedTime identifies when this resource was last applied to the cluster.", - "format": "date-time", - "type": "string" - }, - "name": { - "description": "name of the resource that is in the same namespace with ClusterResourceSet object.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "applied", - "kind", - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "clusterResourceSetName" - ], - "type": "object" - }, - "type": "array" - }, - "clusterName": { - "description": "clusterName is the name of the Cluster this binding applies to.\nNote: this field mandatory in v1beta2.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "addons.cluster.x-k8s.io", - "kind": "ClusterResourceSetBinding", - "version": "v1beta1" - } - ] - }, - "addons.cluster.x-k8s.io/v1beta1/ClusterResourceSetBindingList": { - "description": "ClusterResourceSetBindingList is a list of ClusterResourceSetBinding", + "admission.k8s.io/v1/WatchEvent": { + "description": "Event represents a single event to a watched resource.", "namespaced": true, "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterresourcesetbindings. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.addons.v1beta1.ClusterResourceSetBinding" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { + "object": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "addons.cluster.x-k8s.io", - "kind": "ClusterResourceSetBindingList", - "version": "v1beta1" - } - ] - }, - "addons.cluster.x-k8s.io/v1beta1/ClusterResourceSetList": { - "description": "ClusterResourceSetList is a list of ClusterResourceSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterresourcesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.addons.v1beta1.ClusterResourceSet" - }, - "type": "array" + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context." }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": { + "default": "", "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "items" + "type", + "object" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "addons.cluster.x-k8s.io", - "kind": "ClusterResourceSetList", - "version": "v1beta1" + "group": "admission.k8s.io", + "kind": "WatchEvent", + "version": "v1" } ] }, - "admission.k8s.io/v1/DeleteOptions": { + "admissionregistration.k8s.io/v1/DeleteOptions": { "description": "DeleteOptions may be provided when deleting an API object.", "namespaced": true, "properties": { @@ -3578,42 +3273,12 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "admission.k8s.io", + "group": "admissionregistration.k8s.io", "kind": "DeleteOptions", "version": "v1" } ] }, - "admission.k8s.io/v1/WatchEvent": { - "description": "Event represents a single event to a watched resource.", - "namespaced": true, - "properties": { - "object": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - ], - "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context." - }, - "type": { - "default": "", - "type": "string" - } - }, - "required": [ - "type", - "object" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "admission.k8s.io", - "kind": "WatchEvent", - "version": "v1" - } - ] - }, "admissionregistration.k8s.io/v1/MutatingWebhookConfiguration": { "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", "namespaced": false, @@ -6936,6 +6601,17 @@ ], "type": "object" }, + "scaleUp": { + "description": "Configuration of scale up operation", + "properties": { + "newPodScaleUpDelay": { + "description": "Scale up delay for new pods, if omitted defaults to 0 seconds", + "pattern": "([0-9]*(\\.[0-9]*)?[a-z]+)+", + "type": "string" + } + }, + "type": "object" + }, "skipNodesWithLocalStorage": { "description": "Enables/Disables `--skip-nodes-with-local-storage` CA feature flag. If true cluster autoscaler will never delete nodes with pods with local storage, e.g. EmptyDir or HostPath. true by default at autoscaler", "type": "boolean" @@ -7906,7 +7582,7 @@ } ] }, - "cdi.kubevirt.io/v1beta1/CDI": { + "cdi.kubevirt.io/v1alpha1/CDI": { "description": "CDI is the CDI Operator CRD", "namespaced": false, "properties": { @@ -9968,402 +9644,12 @@ { "group": "cdi.kubevirt.io", "kind": "CDI", - "version": "v1beta1" - } - ] - }, - "cdi.kubevirt.io/v1beta1/CDIConfig": { - "description": "CDIConfig provides a user configuration for CDI", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "CDIConfigSpec defines specification for user configuration", - "properties": { - "dataVolumeTTLSeconds": { - "description": "DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.\nDeprecated: Removed in v1.62.", - "format": "int32", - "type": "integer" - }, - "featureGates": { - "description": "FeatureGates are a list of specific enabled feature gates", - "items": { - "type": "string" - }, - "type": "array" - }, - "filesystemOverhead": { - "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A value is between 0 and 1, if not defined it is 0.06 (6% overhead)", - "properties": { - "global": { - "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "storageClass": { - "additionalProperties": { - "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", - "type": "object" - } - }, - "type": "object" - }, - "imagePullSecrets": { - "description": "The imagePullSecrets used to pull the container images", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "importProxy": { - "description": "ImportProxy contains importer pod proxy configuration.", - "properties": { - "HTTPProxy": { - "description": "HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "HTTPSProxy": { - "description": "HTTPSProxy is the URL https://:@: of the import proxy for HTTPS requests. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "noProxy": { - "description": "NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "trustedCAProxy": { - "description": "TrustedCAProxy is the name of a ConfigMap in the cdi namespace that contains a user-provided trusted certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap is consumed by the DataImportCron controller for creating cronjobs, and by the import controller referring a copy of the ConfigMap in the import namespace.\nHere is an example of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem: |\n -----BEGIN CERTIFICATE-----\n\t ... ...\n\t -----END CERTIFICATE-----", - "type": "string" - } - }, - "type": "object" - }, - "insecureRegistries": { - "description": "InsecureRegistries is a list of TLS disabled registries", - "items": { - "type": "string" - }, - "type": "array" - }, - "logVerbosity": { - "description": "LogVerbosity overrides the default verbosity level used to initialize loggers", - "format": "int32", - "type": "integer" - }, - "podResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "scratchSpaceStorageClass": { - "description": "Override the storage class to used for scratch space during transfer operations. The scratch space storage class is determined in the following order: 1. value of scratchSpaceStorageClass, if that doesn't exist, use the default storage class, if there is no default storage class, use the storage class of the DataVolume, if no storage class specified, use no storage class for scratch space", - "type": "string" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n\n minTLSVersion: VersionTLS11\n\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "required": [ - "ciphers", - "minTLSVersion" - ], - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS13\n\n\nNOTE: Currently unsupported.", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - }, - "uploadProxyURLOverride": { - "description": "Override the URL used when uploading to a DataVolume", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "CDIConfigStatus provides the most recently observed status of the CDI Config resource", - "properties": { - "defaultPodResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "filesystemOverhead": { - "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A percentage value is between 0 and 1", - "properties": { - "global": { - "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "storageClass": { - "additionalProperties": { - "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", - "type": "object" - } - }, - "type": "object" - }, - "imagePullSecrets": { - "description": "The imagePullSecrets used to pull the container images", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "importProxy": { - "description": "ImportProxy contains importer pod proxy configuration.", - "properties": { - "HTTPProxy": { - "description": "HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "HTTPSProxy": { - "description": "HTTPSProxy is the URL https://:@: of the import proxy for HTTPS requests. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "noProxy": { - "description": "NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in the import pod env var.", - "type": "string" - }, - "trustedCAProxy": { - "description": "TrustedCAProxy is the name of a ConfigMap in the cdi namespace that contains a user-provided trusted certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap is consumed by the DataImportCron controller for creating cronjobs, and by the import controller referring a copy of the ConfigMap in the import namespace.\nHere is an example of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem: |\n -----BEGIN CERTIFICATE-----\n\t ... ...\n\t -----END CERTIFICATE-----", - "type": "string" - } - }, - "type": "object" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "scratchSpaceStorageClass": { - "description": "The calculated storage class to be used for scratch space", - "type": "string" - }, - "uploadProxyCA": { - "description": "UploadProxyCA is the certificate authority of the upload proxy", - "type": "string" - }, - "uploadProxyURL": { - "description": "The calculated upload proxy URL", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "cdi.kubevirt.io", - "kind": "CDIConfig", - "version": "v1beta1" + "version": "v1alpha1" } ] }, - "cdi.kubevirt.io/v1beta1/CDIConfigList": { - "description": "CDIConfigList is a list of CDIConfig", + "cdi.kubevirt.io/v1alpha1/CDIList": { + "description": "CDIList is a list of CDI", "namespaced": true, "properties": { "apiVersion": { @@ -10371,49 +9657,9 @@ "type": "string" }, "items": { - "description": "List of cdiconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of cdis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.CDIConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "cdi.kubevirt.io", - "kind": "CDIConfigList", - "version": "v1beta1" - } - ] - }, - "cdi.kubevirt.io/v1beta1/CDIList": { - "description": "CDIList is a list of CDI", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of cdis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.CDI" + "$ref": "#/components/schemas/io.kubevirt.cdi.v1alpha1.CDI" }, "type": "array" }, @@ -10438,13 +9684,13 @@ { "group": "cdi.kubevirt.io", "kind": "CDIList", - "version": "v1beta1" + "version": "v1alpha1" } ] }, - "cdi.kubevirt.io/v1beta1/DataImportCron": { - "description": "DataImportCron defines a cron job for recurring polling/importing disk images as PVCs into a golden image namespace", - "namespaced": true, + "cdi.kubevirt.io/v1beta1/CDI": { + "description": "CDI is the CDI Operator CRD", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -10463,728 +9709,1988 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "DataImportCronSpec defines specification for DataImportCron", + "description": "CDISpec defines our specification for the CDI installation", "properties": { - "garbageCollect": { - "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", - "type": "string" - }, - "importsToKeep": { - "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", - "format": "int32", - "type": "integer" - }, - "managedDataSource": { - "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", - "type": "string" - }, - "retentionPolicy": { - "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", - "type": "string" + "certConfig": { + "description": "certificate configuration", + "properties": { + "ca": { + "description": "CA configuration\nCA certs are kept in the CA bundle as long as they are valid", + "properties": { + "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.", + "type": "string" + }, + "renewBefore": { + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.", + "type": "string" + } + }, + "type": "object" + }, + "client": { + "description": "Client configuration\nCerts are rotated and discarded", + "properties": { + "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.", + "type": "string" + }, + "renewBefore": { + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.", + "type": "string" + } + }, + "type": "object" + }, + "server": { + "description": "Server configuration\nCerts are rotated and discarded", + "properties": { + "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.", + "type": "string" + }, + "renewBefore": { + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" }, - "schedule": { - "description": "Schedule specifies in cron format when and how often to look for new imports", + "cloneStrategyOverride": { + "description": "Clone strategy override: should we use a host-assisted copy even if snapshots are available?", + "enum": [ + "copy", + "snapshot", + "csi-clone" + ], "type": "string" }, - "template": { - "description": "Template specifies template for the DVs to be created", + "config": { + "description": "CDIConfig at CDI level", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "dataVolumeTTLSeconds": { + "description": "DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.\nDeprecated: Removed in v1.62.", + "format": "int32", + "type": "integer" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "featureGates": { + "description": "FeatureGates are a list of specific enabled feature gates", + "items": { + "type": "string" + }, + "type": "array" }, - "metadata": { + "filesystemOverhead": { + "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A value is between 0 and 1, if not defined it is 0.06 (6% overhead)", + "properties": { + "global": { + "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "storageClass": { + "additionalProperties": { + "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", + "type": "object" + } + }, "type": "object" }, - "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", + "imagePullSecrets": { + "description": "The imagePullSecrets used to pull the container images", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "importProxy": { + "description": "ImportProxy contains importer pod proxy configuration.", "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "HTTPProxy": { + "description": "HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "HTTPSProxy": { + "description": "HTTPSProxy is the URL https://:@: of the import proxy for HTTPS requests. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "noProxy": { + "description": "NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "trustedCAProxy": { + "description": "TrustedCAProxy is the name of a ConfigMap in the cdi namespace that contains a user-provided trusted certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap is consumed by the DataImportCron controller for creating cronjobs, and by the import controller referring a copy of the ConfigMap in the import namespace.\nHere is an example of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem: |\n -----BEGIN CERTIFICATE-----\n\t ... ...\n\t -----END CERTIFICATE-----", + "type": "string" + } + }, + "type": "object" + }, + "insecureRegistries": { + "description": "InsecureRegistries is a list of TLS disabled registries", + "items": { + "type": "string" + }, + "type": "array" + }, + "logVerbosity": { + "description": "LogVerbosity overrides the default verbosity level used to initialize loggers", + "format": "int32", + "type": "integer" + }, + "podResourceRequirements": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, "required": [ - "current", - "previous" + "name" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "scratchSpaceStorageClass": { + "description": "Override the storage class to used for scratch space during transfer operations. The scratch space storage class is determined in the following order: 1. value of scratchSpaceStorageClass, if that doesn't exist, use the default storage class, if there is no default storage class, use the storage class of the DataVolume, if no storage class specified, use no storage class for scratch space", + "type": "string" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: VersionTLS11", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n\n minTLSVersion: VersionTLS11\n\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "required": [ + "ciphers", + "minTLSVersion" ], - "type": "string" + "type": "object" }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" + "modern": { + "description": "modern is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS13\n\n\nNOTE: Currently unsupported.", + "nullable": true, + "type": "object" }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "old": { + "description": "old is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], "type": "string" + } + }, + "type": "object" + }, + "uploadProxyURLOverride": { + "description": "Override the URL used when uploading to a DataVolume", + "type": "string" + } + }, + "type": "object" + }, + "customizeComponents": { + "description": "CustomizeComponents defines patches for components deployed by the CDI operator.", + "properties": { + "flags": { + "description": "Configure the value used for deployment and daemonset resources", + "properties": { + "api": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "pvc": { - "description": "PVC is the PVC specification", + "controller": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "uploadProxy": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "patches": { + "items": { + "description": "CustomizeComponentsPatch defines a patch for some resource.", + "properties": { + "patch": { + "type": "string" + }, + "resourceName": { + "minLength": 1, + "type": "string" + }, + "resourceType": { + "minLength": 1, + "type": "string" + }, + "type": { + "description": "PatchType defines the patch type.", + "type": "string" + } + }, + "required": [ + "patch", + "resourceName", + "resourceType", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "type": "string" + }, + "infra": { + "description": "Selectors and tolerations that should apply to cdi infrastructure components", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "type": "string" + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "kind", - "name" + "nodeSelectorTerms" ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } + }, + "required": [ + "topologyKey" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", - "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { "type": "string" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "extraArgs": { - "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } + } + }, + "type": "object" + }, + "apiServerReplicas": { + "description": "ApiserverReplicas set Replicas for cdi-apiserver", + "format": "int32", + "type": "integer" + }, + "deploymentReplicas": { + "description": "DeploymentReplicas set Replicas for cdi-deployment", + "format": "int32", + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" }, - "required": [ - "kind", - "name" - ], - "type": "object" + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "storage": { - "description": "Storage is the requested storage specification", + "type": "object" + }, + "type": "array" + }, + "uploadProxyReplicas": { + "description": "UploadproxyReplicas set Replicas for cdi-uploadproxy", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "priorityClass": { + "description": "PriorityClass of the CDI control plane", + "type": "string" + }, + "uninstallStrategy": { + "description": "CDIUninstallStrategy defines the state to leave CDI on uninstall", + "enum": [ + "RemoveWorkloads", + "BlockUninstallIfWorkloadsExist" + ], + "type": "string" + }, + "workload": { + "description": "Restrict on which nodes CDI workload pods will be scheduled", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "required": [ + "preference", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "selector": { - "description": "A label query over volumes to consider for binding.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "matchFields": { + "description": "A list of node selector requirements by node's fields.", "items": { - "type": "string" + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, + "required": [ + "nodeSelectorTerms" + ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" } }, "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeStatus contains the current status of the DataVolume", - "properties": { - "claimName": { - "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", - "type": "string" }, - "conditions": { - "items": { - "description": "DataVolumeCondition represents the state of a data volume condition.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": { - "description": "DataVolumeConditionType is the string representation of known condition types", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "phase": { - "description": "Phase is the current phase of the data volume", - "type": "string" - }, - "progress": { - "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", - "type": "string" - }, - "restartCount": { - "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object" } }, - "required": [ - "managedDataSource", - "schedule", - "template" - ], "type": "object" }, "status": { - "description": "DataImportCronStatus provides the most recently observed status of the DataImportCron", + "description": "CDIStatus defines the status of the installation", "properties": { "conditions": { + "description": "A list of current conditions of the resource", "items": { - "description": "DataImportCronCondition represents the state of a data import cron condition", + "description": "Condition represents the state of the operator's\nreconciliation functionality.", "properties": { "lastHeartbeatTime": { "format": "date-time", @@ -11204,7 +11710,7 @@ "type": "string" }, "type": { - "description": "DataImportCronConditionType is the string representation of known condition types", + "description": "ConditionType is the state of the operator's reconciliation functionality.", "type": "string" } }, @@ -11216,58 +11722,20 @@ }, "type": "array" }, - "currentImports": { - "description": "CurrentImports are the imports in progress. Currently only a single import is supported.", - "items": { - "description": "ImportStatus of a currently in progress import", - "properties": { - "DataVolumeName": { - "description": "DataVolumeName is the currently in progress import DataVolume", - "type": "string" - }, - "Digest": { - "description": "Digest of the currently imported image", - "type": "string" - } - }, - "required": [ - "DataVolumeName", - "Digest" - ], - "type": "object" - }, - "type": "array" - }, - "lastExecutionTimestamp": { - "description": "LastExecutionTimestamp is the time of the last polling", - "format": "date-time", + "observedVersion": { + "description": "The observed version of the resource", "type": "string" }, - "lastImportTimestamp": { - "description": "LastImportTimestamp is the time of the last import", - "format": "date-time", + "operatorVersion": { + "description": "The version of the resource as defined by the operator", "type": "string" }, - "lastImportedPVC": { - "description": "LastImportedPVC is the last imported PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "phase": { + "description": "Phase is the current phase of the deployment", + "type": "string" }, - "sourceFormat": { - "description": "SourceFormat defines the format of the DataImportCron-created disk image sources", + "targetVersion": { + "description": "The desired version of the resource", "type": "string" } }, @@ -11281,54 +11749,14 @@ "x-kubernetes-group-version-kind": [ { "group": "cdi.kubevirt.io", - "kind": "DataImportCron", - "version": "v1beta1" - } - ] - }, - "cdi.kubevirt.io/v1beta1/DataImportCronList": { - "description": "DataImportCronList is a list of DataImportCron", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of dataimportcrons. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.DataImportCron" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "cdi.kubevirt.io", - "kind": "DataImportCronList", + "kind": "CDI", "version": "v1beta1" } ] }, - "cdi.kubevirt.io/v1beta1/DataSource": { - "description": "DataSource references an import/clone source for a DataVolume", - "namespaced": true, + "cdi.kubevirt.io/v1beta1/CDIConfig": { + "description": "CDIConfig provides a user configuration for CDI", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -11347,170 +11775,358 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "DataSourceSpec defines specification for DataSource", + "description": "CDIConfigSpec defines specification for user configuration", "properties": { - "source": { - "description": "Source is the source of the data referenced by the DataSource", + "dataVolumeTTLSeconds": { + "description": "DataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. Disabled by default.\nDeprecated: Removed in v1.62.", + "format": "int32", + "type": "integer" + }, + "featureGates": { + "description": "FeatureGates are a list of specific enabled feature gates", + "items": { + "type": "string" + }, + "type": "array" + }, + "filesystemOverhead": { + "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A value is between 0 and 1, if not defined it is 0.06 (6% overhead)", "properties": { - "dataSource": { - "description": "DataSourceRefSourceDataSource serves as a reference to another DataSource\nCan be resolved into a DataVolumeSourcePVC or a DataVolumeSourceSnapshot\nThe maximum depth of a reference chain may not exceed 1.", - "properties": { - "name": { - "description": "The name of the source DataSource", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source DataSource", - "type": "string" - } + "global": { + "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "storageClass": { + "additionalProperties": { + "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" }, - "required": [ - "name", - "namespace" - ], + "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", "type": "object" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "description": "The imagePullSecrets used to pull the container images", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", + "type": "string" + } }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "importProxy": { + "description": "ImportProxy contains importer pod proxy configuration.", + "properties": { + "HTTPProxy": { + "description": "HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "HTTPSProxy": { + "description": "HTTPSProxy is the URL https://:@: of the import proxy for HTTPS requests. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "noProxy": { + "description": "NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "trustedCAProxy": { + "description": "TrustedCAProxy is the name of a ConfigMap in the cdi namespace that contains a user-provided trusted certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap is consumed by the DataImportCron controller for creating cronjobs, and by the import controller referring a copy of the ConfigMap in the import namespace.\nHere is an example of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem: |\n -----BEGIN CERTIFICATE-----\n\t ... ...\n\t -----END CERTIFICATE-----", + "type": "string" + } + }, + "type": "object" + }, + "insecureRegistries": { + "description": "InsecureRegistries is a list of TLS disabled registries", + "items": { + "type": "string" + }, + "type": "array" + }, + "logVerbosity": { + "description": "LogVerbosity overrides the default verbosity level used to initialize loggers", + "format": "int32", + "type": "integer" + }, + "podResourceRequirements": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + } }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } + "required": [ + "name" + ], + "type": "object" }, - "required": [ - "name", - "namespace" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "scratchSpaceStorageClass": { + "description": "Override the storage class to used for scratch space during transfer operations. The scratch space storage class is determined in the following order: 1. value of scratchSpaceStorageClass, if that doesn't exist, use the default storage class, if there is no default storage class, use the storage class of the DataVolume, if no storage class specified, use no storage class for scratch space", + "type": "string" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: VersionTLS11", + "nullable": true, "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array" }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n\n minTLSVersion: VersionTLS11\n\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], "type": "string" } }, "required": [ - "name", - "namespace" + "ciphers", + "minTLSVersion" ], "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS13\n\n\nNOTE: Currently unsupported.", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\n\nand looks like this (yaml):\n\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" } }, "type": "object" + }, + "uploadProxyURLOverride": { + "description": "Override the URL used when uploading to a DataVolume", + "type": "string" } }, - "required": [ - "source" - ], "type": "object" }, "status": { - "description": "DataSourceStatus provides the most recently observed status of the DataSource", + "description": "CDIConfigStatus provides the most recently observed status of the CDI Config resource", "properties": { - "conditions": { - "items": { - "description": "DataSourceCondition represents the state of a data source condition", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" + "defaultPodResourceRequirements": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "message": { - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "reason": { - "type": "string" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "status": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "filesystemOverhead": { + "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes. A percentage value is between 0 and 1", + "properties": { + "global": { + "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "storageClass": { + "additionalProperties": { + "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", "type": "string" }, - "type": { - "description": "DataSourceConditionType is the string representation of known condition types", + "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", + "type": "object" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "description": "The imagePullSecrets used to pull the container images", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, - "source": { - "description": "Source is the current source of the data referenced by the DataSource", + "importProxy": { + "description": "ImportProxy contains importer pod proxy configuration.", "properties": { - "dataSource": { - "description": "DataSourceRefSourceDataSource serves as a reference to another DataSource\nCan be resolved into a DataVolumeSourcePVC or a DataVolumeSourceSnapshot\nThe maximum depth of a reference chain may not exceed 1.", - "properties": { - "name": { - "description": "The name of the source DataSource", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source DataSource", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "HTTPProxy": { + "description": "HTTPProxy is the URL http://:@: of the import proxy for HTTP requests. Empty means unset and will not result in the import pod env var.", + "type": "string" }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "HTTPSProxy": { + "description": "HTTPSProxy is the URL https://:@: of the import proxy for HTTPS requests. Empty means unset and will not result in the import pod env var.", + "type": "string" }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "noProxy": { + "description": "NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in the import pod env var.", + "type": "string" + }, + "trustedCAProxy": { + "description": "TrustedCAProxy is the name of a ConfigMap in the cdi namespace that contains a user-provided trusted certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap is consumed by the DataImportCron controller for creating cronjobs, and by the import controller referring a copy of the ConfigMap in the import namespace.\nHere is an example of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem: |\n -----BEGIN CERTIFICATE-----\n\t ... ...\n\t -----END CERTIFICATE-----", + "type": "string" } }, "type": "object" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "scratchSpaceStorageClass": { + "description": "The calculated storage class to be used for scratch space", + "type": "string" + }, + "uploadProxyCA": { + "description": "UploadProxyCA is the certificate authority of the upload proxy", + "type": "string" + }, + "uploadProxyURL": { + "description": "The calculated upload proxy URL", + "type": "string" } }, "type": "object" @@ -11523,13 +12139,13 @@ "x-kubernetes-group-version-kind": [ { "group": "cdi.kubevirt.io", - "kind": "DataSource", + "kind": "CDIConfig", "version": "v1beta1" } ] }, - "cdi.kubevirt.io/v1beta1/DataSourceList": { - "description": "DataSourceList is a list of DataSource", + "cdi.kubevirt.io/v1beta1/CDIConfigList": { + "description": "CDIConfigList is a list of CDIConfig", "namespaced": true, "properties": { "apiVersion": { @@ -11537,9 +12153,9 @@ "type": "string" }, "items": { - "description": "List of datasources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of cdiconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.DataSource" + "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.CDIConfig" }, "type": "array" }, @@ -11563,21 +12179,61 @@ "x-kubernetes-group-version-kind": [ { "group": "cdi.kubevirt.io", - "kind": "DataSourceList", + "kind": "CDIConfigList", "version": "v1beta1" } ] }, - "cdi.kubevirt.io/v1beta1/DataVolume": { - "description": "DataVolume is an abstraction on top of PersistentVolumeClaims to allow easy population of those PersistentVolumeClaims with relation to VirtualMachines", + "cdi.kubevirt.io/v1beta1/CDIList": { + "description": "CDIList is a list of CDI", "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "items": { + "description": "List of cdis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.CDI" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "cdi.kubevirt.io", + "kind": "CDIList", + "version": "v1beta1" + } + ] + }, + "cdi.kubevirt.io/v1beta1/DataImportCron": { + "description": "DataImportCron defines a cron job for recurring polling/importing disk images as PVCs into a golden image namespace", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -11589,395 +12245,1521 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", + "description": "DataImportCronSpec defines specification for DataImportCron", "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" - } - }, - "required": [ - "current", - "previous" - ], - "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], + "garbageCollect": { + "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", "type": "string" }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" + "importsToKeep": { + "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", + "format": "int32", + "type": "integer" }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" + "managedDataSource": { + "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", + "type": "string" }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "retentionPolicy": { + "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", "type": "string" }, - "pvc": { - "description": "PVC is the PVC specification", + "schedule": { + "description": "Schedule specifies in cron format when and how often to look for new imports", + "type": "string" + }, + "template": { + "description": "Template specifies template for the DVs to be created", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, + "metadata": { "type": "object" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "current", + "previous" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, "type": "array" }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], "type": "string" }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", "type": "string" }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", + "pvc": { + "description": "PVC is the PVC specification", "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "type": "object" }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" } }, "type": "object" }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "status": { + "description": "DataVolumeStatus contains the current status of the DataVolume", "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "claimName": { + "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", "type": "string" }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" + "conditions": { + "items": { + "description": "DataVolumeCondition represents the state of a data volume condition.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataVolumeConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", + "phase": { + "description": "Phase is the current phase of the data volume", "type": "string" }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", + "progress": { + "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", "type": "string" + }, + "restartCount": { + "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", + "format": "int32", + "type": "integer" } }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", "type": "object" - }, - "vddk": { + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "required": [ + "managedDataSource", + "schedule", + "template" + ], + "type": "object" + }, + "status": { + "description": "DataImportCronStatus provides the most recently observed status of the DataImportCron", + "properties": { + "conditions": { + "items": { + "description": "DataImportCronCondition represents the state of a data import cron condition", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataImportCronConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "currentImports": { + "description": "CurrentImports are the imports in progress. Currently only a single import is supported.", + "items": { + "description": "ImportStatus of a currently in progress import", + "properties": { + "DataVolumeName": { + "description": "DataVolumeName is the currently in progress import DataVolume", + "type": "string" + }, + "Digest": { + "description": "Digest of the currently imported image", + "type": "string" + } + }, + "required": [ + "DataVolumeName", + "Digest" + ], + "type": "object" + }, + "type": "array" + }, + "lastExecutionTimestamp": { + "description": "LastExecutionTimestamp is the time of the last polling", + "format": "date-time", + "type": "string" + }, + "lastImportTimestamp": { + "description": "LastImportTimestamp is the time of the last import", + "format": "date-time", + "type": "string" + }, + "lastImportedPVC": { + "description": "LastImportedPVC is the last imported PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "sourceFormat": { + "description": "SourceFormat defines the format of the DataImportCron-created disk image sources", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "cdi.kubevirt.io", + "kind": "DataImportCron", + "version": "v1beta1" + } + ] + }, + "cdi.kubevirt.io/v1beta1/DataImportCronList": { + "description": "DataImportCronList is a list of DataImportCron", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of dataimportcrons. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.DataImportCron" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "cdi.kubevirt.io", + "kind": "DataImportCronList", + "version": "v1beta1" + } + ] + }, + "cdi.kubevirt.io/v1beta1/DataSource": { + "description": "DataSource references an import/clone source for a DataVolume", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "DataSourceSpec defines specification for DataSource", + "properties": { + "source": { + "description": "Source is the source of the data referenced by the DataSource", + "properties": { + "dataSource": { + "description": "DataSourceRefSourceDataSource serves as a reference to another DataSource\nCan be resolved into a DataVolumeSourcePVC or a DataVolumeSourceSnapshot\nThe maximum depth of a reference chain may not exceed 1.", + "properties": { + "name": { + "description": "The name of the source DataSource", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source DataSource", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "status": { + "description": "DataSourceStatus provides the most recently observed status of the DataSource", + "properties": { + "conditions": { + "items": { + "description": "DataSourceCondition represents the state of a data source condition", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataSourceConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "source": { + "description": "Source is the current source of the data referenced by the DataSource", + "properties": { + "dataSource": { + "description": "DataSourceRefSourceDataSource serves as a reference to another DataSource\nCan be resolved into a DataVolumeSourcePVC or a DataVolumeSourceSnapshot\nThe maximum depth of a reference chain may not exceed 1.", + "properties": { + "name": { + "description": "The name of the source DataSource", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source DataSource", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "cdi.kubevirt.io", + "kind": "DataSource", + "version": "v1beta1" + } + ] + }, + "cdi.kubevirt.io/v1beta1/DataSourceList": { + "description": "DataSourceList is a list of DataSource", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of datasources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.cdi.v1beta1.DataSource" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "cdi.kubevirt.io", + "kind": "DataSourceList", + "version": "v1beta1" + } + ] + }, + "cdi.kubevirt.io/v1beta1/DataVolume": { + "description": "DataVolume is an abstraction on top of PersistentVolumeClaims to allow easy population of those PersistentVolumeClaims with relation to VirtualMachines", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } + }, + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", "properties": { "backingFile": { @@ -13224,6 +15006,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -13232,6 +15015,10 @@ "erasureCoded": { "properties": { "algorithm": { + "enum": [ + "isa", + "jerasure" + ], "type": "string" }, "codingChunks": { @@ -13401,6 +15188,23 @@ }, "status": { "properties": { + "cephx": { + "properties": { + "peerToken": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, "conditions": { "items": { "properties": { @@ -17962,6 +19766,31 @@ } }, "type": "object" + }, + "rbdMirrorPeer": { + "properties": { + "keyGeneration": { + "format": "int32", + "maximum": 4294967295, + "minimum": 0, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "keyGeneration cannot be decreased", + "rule": "self >= oldSelf" + } + ] + }, + "keyRotationPolicy": { + "enum": [ + "", + "Disabled", + "KeyGeneration" + ], + "type": "string" + } + }, + "type": "object" } }, "type": "object" @@ -20460,6 +22289,18 @@ }, "cephx": { "properties": { + "admin": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "cephExporter": { "properties": { "keyCephVersion": { @@ -20511,6 +22352,18 @@ }, "type": "object" }, + "mon": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "osd": { "properties": { "keyCephVersion": { @@ -20740,6 +22593,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -20748,6 +22602,10 @@ "erasureCoded": { "properties": { "algorithm": { + "enum": [ + "isa", + "jerasure" + ], "type": "string" }, "codingChunks": { @@ -20939,6 +22797,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -20947,6 +22806,10 @@ "erasureCoded": { "properties": { "algorithm": { + "enum": [ + "isa", + "jerasure" + ], "type": "string" }, "codingChunks": { @@ -23414,6 +25277,23 @@ }, "status": { "properties": { + "cephx": { + "properties": { + "daemon": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, "conditions": { "items": { "properties": { @@ -26279,6 +28159,23 @@ }, "status": { "properties": { + "cephx": { + "properties": { + "daemon": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, "conditions": { "items": { "properties": { @@ -26395,6 +28292,9 @@ "spec": { "nullable": true, "properties": { + "defaultRealm": { + "type": "boolean" + }, "pull": { "properties": { "endpoint": { @@ -26594,6 +28494,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -26602,6 +28503,10 @@ "erasureCoded": { "properties": { "algorithm": { + "enum": [ + "isa", + "jerasure" + ], "type": "string" }, "codingChunks": { @@ -26761,6 +28666,9 @@ }, "type": "object" }, + "defaultRealm": { + "type": "boolean" + }, "gateway": { "nullable": true, "properties": { @@ -28485,6 +30393,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -28493,6 +30402,10 @@ "erasureCoded": { "properties": { "algorithm": { + "enum": [ + "isa", + "jerasure" + ], "type": "string" }, "codingChunks": { @@ -28855,7 +30768,13 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "defaultRealm must not be true when zone.name is set (multisite configuration)", + "rule": "!(has(self.defaultRealm) && self.defaultRealm == true && has(self.zone) && size(self.zone.name) > 0)" + } + ] }, "status": { "properties": { @@ -29407,6 +31326,7 @@ "type": "string" }, "enableCrushUpdates": { + "nullable": true, "type": "boolean" }, "enableRBDStats": { @@ -29415,201 +31335,210 @@ "erasureCoded": { "properties": { "algorithm": { - "type": "string" - }, - "codingChunks": { - "minimum": 0, - "type": "integer" - }, - "dataChunks": { - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "codingChunks", - "dataChunks" - ], - "type": "object" - }, - "failureDomain": { - "type": "string" - }, - "mirroring": { - "properties": { - "enabled": { - "type": "boolean" - }, - "mode": { "enum": [ - "pool", - "image", - "init-only" + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "type": "string" + }, + "mirroring": { + "properties": { + "enabled": { + "type": "boolean" + }, + "mode": { + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "nullable": true, + "properties": { + "secretNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "items": { + "properties": { + "interval": { + "type": "string" + }, + "path": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "nullable": true, + "properties": { + "maxBytes": { + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "format": "int64", + "type": "integer" + }, + "maxSize": { + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "properties": { + "hybridStorage": { + "nullable": true, + "properties": { + "primaryDeviceClass": { + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" + }, + "replicasPerFailureDomain": { + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "type": "boolean" + }, + "size": { + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "type": "string" + }, + "targetSizeRatio": { + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" + }, + "statusCheck": { + "properties": { + "mirror": { + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "metadataPool": { + "nullable": true, + "properties": { + "application": { + "type": "string" + }, + "compressionMode": { + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "nullable": true, + "type": "string" + }, + "deviceClass": { + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "type": "boolean" + }, + "erasureCoded": { + "properties": { + "algorithm": { + "enum": [ + "isa", + "jerasure" ], "type": "string" }, - "peers": { - "nullable": true, - "properties": { - "secretNames": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "items": { - "properties": { - "interval": { - "type": "string" - }, - "path": { - "type": "string" - }, - "startTime": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "nullable": true, - "properties": { - "maxBytes": { - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "format": "int64", - "type": "integer" - }, - "maxSize": { - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "properties": { - "hybridStorage": { - "nullable": true, - "properties": { - "primaryDeviceClass": { - "minLength": 1, - "type": "string" - }, - "secondaryDeviceClass": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], - "type": "object" - }, - "replicasPerFailureDomain": { - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "type": "boolean" - }, - "size": { - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "type": "string" - }, - "targetSizeRatio": { - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "properties": { - "mirror": { - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "metadataPool": { - "nullable": true, - "properties": { - "application": { - "type": "string" - }, - "compressionMode": { - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "nullable": true, - "type": "string" - }, - "deviceClass": { - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "type": "boolean" - }, - "enableRBDStats": { - "type": "boolean" - }, - "erasureCoded": { - "properties": { - "algorithm": { - "type": "string" - }, "codingChunks": { "minimum": 0, "type": "integer" @@ -30948,6 +32877,23 @@ }, "status": { "properties": { + "cephx": { + "properties": { + "daemon": { + "properties": { + "keyCephVersion": { + "type": "string" + }, + "keyGeneration": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, "conditions": { "items": { "properties": { @@ -31994,9 +33940,140 @@ } ] }, - "cluster.x-k8s.io/v1beta1/ClusterClass": { - "description": "ClusterClass is a template which can be used to create managed topologies.", - "namespaced": true, + "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.build.v1.BuildConfigStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.build.v1.BuildStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.build.v1.BuildStatusOutput": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.build.v1.BuildStatusOutputTo": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.image.v1.ImageImportStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.image.v1.ImageStreamImportStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.image.v1.ImageStreamStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.image.v1.RepositoryImportStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.project.v1.ProjectStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.route.v1.RouteSpec": { + "properties": { + "alternateBackends": { + "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", + "items": { + "type": "object" + }, + "type": "array" + }, + "host": { + "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", + "type": "string" + }, + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.", + "type": "object" + }, + "path": { + "description": "path that the router watches for, to route traffic for to the service. Optional.", + "type": "string" + }, + "port": { + "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", + "type": "object" + }, + "subdomain": { + "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission. Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", + "type": "string" + }, + "tls": { + "description": "The tls field provides the ability to configure certificates and termination for the route.", + "type": "object" + }, + "to": { + "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", + "type": "object" + }, + "wildcardPolicy": { + "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "type": "string" + } + }, + "required": [ + "to" + ], + "type": "object" + }, + "com.github.openshift.api.route.v1.RouteStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.openshift.api.template.v1.TemplateInstanceStatus": { + "additionalProperties": true, + "type": "object" + }, + "com.github.operator-framework.api.pkg.operators.v1alpha1.StatusDescriptor": { + "additionalProperties": true, + "type": "object" + }, + "com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestStatus": { + "additionalProperties": true, + "type": "object" + }, + "config.openshift.io/v1/APIServer": { + "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains)\nshared by all API servers in the system, among them especially kube-apiserver\nand openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -32015,1594 +34092,880 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "ClusterClassSpec describes the desired state of the ClusterClass.", + "description": "spec holds user settable values for configuration", "properties": { - "controlPlane": { - "description": "controlPlane is a reference to a local struct that holds the details\nfor provisioning the Control Plane for the Cluster.", + "additionalCORSAllowedOrigins": { + "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the\nAPI server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth\nserver from JavaScript applications.\nThe values are regular expressions that correspond to the Golang regular expression language.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "audit": { + "default": { + "profile": "Default" + }, + "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided\nAPI servers in the cluster.", "properties": { - "machineHealthCheck": { - "description": "machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass.\nThis field is supported if and only if the ControlPlane provider template\nreferenced above is Machine based and supports setting replicas.", - "properties": { - "maxUnhealthy": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy.", - "x-kubernetes-int-or-string": true - }, - "nodeStartupTimeout": { - "description": "nodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure ready condition timestamp (if and when available)\n- Control Plane's initialized condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0.", - "type": "string" + "customRules": { + "description": "customRules specify profiles per group. These profile take precedence over the\ntop-level profile field if they apply. They are evaluation from top to bottom and\nthe first one that matches, applies.", + "items": { + "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over\nthe top-level profile.", + "properties": { + "group": { + "description": "group is a name of group a request user must be member of in order to this profile to apply.", + "minLength": 1, + "type": "string" + }, + "profile": { + "description": "profile specifies the name of the desired audit policy configuration to be deployed to\nall OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided:\n- Default: the existing default policy.\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for\nwrite requests (create, update, patch).\n- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response\nHTTP payloads for read requests (get, list).\n- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", + "enum": [ + "Default", + "WriteRequestBodies", + "AllRequestBodies", + "None" + ], + "type": "string" + } }, - "remediationTemplate": { - "description": "remediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "required": [ + "group", + "profile" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group" + ], + "x-kubernetes-list-type": "map" + }, + "profile": { + "default": "Default", + "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests\nsent to any of the OpenShift-provided API servers in the cluster (kube-apiserver,\nopenshift-apiserver and oauth-apiserver), with the exception of those requests that match\none or more of the customRules.\n\nThe following profiles are provided:\n- Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for\nwrite requests (create, update, patch).\n- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response\nHTTP payloads for read requests (get, list).\n- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you\nare fully aware of the risks of not logging data that can be beneficial when troubleshooting issues.\nIf you disable audit logging and a support situation arises, you might need to enable audit logging\nand reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "enum": [ + "Default", + "WriteRequestBodies", + "AllRequestBodies", + "None" + ], + "type": "string" + } + }, + "type": "object" + }, + "clientCA": { + "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for\nincoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.\nYou usually only have to set this if you have your own PKI you wish to honor client certificates from.\nThe ConfigMap must exist in the openshift-config namespace and contain the following required fields:\n- ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "encryption": { + "description": "encryption allows the configuration of encryption of resources at the datastore layer.", + "properties": { + "type": { + "description": "type defines what encryption type should be used to encrypt resources at the datastore layer.\nWhen this field is unset (i.e. when it is set to the empty string), identity is implied.\nThe behavior of unset can and will change over time. Even if encryption is enabled by default,\nthe meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted.\nThis list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", + "enum": [ + "", + "identity", + "aescbc", + "aesgcm" + ], + "type": "string" + } + }, + "type": "object" + }, + "servingCerts": { + "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates\nwill be used for serving secure traffic.", + "properties": { + "namedCertificates": { + "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.\nIf no named certificates are provided, or no named certificates match the server name as understood by a client,\nthe defaultServingCertificate will be used.", + "items": { + "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", + "properties": { + "names": { + "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to\nserve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.\nExact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", + "items": { "type": "string" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "maxItems": 64, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "unhealthyConditions": { - "description": "unhealthyConditions contains a list of the conditions that determine\nwhether a node is considered unhealthy. The conditions are combined in a\nlogical OR, i.e. if any of the conditions is met, the node is unhealthy.", - "items": { - "description": "UnhealthyCondition represents a Node condition type and value with a timeout\nspecified as a duration. When the named condition has been in the given\nstatus for at least the timeout value, a node is considered unhealthy.", + "servingCertificate": { + "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.\nThe secret must exist in the openshift-config namespace and contain the following required fields:\n- Secret.Data[\"tls.key\"] - TLS private key.\n- Secret.Data[\"tls.crt\"] - TLS certificate.", "properties": { - "status": { - "minLength": 1, - "type": "string" - }, - "timeout": { - "type": "string" - }, - "type": { - "minLength": 1, + "name": { + "description": "name is the metadata.name of the referenced secret", "type": "string" } }, "required": [ - "status", - "timeout", - "type" + "name" ], "type": "object" - }, - "type": "array" + } }, - "unhealthyRange": { - "description": "Any further remediation is only allowed if the number of machines selected by \"selector\" as not healthy\nis within the range of \"UnhealthyRange\". Takes precedence over MaxUnhealthy.\nEg. \"[3-5]\" - This means that remediation will be allowed only when:\n(a) there are at least 3 unhealthy machines (and)\n(b) there are at most 5 unhealthy machines", - "pattern": "^\\[[0-9]+-[0-9]+\\]$", - "type": "string" - } - }, - "type": "object" - }, - "machineInfrastructure": { - "description": "machineInfrastructure defines the metadata and infrastructure information\nfor control plane machines.\n\nThis field is supported if and only if the control plane provider template\nreferenced above is Machine based and supports setting replicas.", - "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "object" }, - "required": [ - "ref" - ], - "type": "object" - }, - "metadata": { - "description": "metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane\nif the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the\nControlPlane.\nAt runtime this metadata is merged with the corresponding metadata from the topology.\n\nThis field is supported if and only if the control plane provider template\nreferenced is Machine based.", + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old,\nIntermediate and Custom profiles are currently supported, and the maximum available\nminTLSVersion is VersionTLS12.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, "properties": { - "annotations": { - "additionalProperties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { "type": "string" }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" } }, "type": "object" }, - "namingStrategy": { - "description": "namingStrategy allows changing the naming pattern used when creating the control plane provider object.", - "properties": { - "template": { - "description": "template defines the template to use for generating the name of the ControlPlane object.\nIf not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`.\nIf the templated string exceeds 63 characters, it will be trimmed to 58 characters and will\nget concatenated with a random suffix of length 5.\nThe templating mechanism provides the following arguments:\n* `.cluster.name`: The name of the cluster object.\n* `.random`: A random alphanumeric string, without vowels, of length 5.", - "type": "string" - } - }, + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, "type": "object" }, - "nodeDeletionTimeout": { - "description": "nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine\nhosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.\nDefaults to 10 seconds.\nNOTE: This value can be overridden while defining a Cluster.Topology.", - "type": "string" + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, + "type": "object" }, - "nodeDrainTimeout": { - "description": "nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: NodeDrainTimeout is different from `kubectl drain --timeout`\nNOTE: This value can be overridden while defining a Cluster.Topology.", - "type": "string" + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" }, - "nodeVolumeDetachTimeout": { - "description": "nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.\nNOTE: This value can be overridden while defining a Cluster.Topology.", + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], "type": "string" - }, - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" } }, - "required": [ - "ref" - ], "type": "object" - }, - "infrastructure": { - "description": "infrastructure is a reference to a provider-specific template that holds\nthe details for provisioning infrastructure specific cluster\nfor the underlying provider.\nThe underlying provider is responsible for the implementation\nof the template to an infrastructure cluster.", + } + }, + "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "APIServer", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/APIServerList": { + "description": "APIServerList is a list of APIServer", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of apiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.config.v1.APIServer" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "APIServerList", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/Authentication": { + "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and\nwebhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "properties": { + "oauthMetadata": { + "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0\nAuthorization Server Metadata for an external OAuth server.\nThis discovery document can be viewed from its served location:\noc get --raw '/.well-known/oauth-authorization-server'\nFor further details, see the IETF Draft:\nhttps://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2\nIf oauthMetadata.name is non-empty, this value has precedence\nover any metadata reference stored in status.\nThe key \"oauthMetadata\" is used to locate the data.\nIf specified and the config map or expected key is not found, no metadata is served.\nIf the specified metadata is not valid, no metadata is served.\nThe namespace for this config map is openshift-config.", "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" } }, "required": [ - "ref" + "name" ], "type": "object" }, - "patches": { - "description": "patches defines the patches which are applied to customize\nreferenced templates of a ClusterClass.\nNote: Patches will be applied in the order of the array.", + "oidcProviders": { + "description": "oidcProviders are OIDC identity providers that can issue tokens\nfor this cluster\nCan only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", "items": { - "description": "ClusterClassPatch defines a patch which is applied to customize the referenced templates.", "properties": { - "definitions": { - "description": "definitions define inline patches.\nNote: Patches will be applied in the order of the array.\nNote: Exactly one of Definitions or External must be set.", - "items": { - "description": "PatchDefinition defines a patch which is applied to customize the referenced templates.", - "properties": { - "jsonPatches": { - "description": "jsonPatches defines the patches which should be applied on the templates\nmatching the selector.\nNote: Patches will be applied in the order of the array.", - "items": { - "description": "JSONPatch defines a JSON patch.", + "claimMappings": { + "description": "claimMappings is a required field that configures the rules to be used by\nthe Kubernetes API server for translating claims in a JWT token, issued\nby the identity provider, to a cluster identity.", + "properties": { + "extra": { + "description": "extra is an optional field for configuring the mappings\nused to construct the extra attribute for the cluster identity.\nWhen omitted, no extra attributes will be present on the cluster identity.\nkey values for extra mappings must be unique.\nA maximum of 32 extra attribute mappings may be provided.", + "items": { + "description": "ExtraMapping allows specifying a key and CEL expression\nto evaluate the keys' value. It is used to create additional\nmappings and attributes added to a cluster identity from\na provided authentication token.", + "properties": { + "key": { + "description": "key is a required field that specifies the string\nto use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo').\nkey must not exceed 510 characters in length.\nkey must contain the '/' character, separating the domain and path characters.\nkey must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain.\nIt must not exceed 253 characters in length.\nIt must start and end with an alphanumeric character.\nIt must only contain lower case alphanumeric characters and '-' or '.'.\nIt must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one\nalphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'.\nIt must not exceed 256 characters in length.", + "maxLength": 510, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "key must contain the '/' character", + "rule": "self.contains('/')" + }, + { + "message": "the domain of the key must consist of only lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character", + "rule": "self.split('/', 2)[0].matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + }, + { + "message": "the domain of the key must not exceed 253 characters in length", + "rule": "self.split('/', 2)[0].size() <= 253" + }, + { + "message": "the domain 'kubernetes.io' is reserved for Kubernetes use", + "rule": "self.split('/', 2)[0] != 'kubernetes.io'" + }, + { + "message": "the subdomains '*.kubernetes.io' are reserved for Kubernetes use", + "rule": "!self.split('/', 2)[0].endsWith('.kubernetes.io')" + }, + { + "message": "the domain 'k8s.io' is reserved for Kubernetes use", + "rule": "self.split('/', 2)[0] != 'k8s.io'" + }, + { + "message": "the subdomains '*.k8s.io' are reserved for Kubernetes use", + "rule": "!self.split('/', 2)[0].endsWith('.k8s.io')" + }, + { + "message": "the domain 'openshift.io' is reserved for OpenShift use", + "rule": "self.split('/', 2)[0] != 'openshift.io'" + }, + { + "message": "the subdomains '*.openshift.io' are reserved for OpenShift use", + "rule": "!self.split('/', 2)[0].endsWith('.openshift.io')" + }, + { + "message": "the path of the key must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, apostrophe, '-', '.', '_', '~', '!', '$', '&', '(', ')', '*', '+', ',', ';', '=', and ':'", + "rule": "self.split('/', 2)[1].matches('[A-Za-z0-9/\\\\-._~%!$&\\'()*+;=:]+')" + }, + { + "message": "the path of the key must not exceed 256 characters in length", + "rule": "self.split('/', 2)[1].size() <= 256" + } + ] + }, + "valueExpression": { + "description": "valueExpression is a required field to specify the CEL expression to extract\nthe extra attribute value from a JWT token's claims.\nvalueExpression must produce a string or string array value.\n\"\", [], and null are treated as the extra mapping not being present.\nEmpty string values within an array are filtered out.\n\nCEL expressions have access to the token claims\nthrough a CEL variable, 'claims'.\n'claims' is a map of claim names to claim values.\nFor example, the 'sub' claim value can be accessed as 'claims.sub'.\nNested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length.\nvalueExpression must not be empty.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "valueExpression" + ], + "type": "object" + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" + }, + "groups": { + "description": "groups is an optional field that configures how the groups of a cluster identity\nshould be constructed from the claims in a JWT token issued\nby the identity provider.\nWhen referencing a claim, if the claim is present in the JWT\ntoken, its value must be a list of groups separated by a comma (',').\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "properties": { + "claim": { + "description": "claim is a required field that configures the JWT token\nclaim whose value is assigned to the cluster identity\nfield associated with this mapping.", + "type": "string" + }, + "prefix": { + "description": "prefix is an optional field that configures the prefix that will be\napplied to the cluster identity attribute during the process of mapping\nJWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains\nan array of strings \"a\", \"b\" and \"c\", the mapping will result in an\narray of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "type": "string" + } + }, + "required": [ + "claim" + ], + "type": "object" + }, + "uid": { + "description": "uid is an optional field for configuring the claim mapping\nused to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value.\nWhen using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform\nis left to choose a default, which is subject to change over time.\nThe current default is to use the 'sub' claim.", + "properties": { + "claim": { + "description": "claim is an optional field for specifying the\nJWT token claim that is used in the mapping.\nThe value of this claim will be assigned to\nthe field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set.\nclaim must not be specified when expression is set.\nWhen specified, claim must be at least 1 character in length\nand must not exceed 256 characters in length.", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "expression": { + "description": "expression is an optional field for specifying a\nCEL expression that produces a string value from\nJWT token claims.\n\nCEL expressions have access to the token claims\nthrough a CEL variable, 'claims'.\n'claims' is a map of claim names to claim values.\nFor example, the 'sub' claim value can be accessed as 'claims.sub'.\nNested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set.\nexpression must not be specified when claim is set.\nWhen specified, expression must be at least 1 character in length\nand must not exceed 1024 characters in length.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "precisely one of claim or expression must be set", + "rule": "has(self.claim) ? !has(self.expression) : has(self.expression)" + } + ] + }, + "username": { + "description": "username is a required field that configures how the username of a cluster identity\nshould be constructed from the claims in a JWT token issued by the identity provider.", + "properties": { + "claim": { + "description": "claim is a required field that configures the JWT token\nclaim whose value is assigned to the cluster identity\nfield associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "prefix": { + "description": "prefix configures the prefix that should be prepended to the value\nof the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", "properties": { - "op": { - "description": "op defines the operation of the patch.\nNote: Only `add`, `replace` and `remove` are supported.", - "type": "string" - }, - "path": { - "description": "path defines the path of the patch.\nNote: Only the spec of a template can be patched, thus the path has to start with /spec/.\nNote: For now the only allowed array modifications are `append` and `prepend`, i.e.:\n* for op: `add`: only index 0 (prepend) and - (append) are allowed\n* for op: `replace` or `remove`: no indexes are allowed", + "prefixString": { + "description": "prefixString is a required field that configures the prefix that will\nbe applied to cluster identity username attribute\nduring the process of mapping JWT claims to cluster identity attributes.\n\nprefixString must not be an empty string (\"\").", + "minLength": 1, "type": "string" - }, - "value": { - "description": "value defines the value of the patch.\nNote: Either Value or ValueFrom is required for add and replace\noperations. Only one of them is allowed to be set at the same time.\nNote: We have to use apiextensionsv1.JSON instead of our JSON type,\nbecause controller-tools has a hard-coded schema for apiextensionsv1.JSON\nwhich cannot be produced by another type (unset type field).\nRef: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111", - "x-kubernetes-preserve-unknown-fields": true - }, - "valueFrom": { - "description": "valueFrom defines the value of the patch.\nNote: Either Value or ValueFrom is required for add and replace\noperations. Only one of them is allowed to be set at the same time.", - "properties": { - "template": { - "description": "template is the Go template to be used to calculate the value.\nA template can reference variables defined in .spec.variables and builtin variables.\nNote: The template must evaluate to a valid YAML or JSON value.", - "type": "string" - }, - "variable": { - "description": "variable is the variable to be used as value.\nVariable can be one of the variables defined in .spec.variables or a builtin variable.", - "type": "string" - } - }, - "type": "object" } }, "required": [ - "op", - "path" + "prefixString" ], "type": "object" }, - "type": "array" + "prefixPolicy": { + "description": "prefixPolicy is an optional field that configures how a prefix should be\napplied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be\nprepended to the value of the JWT claim.\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value\nof the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose\nany prefixes that are applied which is subject to change over time.\nCurrently, the platform prepends `{issuerURL}#` to the value of the JWT claim\nwhen the claim is not 'email'.\nAs an example, consider the following scenario:\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "enum": [ + "", + "NoPrefix", + "Prefix" + ], + "type": "string" + } }, - "selector": { - "description": "selector defines on which templates the patch should be applied.", + "required": [ + "claim" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise", + "rule": "has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)" + } + ] + } + }, + "required": [ + "username" + ], + "type": "object" + }, + "claimValidationRules": { + "description": "claimValidationRules is an optional field that configures the rules to\nbe used by the Kubernetes API server for validating the claims in a JWT\ntoken issued by the identity provider.\n\nValidation rules are joined via an AND operation.", + "items": { + "properties": { + "requiredClaim": { + "description": "requiredClaim is an optional field that configures the required claim\nand value that the Kubernetes API server will use to validate if an incoming\nJWT is valid for this identity provider.", "properties": { - "apiVersion": { - "description": "apiVersion filters templates by apiVersion.", + "claim": { + "description": "claim is a required field that configures the name of the required claim.\nWhen taken from the JWT claims, claim must be a string value.\n\nclaim must not be an empty string (\"\").", + "minLength": 1, "type": "string" }, - "kind": { - "description": "kind filters templates by kind.", + "requiredValue": { + "description": "requiredValue is a required field that configures the value that 'claim' must\nhave when taken from the incoming JWT claims.\nIf the value in the JWT claims does not match, the token\nwill be rejected for authentication.\n\nrequiredValue must not be an empty string (\"\").", + "minLength": 1, "type": "string" - }, - "matchResources": { - "description": "matchResources selects templates based on where they are referenced.", - "properties": { - "controlPlane": { - "description": "controlPlane selects templates referenced in .spec.ControlPlane.\nNote: this will match the controlPlane and also the controlPlane\nmachineInfrastructure (depending on the kind and apiVersion).", - "type": "boolean" - }, - "infrastructureCluster": { - "description": "infrastructureCluster selects templates referenced in .spec.infrastructure.", - "type": "boolean" - }, - "machineDeploymentClass": { - "description": "machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in\n.spec.workers.machineDeployments.", - "properties": { - "names": { - "description": "names selects templates by class names.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "machinePoolClass": { - "description": "machinePoolClass selects templates referenced in specific MachinePoolClasses in\n.spec.workers.machinePools.", - "properties": { - "names": { - "description": "names selects templates by class names.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" } }, "required": [ - "apiVersion", - "kind", - "matchResources" + "claim", + "requiredValue" ], "type": "object" + }, + "type": { + "default": "RequiredClaim", + "description": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are 'RequiredClaim' and omitted (not provided or an empty string).\n\nWhen set to 'RequiredClaim', the Kubernetes API server\nwill be configured to validate that the incoming JWT\ncontains the required claim and that its value matches\nthe required value.\n\nDefaults to 'RequiredClaim'.", + "enum": [ + "RequiredClaim" + ], + "type": "string" } }, - "required": [ - "jsonPatches", - "selector" - ], "type": "object" }, - "type": "array" - }, - "description": { - "description": "description is a human-readable description of this patch.", - "type": "string" - }, - "enabledIf": { - "description": "enabledIf is a Go template to be used to calculate if a patch should be enabled.\nIt can reference variables defined in .spec.variables and builtin variables.\nThe patch will be enabled if the template evaluates to `true`, otherwise it will\nbe disabled.\nIf EnabledIf is not set, the patch will be enabled per default.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "external": { - "description": "external defines an external patch.\nNote: Exactly one of Definitions or External must be set.", + "issuer": { + "description": "issuer is a required field that configures how the platform interacts\nwith the identity provider and how tokens issued from the identity provider\nare evaluated by the Kubernetes API server.", "properties": { - "discoverVariablesExtension": { - "description": "discoverVariablesExtension references an extension which is called to discover variables.", - "type": "string" - }, - "generateExtension": { - "description": "generateExtension references an extension which is called to generate patches.", - "type": "string" - }, - "settings": { - "additionalProperties": { + "audiences": { + "description": "audiences is a required field that configures the acceptable audiences\nthe JWT token, issued by the identity provider, must be issued to.\nAt least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", + "items": { + "minLength": 1, "type": "string" }, - "description": "settings defines key value pairs to be passed to the extensions.\nValues defined here take precedence over the values defined in the\ncorresponding ExtensionConfig.", + "maxItems": 10, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "issuerCertificateAuthority": { + "description": "issuerCertificateAuthority is an optional field that configures the\ncertificate authority, used by the Kubernetes API server, to validate\nthe connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config\nnamespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt'\nkey in the data field of the ConfigMap.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } + }, + "required": [ + "name" + ], "type": "object" }, - "validateExtension": { - "description": "validateExtension references an extension which is called to validate the topology.", - "type": "string" + "issuerURL": { + "description": "issuerURL is a required field that configures the URL used to issue tokens\nby the identity provider.\nThe Kubernetes API server determines how authentication tokens should be handled\nby matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length.\nMust be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", + "maxLength": 512, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid URL", + "rule": "isURL(self)" + }, + { + "message": "must use the 'https' scheme", + "rule": "isURL(self) && url(self).getScheme() == 'https'" + }, + { + "message": "must not have a query", + "rule": "isURL(self) && url(self).getQuery() == {}" + }, + { + "message": "must not have a fragment", + "rule": "self.find('#(.+)$') == ''" + }, + { + "message": "must not have user info", + "rule": "self.find('@') == ''" + } + ] } }, + "required": [ + "audiences", + "issuerURL" + ], "type": "object" }, "name": { - "description": "name of the patch.", + "description": "name is a required field that configures the unique human-readable identifier\nassociated with the identity provider.\nIt is used to distinguish between multiple identity providers\nand has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", + "minLength": 1, "type": "string" + }, + "oidcClients": { + "description": "oidcClients is an optional field that configures how on-cluster,\nplatform clients should request tokens from the identity provider.\noidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", + "items": { + "description": "OIDCClientConfig configures how platform clients\ninteract with identity providers as an authentication\nmethod", + "properties": { + "clientID": { + "description": "clientID is a required field that configures the client identifier, from\nthe identity provider, that the platform component uses for authentication\nrequests made to the identity provider.\nThe identity provider must accept this identifier for platform components\nto be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", + "minLength": 1, + "type": "string" + }, + "clientSecret": { + "description": "clientSecret is an optional field that configures the client secret used\nby the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests\nto the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config'\nnamespace that contains the client secret in the 'clientSecret' key of the '.data' field.\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private\nclients do require a client secret to work with the identity provider.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "componentName": { + "description": "componentName is a required field that specifies the name of the platform\ncomponent being configured to use the identity provider as an authentication mode.\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the\nplatform component being configured to use the identity provider as an authentication\nmode is running.\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "extraScopes": { + "description": "extraScopes is an optional field that configures the extra scopes that should\nbe requested by the platform component when making authentication requests to the\nidentity provider.\nThis is useful if you have configured claim mappings that requires specific\nscopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "clientID", + "componentName", + "componentNamespace" + ], + "type": "object" + }, + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "componentNamespace", + "componentName" + ], + "x-kubernetes-list-type": "map" } }, "required": [ + "claimMappings", + "issuer", "name" ], "type": "object" }, - "type": "array" + "maxItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "variables": { - "description": "variables defines the variables which can be configured\nin the Cluster topology and are then used in patches.", - "items": { - "description": "ClusterClassVariable defines a variable which can\nbe configured in the Cluster topology and used in patches.", - "properties": { - "metadata": { - "description": "metadata is the metadata of a variable.\nIt can be used to add additional data for higher level tools to\na ClusterClassVariable.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map that can be used to store and\nretrieve arbitrary metadata.\nThey are not queryable.", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) variables.", - "type": "object" - } - }, - "type": "object" - }, - "name": { - "description": "name of the variable.", - "type": "string" - }, - "required": { - "description": "required specifies if the variable is required.\nNote: this applies to the variable as a whole and thus the\ntop-level object defined in the schema. If nested fields are\nrequired, this will be specified inside the schema.", - "type": "boolean" - }, - "schema": { - "description": "schema defines the schema of the variable.", - "properties": { - "openAPIV3Schema": { - "description": "openAPIV3Schema defines the schema of a variable via OpenAPI v3\nschema. The schema is a subset of the schema used in\nKubernetes CRDs.", - "properties": { - "additionalProperties": { - "description": "additionalProperties specifies the schema of values in a map (keys are always strings).\nNOTE: Can only be set if type is object.\nNOTE: AdditionalProperties is mutually exclusive with Properties.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "allOf": { - "description": "allOf specifies that the variable must validate against all of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "anyOf": { - "description": "anyOf specifies that the variable must validate against one or more of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "default": { - "description": "default is the default value of the variable.\nNOTE: Can be set for all types.", - "x-kubernetes-preserve-unknown-fields": true - }, - "description": { - "description": "description is a human-readable description of this variable.", - "type": "string" - }, - "enum": { - "description": "enum is the list of valid values of the variable.\nNOTE: Can be set for all types.", - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - }, - "example": { - "description": "example is an example for this variable.", - "x-kubernetes-preserve-unknown-fields": true - }, - "exclusiveMaximum": { - "description": "exclusiveMaximum specifies if the Maximum is exclusive.\nNOTE: Can only be set if type is integer or number.", - "type": "boolean" - }, - "exclusiveMinimum": { - "description": "exclusiveMinimum specifies if the Minimum is exclusive.\nNOTE: Can only be set if type is integer or number.", - "type": "boolean" - }, - "format": { - "description": "format is an OpenAPI v3 format string. Unknown formats are ignored.\nFor a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)\nhttps://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go\nNOTE: Can only be set if type is string.", - "type": "string" - }, - "items": { - "description": "items specifies fields of an array.\nNOTE: Can only be set if type is array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "maxItems": { - "description": "maxItems is the max length of an array variable.\nNOTE: Can only be set if type is array.", - "format": "int64", - "type": "integer" - }, - "maxLength": { - "description": "maxLength is the max length of a string variable.\nNOTE: Can only be set if type is string.", - "format": "int64", - "type": "integer" - }, - "maxProperties": { - "description": "maxProperties is the maximum amount of entries in a map or properties in an object.\nNOTE: Can only be set if type is object.", - "format": "int64", - "type": "integer" - }, - "maximum": { - "description": "maximum is the maximum of an integer or number variable.\nIf ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.\nIf ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.\nNOTE: Can only be set if type is integer or number.", - "format": "int64", - "type": "integer" - }, - "minItems": { - "description": "minItems is the min length of an array variable.\nNOTE: Can only be set if type is array.", - "format": "int64", - "type": "integer" - }, - "minLength": { - "description": "minLength is the min length of a string variable.\nNOTE: Can only be set if type is string.", - "format": "int64", - "type": "integer" - }, - "minProperties": { - "description": "minProperties is the minimum amount of entries in a map or properties in an object.\nNOTE: Can only be set if type is object.", - "format": "int64", - "type": "integer" - }, - "minimum": { - "description": "minimum is the minimum of an integer or number variable.\nIf ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.\nIf ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.\nNOTE: Can only be set if type is integer or number.", - "format": "int64", - "type": "integer" - }, - "not": { - "description": "not specifies that the variable must not validate against the subschema.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "oneOf": { - "description": "oneOf specifies that the variable must validate against exactly one of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "pattern": { - "description": "pattern is the regex which a string variable must match.\nNOTE: Can only be set if type is string.", - "type": "string" - }, - "properties": { - "description": "properties specifies fields of an object.\nNOTE: Can only be set if type is object.\nNOTE: Properties is mutually exclusive with AdditionalProperties.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "required": { - "description": "required specifies which fields of an object are required.\nNOTE: Can only be set if type is object.", - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "description": "type is the type of the variable.\nValid values are: object, array, string, integer, number or boolean.", - "type": "string" - }, - "uniqueItems": { - "description": "uniqueItems specifies if items in an array must be unique.\nNOTE: Can only be set if type is array.", - "type": "boolean" - }, - "x-kubernetes-int-or-string": { - "description": "x-kubernetes-int-or-string specifies that this value is\neither an integer or a string. If this is true, an empty\ntype is allowed and type as child of anyOf is permitted\nif following one of the following patterns:\n\n1) anyOf:\n - type: integer\n - type: string\n2) allOf:\n - anyOf:\n - type: integer\n - type: string\n - ... zero or more", - "type": "boolean" - }, - "x-kubernetes-preserve-unknown-fields": { - "description": "x-kubernetes-preserve-unknown-fields allows setting fields in a variable object\nwhich are not defined in the variable schema. This affects fields recursively,\nexcept if nested properties or additionalProperties are specified in the schema.", - "type": "boolean" - }, - "x-kubernetes-validations": { - "description": "x-kubernetes-validations describes a list of validation rules written in the CEL expression language.", - "items": { - "description": "ValidationRule describes a validation rule written in the CEL expression language.", - "properties": { - "fieldPath": { - "description": "fieldPath represents the field path returned when the validation fails.\nIt must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.\ne.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`\nIf the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`\nIt does not support list numeric index.\nIt supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.\nNumeric index of array is not supported.\nFor field name which contains special characters, use `['specialName']` to refer the field name.\ne.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`", - "type": "string" - }, - "message": { - "description": "message represents the message displayed when validation fails. The message is required if the Rule contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"", - "type": "string" - }, - "messageExpression": { - "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a rule, then messageExpression will be used if validation\nfails. If messageExpression results in a runtime error, the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.\nmessageExpression has access to all the same variables as the rule; the only difference is the return type.\nExample:\n\"x must be less than max (\"+string(self.max)+\")\"", - "type": "string" - }, - "reason": { - "default": "FieldValueInvalid", - "description": "reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.\nThe currently supported reasons are: \"FieldValueInvalid\", \"FieldValueForbidden\", \"FieldValueRequired\", \"FieldValueDuplicate\".\nIf not set, default to use \"FieldValueInvalid\".\nAll future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.", - "enum": [ - "FieldValueInvalid", - "FieldValueForbidden", - "FieldValueRequired", - "FieldValueDuplicate" - ], - "type": "string" - }, - "rule": { - "description": "rule represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe Rule is scoped to the location of the x-kubernetes-validations extension in the schema.\nThe `self` variable in the CEL expression is bound to the scoped value.\nIf the Rule is scoped to an object with properties, the accessible properties of the object are field selectable\nvia `self.field` and field presence can be checked via `has(self.field)`.\nIf the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map\nare accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map\nare accessible via CEL macros and functions such as `self.all(...)`.\nIf the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and\nfunctions.\nIf the Rule is scoped to a scalar, `self` is bound to the scalar value.\nExamples:\n- Rule scoped to a map of objects: {\"rule\": \"self.components['Widget'].priority < 10\"}\n- Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value >= 0 && value < 100)\"}\n- Rule scoped to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL\nexpressions. This includes:\n- Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n- Object properties where the property schema is of an \"unknown type\". An \"unknown type\" is recursively defined as:\n - A schema with no type and x-kubernetes-preserve-unknown-fields set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties schema is of an \"unknown type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Rule accessing a property named \"namespace\": {\"rule\": \"self.__namespace__ > 0\"}\n - Rule accessing a property named \"x-prop\": {\"rule\": \"self.x__dash__prop > 0\"}\n - Rule accessing a property named \"redact__d\": {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf `rule` makes use of the `oldSelf` variable it is implicitly a\n`transition rule`.\n\nBy default, the `oldSelf` variable is the same type as `self`.\n\nTransition rules by default are applied only on UPDATE requests and are\nskipped if an old value could not be found.", - "type": "string" - } - }, - "required": [ - "rule" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "rule" - ], - "x-kubernetes-list-type": "map" - }, - "x-metadata": { - "description": "x-metadata is the metadata of a variable or a nested field within a variable.\nIt can be used to add additional data for higher level tools.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map that can be used to store and\nretrieve arbitrary metadata.\nThey are not queryable.", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) variables.", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "openAPIV3Schema" - ], - "type": "object" - } - }, - "required": [ - "name", - "required", - "schema" - ], - "type": "object" - }, - "type": "array" + "serviceAccountIssuer": { + "description": "serviceAccountIssuer is the identifier of the bound service account token\nissuer.\nThe default is https://kubernetes.default.svc\nWARNING: Updating this field will not result in immediate invalidation of all bound tokens with the\nprevious issuer value. Instead, the tokens issued by previous service account issuer will continue to\nbe trusted for a time period chosen by the platform (currently set to 24h).\nThis time period is subject to change over time.\nThis allows internal components to transition to use new service account issuer without service distruption.", + "type": "string" + }, + "type": { + "description": "type identifies the cluster managed, user facing authentication mode in use.\nSpecifically, it manages the component that responds to login attempts.\nThe default is IntegratedOAuth.", + "enum": [ + "", + "None", + "IntegratedOAuth", + "OIDC" + ], + "type": "string" }, - "workers": { - "description": "workers describes the worker nodes for the cluster.\nIt is a collection of node types which can be used to create\nthe worker nodes of the cluster.", + "webhookTokenAuthenticator": { + "description": "webhookTokenAuthenticator configures a remote token reviewer.\nThese remote authentication webhooks can be used to verify bearer tokens\nvia the tokenreviews.authentication.k8s.io REST API. This is required to\nhonor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", "properties": { - "machineDeployments": { - "description": "machineDeployments is a list of machine deployment classes that can be used to create\na set of worker nodes.", - "items": { - "description": "MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster\nprovisioned using the `ClusterClass`.", - "properties": { - "class": { - "description": "class denotes a type of worker node present in the cluster,\nthis name MUST be unique within a ClusterClass and can be referenced\nin the Cluster to create a managed MachineDeployment.", - "type": "string" - }, - "failureDomain": { - "description": "failureDomain is the failure domain the machines will be created in.\nMust match a key in the FailureDomains map stored on the cluster object.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "type": "string" - }, - "machineHealthCheck": { - "description": "machineHealthCheck defines a MachineHealthCheck for this MachineDeploymentClass.", - "properties": { - "maxUnhealthy": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Any further remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy.", - "x-kubernetes-int-or-string": true - }, - "nodeStartupTimeout": { - "description": "nodeStartupTimeout allows to set the maximum time for MachineHealthCheck\nto consider a Machine unhealthy if a corresponding Node isn't associated\nthrough a `Spec.ProviderID` field.\n\nThe duration set in this field is compared to the greatest of:\n- Cluster's infrastructure ready condition timestamp (if and when available)\n- Control Plane's initialized condition timestamp (if and when available)\n- Machine's infrastructure ready condition timestamp (if and when available)\n- Machine's metadata creation timestamp\n\nDefaults to 10 minutes.\nIf you wish to disable this feature, set the value explicitly to 0.", - "type": "string" - }, - "remediationTemplate": { - "description": "remediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Cluster API.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "unhealthyConditions": { - "description": "unhealthyConditions contains a list of the conditions that determine\nwhether a node is considered unhealthy. The conditions are combined in a\nlogical OR, i.e. if any of the conditions is met, the node is unhealthy.", - "items": { - "description": "UnhealthyCondition represents a Node condition type and value with a timeout\nspecified as a duration. When the named condition has been in the given\nstatus for at least the timeout value, a node is considered unhealthy.", - "properties": { - "status": { - "minLength": 1, - "type": "string" - }, - "timeout": { - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "status", - "timeout", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "unhealthyRange": { - "description": "Any further remediation is only allowed if the number of machines selected by \"selector\" as not healthy\nis within the range of \"UnhealthyRange\". Takes precedence over MaxUnhealthy.\nEg. \"[3-5]\" - This means that remediation will be allowed only when:\n(a) there are at least 3 unhealthy machines (and)\n(b) there are at most 5 unhealthy machines", - "pattern": "^\\[[0-9]+-[0-9]+\\]$", - "type": "string" - } - }, - "type": "object" - }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created machine should\nbe ready.\nDefaults to 0 (machine will be considered available as soon as it\nis ready)\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "format": "int32", - "type": "integer" - }, - "namingStrategy": { - "description": "namingStrategy allows changing the naming pattern used when creating the MachineDeployment.", - "properties": { - "template": { - "description": "template defines the template to use for generating the name of the MachineDeployment object.\nIf not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`.\nIf the templated string exceeds 63 characters, it will be trimmed to 58 characters and will\nget concatenated with a random suffix of length 5.\nThe templating mechanism provides the following arguments:\n* `.cluster.name`: The name of the cluster object.\n* `.random`: A random alphanumeric string, without vowels, of length 5.\n* `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).", - "type": "string" - } - }, - "type": "object" - }, - "nodeDeletionTimeout": { - "description": "nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine\nhosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.\nDefaults to 10 seconds.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "type": "string" - }, - "nodeDrainTimeout": { - "description": "nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: NodeDrainTimeout is different from `kubectl drain --timeout`\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "type": "string" - }, - "nodeVolumeDetachTimeout": { - "description": "nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "type": "string" - }, - "strategy": { - "description": "The deployment strategy to use to replace existing machines with\nnew ones.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.", - "properties": { - "remediation": { - "description": "remediation controls the strategy of remediating unhealthy machines\nand how remediating operations should occur during the lifecycle of the dependant MachineSets.", - "properties": { - "maxInFlight": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "maxInFlight determines how many in flight remediations should happen at the same time.\n\nRemediation only happens on the MachineSet with the most current revision, while\nolder MachineSets (usually present during rollout operations) aren't allowed to remediate.\n\nNote: In general (independent of remediations), unhealthy machines are always\nprioritized during scale down operations over healthy ones.\n\nMaxInFlight can be set to a fixed number or a percentage.\nExample: when this is set to 20%, the MachineSet controller deletes at most 20% of\nthe desired replicas.\n\nIf not set, remediation is limited to all machines (bounded by replicas)\nunder the active MachineSet's management.", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "rollingUpdate": { - "description": "Rolling update config params. Present only if\nMachineDeploymentStrategyType = RollingUpdate.", - "properties": { - "deletePolicy": { - "description": "deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.\nValid values are \"Random, \"Newest\", \"Oldest\"\nWhen no value is supplied, the default DeletePolicy of MachineSet is used", - "enum": [ - "Random", - "Newest", - "Oldest" - ], - "type": "string" - }, - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of machines that can be scheduled above the\ndesired number of machines.\nValue can be an absolute number (ex: 5) or a percentage of\ndesired machines (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 1.\nExample: when this is set to 30%, the new MachineSet can be scaled\nup immediately when the rolling update starts, such that the total\nnumber of old and new machines do not exceed 130% of desired\nmachines. Once old machines have been killed, new MachineSet can\nbe scaled up further, ensuring that total number of machines running\nat any time during the update is at most 130% of desired machines.", - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of machines that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired\nmachines (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 0.\nExample: when this is set to 30%, the old MachineSet can be scaled\ndown to 70% of desired machines immediately when the rolling update\nstarts. Once new machines are ready, old MachineSet can be scaled\ndown further, followed by scaling up the new MachineSet, ensuring\nthat the total number of machines available at all times\nduring the update is at least 70% of desired machines.", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "type": { - "description": "type of deployment. Allowed values are RollingUpdate and OnDelete.\nThe default is RollingUpdate.", - "enum": [ - "RollingUpdate", - "OnDelete" - ], - "type": "string" - } - }, - "type": "object" - }, - "template": { - "description": "template is a local struct containing a collection of templates for creation of\nMachineDeployment objects representing a set of worker nodes.", - "properties": { - "bootstrap": { - "description": "bootstrap contains the bootstrap template reference to be used\nfor the creation of worker Machines.", - "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "ref" - ], - "type": "object" - }, - "infrastructure": { - "description": "infrastructure contains the infrastructure template reference to be used\nfor the creation of worker Machines.", - "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "ref" - ], - "type": "object" - }, - "metadata": { - "description": "metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.\nAt runtime this metadata is merged with the corresponding metadata from the topology.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "bootstrap", - "infrastructure" - ], - "type": "object" - } - }, - "required": [ - "class", - "template" - ], - "type": "object" + "kubeConfig": { + "description": "kubeConfig references a secret that contains kube config file data which\ndescribes how to access the remote webhook service.\nThe namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data.\nIf the secret or expected key is not found, the webhook is not honored.\nIf the specified kube config data is not valid, the webhook is not honored.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "class" + "required": [ + "name" ], - "x-kubernetes-list-type": "map" - }, - "machinePools": { - "description": "machinePools is a list of machine pool classes that can be used to create\na set of worker nodes.", - "items": { - "description": "MachinePoolClass serves as a template to define a pool of worker nodes of the cluster\nprovisioned using `ClusterClass`.", + "type": "object" + } + }, + "required": [ + "kubeConfig" + ], + "type": "object" + }, + "webhookTokenAuthenticators": { + "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", + "items": { + "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator.\nIt's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "properties": { + "kubeConfig": { + "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service.\nFor further details, see:\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\nThe key \"kubeConfig\" is used to locate the data.\nIf the secret or expected key is not found, the webhook is not honored.\nIf the specified kube config data is not valid, the webhook is not honored.\nThe namespace for this secret is determined by the point of use.", "properties": { - "class": { - "description": "class denotes a type of machine pool present in the cluster,\nthis name MUST be unique within a ClusterClass and can be referenced\nin the Cluster to create a managed MachinePool.", - "type": "string" - }, - "failureDomains": { - "description": "failureDomains is the list of failure domains the MachinePool should be attached to.\nMust match a key in the FailureDomains map stored on the cluster object.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.", - "items": { - "type": "string" - }, - "type": "array" - }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created machine pool should\nbe ready.\nDefaults to 0 (machine will be considered available as soon as it\nis ready)\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.", - "format": "int32", - "type": "integer" - }, - "namingStrategy": { - "description": "namingStrategy allows changing the naming pattern used when creating the MachinePool.", - "properties": { - "template": { - "description": "template defines the template to use for generating the name of the MachinePool object.\nIf not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`.\nIf the templated string exceeds 63 characters, it will be trimmed to 58 characters and will\nget concatenated with a random suffix of length 5.\nThe templating mechanism provides the following arguments:\n* `.cluster.name`: The name of the cluster object.\n* `.random`: A random alphanumeric string, without vowels, of length 5.\n* `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name).", - "type": "string" - } - }, - "type": "object" - }, - "nodeDeletionTimeout": { - "description": "nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine\nhosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely.\nDefaults to 10 seconds.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.", - "type": "string" - }, - "nodeDrainTimeout": { - "description": "nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: NodeDrainTimeout is different from `kubectl drain --timeout`\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.", - "type": "string" - }, - "nodeVolumeDetachTimeout": { - "description": "nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.\nNOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.", + "name": { + "description": "name is the metadata.name of the referenced secret", "type": "string" - }, - "template": { - "description": "template is a local struct containing a collection of templates for creation of\nMachinePools objects representing a pool of worker nodes.", - "properties": { - "bootstrap": { - "description": "bootstrap contains the bootstrap template reference to be used\nfor the creation of the Machines in the MachinePool.", - "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "ref" - ], - "type": "object" - }, - "infrastructure": { - "description": "infrastructure contains the infrastructure template reference to be used\nfor the creation of the MachinePool.", - "properties": { - "ref": { - "description": "ref is a required reference to a custom resource\noffered by a provider.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "ref" - ], - "type": "object" - }, - "metadata": { - "description": "metadata is the metadata applied to the MachinePool.\nAt runtime this metadata is merged with the corresponding metadata from the topology.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "bootstrap", - "infrastructure" - ], - "type": "object" } }, "required": [ - "class", - "template" + "name" ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "class" - ], - "x-kubernetes-list-type": "map" - } + } + }, + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "status": { - "description": "ClusterClassStatus defines the observed state of the ClusterClass.", + "description": "status holds observed values from the cluster. They may not be overridden.", "properties": { - "conditions": { - "description": "conditions defines current observed state of the ClusterClass.", - "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration is the latest generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "v1beta2": { - "description": "v1beta2 groups all the fields that will be added or modified in ClusterClass's status with the V1Beta2 version.", + "integratedOAuthMetadata": { + "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0\nAuthorization Server Metadata for the in-cluster integrated OAuth server.\nThis discovery document can be viewed from its served location:\noc get --raw '/.well-known/oauth-authorization-server'\nFor further details, see the IETF Draft:\nhttps://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2\nThis contains the observed value based on cluster state.\nAn explicitly set value in spec.oauthMetadata has precedence over this field.\nThis field has no meaning if authentication spec.type is not set to IntegratedOAuth.\nThe key \"oauthMetadata\" is used to locate the data.\nIf the config map or expected key is not found, no metadata is served.\nIf the specified metadata is not valid, no metadata is served.\nThe namespace for this config map is openshift-config-managed.", "properties": { - "conditions": { - "description": "conditions represents the observations of a ClusterClass's current state.\nKnown condition types are VariablesReady, RefVersionsUpToDate, Paused.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, - "variables": { - "description": "variables is a list of ClusterClassStatusVariable that are defined for the ClusterClass.", + "oidcClients": { + "description": "oidcClients is where participating operators place the current OIDC client status\nfor OIDC clients that can be customized by the cluster-admin.", "items": { - "description": "ClusterClassStatusVariable defines a variable which appears in the status of a ClusterClass.", + "description": "OIDCClientStatus represents the current state\nof platform components and how they interact with\nthe configured identity providers.", "properties": { - "definitions": { - "description": "definitions is a list of definitions for a variable.", + "componentName": { + "description": "componentName is a required field that specifies the name of the platform\ncomponent using the identity provider as an authentication mode.\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the\nplatform component using the identity provider as an authentication\nmode is running.\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "maxLength": 63, + "minLength": 1, + "type": "string" + }, + "conditions": { + "description": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client.\nIf Degraded is true, that means something has gone wrong trying to handle the client configuration.\nIf Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", "items": { - "description": "ClusterClassStatusVariableDefinition defines a variable which appears in the status of a ClusterClass.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "from": { - "description": "from specifies the origin of the variable definition.\nThis will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass\nfor variables discovered from a DiscoverVariables runtime extensions.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "metadata": { - "description": "metadata is the metadata of a variable.\nIt can be used to add additional data for higher level tools to\na ClusterClassVariable.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map that can be used to store and\nretrieve arbitrary metadata.\nThey are not queryable.", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) variables.", - "type": "object" - } - }, - "type": "object" + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" }, - "required": { - "description": "required specifies if the variable is required.\nNote: this applies to the variable as a whole and thus the\ntop-level object defined in the schema. If nested fields are\nrequired, this will be specified inside the schema.", - "type": "boolean" + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "schema": { - "description": "schema defines the schema of the variable.", - "properties": { - "openAPIV3Schema": { - "description": "openAPIV3Schema defines the schema of a variable via OpenAPI v3\nschema. The schema is a subset of the schema used in\nKubernetes CRDs.", - "properties": { - "additionalProperties": { - "description": "additionalProperties specifies the schema of values in a map (keys are always strings).\nNOTE: Can only be set if type is object.\nNOTE: AdditionalProperties is mutually exclusive with Properties.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "allOf": { - "description": "allOf specifies that the variable must validate against all of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "anyOf": { - "description": "anyOf specifies that the variable must validate against one or more of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "default": { - "description": "default is the default value of the variable.\nNOTE: Can be set for all types.", - "x-kubernetes-preserve-unknown-fields": true - }, - "description": { - "description": "description is a human-readable description of this variable.", - "type": "string" - }, - "enum": { - "description": "enum is the list of valid values of the variable.\nNOTE: Can be set for all types.", - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - }, - "example": { - "description": "example is an example for this variable.", - "x-kubernetes-preserve-unknown-fields": true - }, - "exclusiveMaximum": { - "description": "exclusiveMaximum specifies if the Maximum is exclusive.\nNOTE: Can only be set if type is integer or number.", - "type": "boolean" - }, - "exclusiveMinimum": { - "description": "exclusiveMinimum specifies if the Minimum is exclusive.\nNOTE: Can only be set if type is integer or number.", - "type": "boolean" - }, - "format": { - "description": "format is an OpenAPI v3 format string. Unknown formats are ignored.\nFor a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)\nhttps://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go\nNOTE: Can only be set if type is string.", - "type": "string" - }, - "items": { - "description": "items specifies fields of an array.\nNOTE: Can only be set if type is array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "maxItems": { - "description": "maxItems is the max length of an array variable.\nNOTE: Can only be set if type is array.", - "format": "int64", - "type": "integer" - }, - "maxLength": { - "description": "maxLength is the max length of a string variable.\nNOTE: Can only be set if type is string.", - "format": "int64", - "type": "integer" - }, - "maxProperties": { - "description": "maxProperties is the maximum amount of entries in a map or properties in an object.\nNOTE: Can only be set if type is object.", - "format": "int64", - "type": "integer" - }, - "maximum": { - "description": "maximum is the maximum of an integer or number variable.\nIf ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.\nIf ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.\nNOTE: Can only be set if type is integer or number.", - "format": "int64", - "type": "integer" - }, - "minItems": { - "description": "minItems is the min length of an array variable.\nNOTE: Can only be set if type is array.", - "format": "int64", - "type": "integer" - }, - "minLength": { - "description": "minLength is the min length of a string variable.\nNOTE: Can only be set if type is string.", - "format": "int64", - "type": "integer" - }, - "minProperties": { - "description": "minProperties is the minimum amount of entries in a map or properties in an object.\nNOTE: Can only be set if type is object.", - "format": "int64", - "type": "integer" - }, - "minimum": { - "description": "minimum is the minimum of an integer or number variable.\nIf ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.\nIf ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.\nNOTE: Can only be set if type is integer or number.", - "format": "int64", - "type": "integer" - }, - "not": { - "description": "not specifies that the variable must not validate against the subschema.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "oneOf": { - "description": "oneOf specifies that the variable must validate against exactly one of the subschemas in the array.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "pattern": { - "description": "pattern is the regex which a string variable must match.\nNOTE: Can only be set if type is string.", - "type": "string" - }, - "properties": { - "description": "properties specifies fields of an object.\nNOTE: Can only be set if type is object.\nNOTE: Properties is mutually exclusive with AdditionalProperties.\nNOTE: This field uses PreserveUnknownFields and Schemaless,\nbecause recursive validation is not possible.", - "x-kubernetes-preserve-unknown-fields": true - }, - "required": { - "description": "required specifies which fields of an object are required.\nNOTE: Can only be set if type is object.", - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "description": "type is the type of the variable.\nValid values are: object, array, string, integer, number or boolean.", - "type": "string" - }, - "uniqueItems": { - "description": "uniqueItems specifies if items in an array must be unique.\nNOTE: Can only be set if type is array.", - "type": "boolean" - }, - "x-kubernetes-int-or-string": { - "description": "x-kubernetes-int-or-string specifies that this value is\neither an integer or a string. If this is true, an empty\ntype is allowed and type as child of anyOf is permitted\nif following one of the following patterns:\n\n1) anyOf:\n - type: integer\n - type: string\n2) allOf:\n - anyOf:\n - type: integer\n - type: string\n - ... zero or more", - "type": "boolean" - }, - "x-kubernetes-preserve-unknown-fields": { - "description": "x-kubernetes-preserve-unknown-fields allows setting fields in a variable object\nwhich are not defined in the variable schema. This affects fields recursively,\nexcept if nested properties or additionalProperties are specified in the schema.", - "type": "boolean" - }, - "x-kubernetes-validations": { - "description": "x-kubernetes-validations describes a list of validation rules written in the CEL expression language.", - "items": { - "description": "ValidationRule describes a validation rule written in the CEL expression language.", - "properties": { - "fieldPath": { - "description": "fieldPath represents the field path returned when the validation fails.\nIt must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.\ne.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`\nIf the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`\nIt does not support list numeric index.\nIt supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.\nNumeric index of array is not supported.\nFor field name which contains special characters, use `['specialName']` to refer the field name.\ne.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`", - "type": "string" - }, - "message": { - "description": "message represents the message displayed when validation fails. The message is required if the Rule contains\nline breaks. The message must not contain line breaks.\nIf unset, the message is \"failed rule: {Rule}\".\ne.g. \"must be a URL with the host matching spec.host\"", - "type": "string" - }, - "messageExpression": { - "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.\nSince messageExpression is used as a failure message, it must evaluate to a string.\nIf both message and messageExpression are present on a rule, then messageExpression will be used if validation\nfails. If messageExpression results in a runtime error, the validation failure message is produced\nas if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string\nthat contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.\nmessageExpression has access to all the same variables as the rule; the only difference is the return type.\nExample:\n\"x must be less than max (\"+string(self.max)+\")\"", - "type": "string" - }, - "reason": { - "default": "FieldValueInvalid", - "description": "reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.\nThe currently supported reasons are: \"FieldValueInvalid\", \"FieldValueForbidden\", \"FieldValueRequired\", \"FieldValueDuplicate\".\nIf not set, default to use \"FieldValueInvalid\".\nAll future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.", - "enum": [ - "FieldValueInvalid", - "FieldValueForbidden", - "FieldValueRequired", - "FieldValueDuplicate" - ], - "type": "string" - }, - "rule": { - "description": "rule represents the expression which will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe Rule is scoped to the location of the x-kubernetes-validations extension in the schema.\nThe `self` variable in the CEL expression is bound to the scoped value.\nIf the Rule is scoped to an object with properties, the accessible properties of the object are field selectable\nvia `self.field` and field presence can be checked via `has(self.field)`.\nIf the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map\nare accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map\nare accessible via CEL macros and functions such as `self.all(...)`.\nIf the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and\nfunctions.\nIf the Rule is scoped to a scalar, `self` is bound to the scalar value.\nExamples:\n- Rule scoped to a map of objects: {\"rule\": \"self.components['Widget'].priority < 10\"}\n- Rule scoped to a list of integers: {\"rule\": \"self.values.all(value, value >= 0 && value < 100)\"}\n- Rule scoped to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL\nexpressions. This includes:\n- Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n- Object properties where the property schema is of an \"unknown type\". An \"unknown type\" is recursively defined as:\n - A schema with no type and x-kubernetes-preserve-unknown-fields set to true\n - An array where the items schema is of an \"unknown type\"\n - An object where the additionalProperties schema is of an \"unknown type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.\nAccessible property names are escaped according to the following rules when accessed in the expression:\n- '__' escapes to '__underscores__'\n- '.' escapes to '__dot__'\n- '-' escapes to '__dash__'\n- '/' escapes to '__slash__'\n- Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Rule accessing a property named \"namespace\": {\"rule\": \"self.__namespace__ > 0\"}\n - Rule accessing a property named \"x-prop\": {\"rule\": \"self.x__dash__prop > 0\"}\n - Rule accessing a property named \"redact__d\": {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf `rule` makes use of the `oldSelf` variable it is implicitly a\n`transition rule`.\n\nBy default, the `oldSelf` variable is the same type as `self`.\n\nTransition rules by default are applied only on UPDATE requests and are\nskipped if an old value could not be found.", - "type": "string" - } - }, - "required": [ - "rule" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "rule" - ], - "x-kubernetes-list-type": "map" - }, - "x-metadata": { - "description": "x-metadata is the metadata of a variable or a nested field within a variable.\nIt can be used to add additional data for higher level tools.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map that can be used to store and\nretrieve arbitrary metadata.\nThey are not queryable.", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) variables.", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "openAPIV3Schema" + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" ], - "type": "object" + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" } }, "required": [ - "from", - "required", - "schema" + "lastTransitionTime", + "message", + "reason", + "status", + "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "definitionsConflict": { - "description": "definitionsConflict specifies whether or not there are conflicting definitions for a single variable name.", - "type": "boolean" + "consumingUsers": { + "description": "consumingUsers is an optional list of ServiceAccounts requiring\nread permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", + "items": { + "description": "ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.", + "maxLength": 512, + "minLength": 1, + "pattern": "^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "maxItems": 5, + "type": "array", + "x-kubernetes-list-type": "set" }, - "name": { - "description": "name is the name of the variable.", - "type": "string" + "currentOIDCClients": { + "description": "currentOIDCClients is an optional list of clients that the component is currently using.\nEntries must have unique issuerURL/clientID pairs.", + "items": { + "description": "OIDCClientReference is a reference to a platform component\nclient configuration.", + "properties": { + "clientID": { + "description": "clientID is a required field that specifies the client identifier, from\nthe identity provider, that the platform component is using for authentication\nrequests made to the identity provider.\n\nclientID must not be empty.", + "minLength": 1, + "type": "string" + }, + "issuerURL": { + "description": "issuerURL is a required field that specifies the URL of the identity\nprovider that this client is configured to make requests against.\n\nissuerURL must use the 'https' scheme.", + "pattern": "^https:\\/\\/[^\\s]", + "type": "string" + }, + "oidcProviderName": { + "description": "oidcProviderName is a required reference to the 'name' of the identity provider\nconfigured in 'oidcProviders' that this client is associated with.\n\noidcProviderName must not be an empty string (\"\").", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientID", + "issuerURL", + "oidcProviderName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "issuerURL", + "clientID" + ], + "x-kubernetes-list-type": "map" } }, "required": [ - "definitions", - "name" + "componentName", + "componentNamespace" ], "type": "object" }, - "type": "array" + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "componentNamespace", + "componentName" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "ClusterClass", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "Authentication", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/ClusterClassList": { - "description": "ClusterClassList is a list of ClusterClass", + "config.openshift.io/v1/AuthenticationList": { + "description": "AuthenticationList is a list of Authentication", "namespaced": true, "properties": { "apiVersion": { @@ -33610,9 +34973,9 @@ "type": "string" }, "items": { - "description": "List of clusterclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.v1beta1.ClusterClass" + "$ref": "#/components/schemas/io.openshift.config.v1.Authentication" }, "type": "array" }, @@ -33635,15 +34998,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "ClusterClassList", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "AuthenticationList", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachineDeployment": { - "description": "MachineDeployment is the Schema for the machinedeployments API.", - "namespaced": true, + "config.openshift.io/v1/Build": { + "description": "Build configures the behavior of OpenShift builds for the entire cluster.\nThis includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -33662,495 +35025,366 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "MachineDeploymentSpec defines the desired state of MachineDeployment.", + "description": "spec holds user-settable values for the build controller configuration", "properties": { - "clusterName": { - "description": "clusterName is the name of the Cluster this object belongs to.", - "minLength": 1, - "type": "string" - }, - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.\nDefaults to 0 (machine will be considered available as soon as the Node is ready)", - "format": "int32", - "type": "integer" - }, - "paused": { - "description": "Indicates that the deployment is paused.", - "type": "boolean" - }, - "progressDeadlineSeconds": { - "description": "The maximum time in seconds for a deployment to make progress before it\nis considered to be failed. The deployment controller will continue to\nprocess failed deployments and a condition with a ProgressDeadlineExceeded\nreason will be surfaced in the deployment status. Note that progress will\nnot be estimated during the time a deployment is paused. Defaults to 600s.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "Number of desired machines.\nThis is a pointer to distinguish between explicit zero and not specified.\n\nDefaults to:\n* if the Kubernetes autoscaler min size and max size annotations are set:\n - if it's a new MachineDeployment, use min size\n - if the replicas field of the old MachineDeployment is < min size, use min size\n - if the replicas field of the old MachineDeployment is > max size, use max size\n - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD\n* otherwise use 1\nNote: Defaulting will be run whenever the replicas field is not set:\n* A new MachineDeployment is created with replicas not set.\n* On an existing MachineDeployment the replicas field was first set and is now unset.\nThose cases are especially relevant for the following Kubernetes autoscaler use cases:\n* A new MachineDeployment is created and replicas should be managed by the autoscaler\n* An existing MachineDeployment which initially wasn't controlled by the autoscaler\n should be later controlled by the autoscaler", - "format": "int32", - "type": "integer" - }, - "revisionHistoryLimit": { - "description": "The number of old MachineSets to retain to allow rollback.\nThis is a pointer to distinguish between explicit zero and not specified.\nDefaults to 1.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details.", - "format": "int32", - "type": "integer" - }, - "rolloutAfter": { - "description": "rolloutAfter is a field to indicate a rollout should be performed\nafter the specified time even if no changes have been made to the\nMachineDeployment.\nExample: In the YAML the time can be specified in the RFC3339 format.\nTo specify the rolloutAfter target as March 9, 2023, at 9 am UTC\nuse \"2023-03-09T09:00:00Z\".", - "format": "date-time", - "type": "string" - }, - "selector": { - "description": "Label selector for machines. Existing MachineSets whose machines are\nselected by this will be the ones affected by this deployment.\nIt must match the machine template's labels.", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that\nshould be trusted for image pushes and pulls during builds.\nThe namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on\nimage.config.openshift.io/cluster instead.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name" + ], + "type": "object" }, - "strategy": { - "description": "The deployment strategy to use to replace existing machines with\nnew ones.", + "buildDefaults": { + "description": "buildDefaults controls the default information for Builds", "properties": { - "remediation": { - "description": "remediation controls the strategy of remediating unhealthy machines\nand how remediating operations should occur during the lifecycle of the dependant MachineSets.", + "defaultProxy": { + "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push\nand source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables\nin the build config's strategy.", "properties": { - "maxInFlight": { - "anyOf": [ - { - "type": "integer" - }, - { + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", + "type": "string" + }, + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", + "type": "string" + }, + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.\nEmpty means unset and will not result in an env var.", + "type": "string" + }, + "readinessEndpoints": { + "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "trustedCA": { + "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle.\nThe trustedCA field should only be consumed by a proxy validator. The\nvalidator is responsible for reading the certificate bundle from the required\nkey \"ca-bundle.crt\", merging it with the system default trust bundle,\nand writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\"\nin the \"openshift-config-managed\" namespace. Clients that expect to make\nproxy connections must use the trusted-ca-bundle for all HTTPS requests to\nthe proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as\nwell.\n\nThe namespace for the ConfigMap referenced by trustedCA is\n\"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", "type": "string" } + }, + "required": [ + "name" ], - "description": "maxInFlight determines how many in flight remediations should happen at the same time.\n\nRemediation only happens on the MachineSet with the most current revision, while\nolder MachineSets (usually present during rollout operations) aren't allowed to remediate.\n\nNote: In general (independent of remediations), unhealthy machines are always\nprioritized during scale down operations over healthy ones.\n\nMaxInFlight can be set to a fixed number or a percentage.\nExample: when this is set to 20%, the MachineSet controller deletes at most 20% of\nthe desired replicas.\n\nIf not set, remediation is limited to all machines (bounded by replicas)\nunder the active MachineSet's management.", - "x-kubernetes-int-or-string": true + "type": "object" } }, "type": "object" }, - "rollingUpdate": { - "description": "Rolling update config params. Present only if\nMachineDeploymentStrategyType = RollingUpdate.", - "properties": { - "deletePolicy": { - "description": "deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.\nValid values are \"Random, \"Newest\", \"Oldest\"\nWhen no value is supplied, the default DeletePolicy of MachineSet is used", - "enum": [ - "Random", - "Newest", - "Oldest" - ], - "type": "string" - }, - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of machines that can be scheduled above the\ndesired number of machines.\nValue can be an absolute number (ex: 5) or a percentage of\ndesired machines (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 1.\nExample: when this is set to 30%, the new MachineSet can be scaled\nup immediately when the rolling update starts, such that the total\nnumber of old and new machines do not exceed 130% of desired\nmachines. Once old machines have been killed, new MachineSet can\nbe scaled up further, ensuring that total number of machines running\nat any time during the update is at most 130% of desired machines.", - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of machines that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired\nmachines (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 0.\nExample: when this is set to 30%, the old MachineSet can be scaled\ndown to 70% of desired machines immediately when the rolling update\nstarts. Once new machines are ready, old MachineSet can be scaled\ndown further, followed by scaling up the new MachineSet, ensuring\nthat the total number of machines available at all times\nduring the update is at least 70% of desired machines.", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "type": { - "description": "type of deployment. Allowed values are RollingUpdate and OnDelete.\nThe default is RollingUpdate.", - "enum": [ - "RollingUpdate", - "OnDelete" - ], - "type": "string" - } - }, - "type": "object" - }, - "template": { - "description": "template describes the machines that will be created.", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { + "env": { + "description": "env is a set of default environment variables that will be applied to the\nbuild if the specified variables do not exist on the build", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - } - }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the machine.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "bootstrap": { - "description": "bootstrap is a reference to a local struct which encapsulates\nfields to configure the Machine\u2019s bootstrapping mechanism.", - "properties": { - "configRef": { - "description": "configRef is a reference to a bootstrap provider-specific resource\nthat holds configuration details. The reference is optional to\nallow users/operators to specify Bootstrap.DataSecretName without\nthe need of a controller.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "dataSecretName": { - "description": "dataSecretName is the name of the secret that stores the bootstrap data script.\nIf nil, the Machine should remain in the Pending state.", - "type": "string" - } - }, - "type": "object" + "type": "object" + } }, - "clusterName": { - "description": "clusterName is the name of the Cluster this object belongs to.", - "minLength": 1, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "gitProxy": { + "description": "gitProxy contains the proxy settings for git operations only. If set, this will override\nany Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", + "properties": { + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", + "type": "string" + }, + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", "type": "string" }, - "failureDomain": { - "description": "failureDomain is the failure domain the machine will be created in.\nMust match a key in the FailureDomains map stored on the cluster object.", + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.\nEmpty means unset and will not result in an env var.", "type": "string" }, - "infrastructureRef": { - "description": "infrastructureRef is a required reference to a custom resource\noffered by an infrastructure provider.", + "readinessEndpoints": { + "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "trustedCA": { + "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle.\nThe trustedCA field should only be consumed by a proxy validator. The\nvalidator is responsible for reading the certificate bundle from the required\nkey \"ca-bundle.crt\", merging it with the system default trust bundle,\nand writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\"\nin the \"openshift-config-managed\" namespace. Clients that expect to make\nproxy connections must use the trusted-ca-bundle for all HTTPS requests to\nthe proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as\nwell.\n\nThe namespace for the ConfigMap referenced by trustedCA is\n\"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "description": "name is the metadata.name of the referenced config map", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "nodeDeletionTimeout": { - "description": "nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine\nhosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.\nDefaults to 10 seconds.", - "type": "string" - }, - "nodeDrainTimeout": { - "description": "nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: NodeDrainTimeout is different from `kubectl drain --timeout`", - "type": "string" - }, - "nodeVolumeDetachTimeout": { - "description": "nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.", - "type": "string" - }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", - "type": "string" + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image.\nUser can override a default label by providing a label with the same name in their\nBuild/BuildConfig.", + "items": { + "properties": { + "name": { + "description": "name defines the name of the label. It must have non-zero length.", + "type": "string" + }, + "value": { + "description": "value defines the literal value of the label.", + "type": "string" + } }, - "readinessGates": { - "description": "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).", + "type": "object" + }, + "type": "array" + }, + "resources": { + "description": "resources defines resource requirements to execute the build.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { - "description": "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.", + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { - "conditionType": { - "description": "conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.\nIf the conditions doesn't exist, it will be treated as unknown.\nNote: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.", - "maxLength": 316, - "minLength": 1, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, "required": [ - "conditionType" + "name" ], "type": "object" }, - "maxItems": 32, "type": "array", "x-kubernetes-list-map-keys": [ - "conditionType" + "name" ], "x-kubernetes-list-type": "map" }, - "version": { - "description": "version defines the desired Kubernetes version.\nThis field is meant to be optionally used by bootstrap providers.", - "type": "string" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } }, - "required": [ - "bootstrap", - "clusterName", - "infrastructureRef" - ], "type": "object" } }, "type": "object" - } - }, - "required": [ - "clusterName", - "selector", - "template" - ], - "type": "object" - }, - "status": { - "description": "MachineDeploymentStatus defines the observed state of MachineDeployment.", - "properties": { - "availableReplicas": { - "description": "Total number of available machines (ready for at least minReadySeconds)\ntargeted by this deployment.", - "format": "int32", - "type": "integer" }, - "conditions": { - "description": "conditions defines current service state of the MachineDeployment.", - "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" + "buildOverrides": { + "description": "buildOverrides controls override settings for builds", + "properties": { + "forcePull": { + "description": "forcePull overrides, if set, the equivalent value in the builds,\ni.e. false disables force pull for all builds,\ntrue enables force pull for all builds,\nindependently of what each build specifies itself", + "type": "boolean" + }, + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image.\nIf user provided a label in their Build/BuildConfig with the same name as one in this\nlist, the user's label will be overwritten.", + "items": { + "properties": { + "name": { + "description": "name defines the name of the label. It must have non-zero length.", + "type": "string" + }, + "value": { + "description": "value defines the literal value of the label.", + "type": "string" + } + }, + "type": "object" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "The generation observed by the deployment controller.", - "format": "int64", - "type": "integer" - }, - "phase": { - "description": "phase represents the current phase of a MachineDeployment (ScalingUp, ScalingDown, Running, Failed, or Unknown).", - "type": "string" - }, - "readyReplicas": { - "description": "Total number of ready machines targeted by this deployment.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "Total number of non-terminated machines targeted by this deployment\n(their labels match the selector).", - "format": "int32", - "type": "integer" - }, - "selector": { - "description": "selector is the same as the label selector but in the string format to avoid introspection\nby clients. The string will be in the same format as the query-param syntax.\nMore info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors", - "type": "string" - }, - "unavailableReplicas": { - "description": "Total number of unavailable machines targeted by this deployment.\nThis is the total number of machines that are still required for\nthe deployment to have 100% available capacity. They may either\nbe machines that are running but not yet available or machines\nthat still have not been created.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "Total number of non-terminated machines targeted by this deployment\nthat have the desired template spec.", - "format": "int32", - "type": "integer" - }, - "v1beta2": { - "description": "v1beta2 groups all the fields that will be added or modified in MachineDeployment's status with the V1Beta2 version.", - "properties": { - "availableReplicas": { - "description": "availableReplicas is the number of available replicas for this MachineDeployment. A machine is considered available when Machine's Available condition is true.", - "format": "int32", - "type": "integer" + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object" }, - "conditions": { - "description": "conditions represents the observations of a MachineDeployment's current state.\nKnown condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.", + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing\ntolerations set on a build pod.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], "type": "object" }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "readyReplicas": { - "description": "readyReplicas is the number of ready replicas for this MachineDeployment. A machine is considered ready when Machine's Ready condition is true.", - "format": "int32", - "type": "integer" - }, - "upToDateReplicas": { - "description": "upToDateReplicas is the number of up-to-date replicas targeted by this deployment. A machine is considered up-to-date when Machine's UpToDate condition is true.", - "format": "int32", - "type": "integer" + "type": "array" } }, "type": "object" @@ -34159,18 +35393,20 @@ "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachineDeployment", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "Build", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachineDeploymentList": { - "description": "MachineDeploymentList is a list of MachineDeployment", + "config.openshift.io/v1/BuildList": { + "description": "BuildList is a list of Build", "namespaced": true, "properties": { "apiVersion": { @@ -34178,9 +35414,9 @@ "type": "string" }, "items": { - "description": "List of machinedeployments. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of builds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.v1beta1.MachineDeployment" + "$ref": "#/components/schemas/io.openshift.config.v1.Build" }, "type": "array" }, @@ -34203,15 +35439,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachineDeploymentList", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "BuildList", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachineDrainRule": { - "description": "MachineDrainRule is the Schema for the MachineDrainRule API.", - "namespaced": true, + "config.openshift.io/v1/ClusterImagePolicy": { + "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -34230,261 +35466,363 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec defines the spec of a MachineDrainRule.", + "description": "spec contains the configuration for the cluster image policy.", "properties": { - "drain": { - "description": "drain configures if and how Pods are drained.", + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how\nimages not matching the verification policy will be treated.", "properties": { - "behavior": { - "description": "behavior defines the drain behavior.\nCan be either \"Drain\", \"Skip\", or \"WaitCompleted\".\n\"Drain\" means that the Pods to which this MachineDrainRule applies will be drained.\nIf behavior is set to \"Drain\" the order in which Pods are drained can be configured\nwith the order field. When draining Pods of a Node the Pods will be grouped by order\nand one group after another will be drained (by increasing order). Cluster API will\nwait until all Pods of a group are terminated / removed from the Node before starting\nwith the next group.\n\"Skip\" means that the Pods to which this MachineDrainRule applies will be skipped during drain.\n\"WaitCompleted\" means that the pods to which this MachineDrainRule applies will never be evicted\nand we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.", - "enum": [ - "Drain", - "Skip", - "WaitCompleted" - ], - "type": "string" - }, - "order": { - "description": "order defines the order in which Pods are drained.\nPods with higher order are drained after Pods with lower order.\norder can only be set if behavior is set to \"Drain\".\nIf order is not set, 0 will be used.\nValid values for order are from -2147483648 to 2147483647 (inclusive).", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "behavior" - ], - "type": "object" - }, - "machines": { - "description": "machines defines to which Machines this MachineDrainRule should be applied.\n\nIf machines is not set, the MachineDrainRule applies to all Machines in the Namespace.\nIf machines contains multiple selectors, the results are ORed.\nWithin a single Machine selector the results of selector and clusterSelector are ANDed.\nMachines will be selected from all Clusters in the Namespace unless otherwise\nrestricted with the clusterSelector.\n\nExample: Selects control plane Machines in all Clusters or\n Machines with label \"os\" == \"linux\" in Clusters with label\n \"stage\" == \"production\".\n\n - selector:\n matchExpressions:\n - key: cluster.x-k8s.io/control-plane\n operator: Exists\n - selector:\n matchLabels:\n os: linux\n clusterSelector:\n matchExpressions:\n - key: stage\n operator: In\n values:\n - production", - "items": { - "description": "MachineDrainRuleMachineSelector defines to which Machines this MachineDrainRule should be applied.", - "minProperties": 1, - "properties": { - "clusterSelector": { - "description": "clusterSelector is a label selector which selects Machines by the labels of\ntheir Clusters.\nThis field follows standard label selector semantics; if not present or\nempty, it selects Machines of all Clusters.\n\nIf selector is also set, then the selector as a whole selects\nMachines matching selector belonging to Clusters selected by clusterSelector.\nIf selector is not set, it selects all Machines belonging to Clusters\nselected by clusterSelector.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "rootOfTrust": { + "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval.\nThis allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "properties": { + "fulcioCAWithRekor": { + "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key.\nfulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise\nFor more information about Fulcio and Rekor, please refer to the document at:\nhttps://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "properties": { + "fulcioCAData": { + "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA.\nfulcioCAData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the fulcioCAData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'.", + "rule": "string(self).startsWith('-----BEGIN CERTIFICATE-----')" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + { + "message": "the fulcioCAData must end with base64 encoding of '-----END CERTIFICATE-----'.", + "rule": "string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')" + } + ] + }, + "fulcioSubject": { + "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "properties": { + "oidcIssuer": { + "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length.\nIt will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL.\nWhen Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token.\nExample: \"https://expected.OIDC.issuer/\"", + "maxLength": 2048, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "oidcIssuer must be a valid URL", + "rule": "isURL(self)" + } + ] }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "signedEmail": { + "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for.\nThe signedEmail must be a valid email address and at most 320 characters in length.\nExample: \"expected-signing-user@example.com\"", + "maxLength": 320, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid email address", + "rule": "self.matches('^\\\\S+@\\\\S+$')" + } + ] } }, "required": [ - "key", - "operator" + "oidcIssuer", + "signedEmail" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "rekorKeyData": { + "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the rekorKeyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" + }, + { + "message": "the rekorKeyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" + } + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "fulcioCAData", + "fulcioSubject", + "rekorKeyData" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selector": { - "description": "selector is a label selector which selects Machines by their labels.\nThis field follows standard label selector semantics; if not present or\nempty, it selects all Machines.\n\nIf clusterSelector is also set, then the selector as a whole selects\nMachines matching selector belonging to Clusters selected by clusterSelector.\nIf clusterSelector is not set, it selects all Machines matching selector in\nall Clusters.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "policyType": { + "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated.\nAllowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\".\nWhen set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification.\nWhen set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification.\nWhen set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "type": "string" + }, + "publicKey": { + "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification.\npublicKey is required when policyType is PublicKey, and forbidden otherwise.", + "properties": { + "keyData": { + "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key.\nkeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "minLength": 68, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the keyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "message": "the keyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "rekorKeyData": { + "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the rekorKeyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" + }, + { + "message": "the rekorKeyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" + } + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "keyData" + ], + "type": "object" + } + }, + "required": [ + "policyType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "publicKey is required when policyType is PublicKey, and forbidden otherwise", + "rule": "has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + { + "message": "fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise", + "rule": "has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)" + } + ] }, - "type": "object" - }, - "maxItems": 32, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pods": { - "description": "pods defines to which Pods this MachineDrainRule should be applied.\n\nIf pods is not set, the MachineDrainRule applies to all Pods in all Namespaces.\nIf pods contains multiple selectors, the results are ORed.\nWithin a single Pod selector the results of selector and namespaceSelector are ANDed.\nPods will be selected from all Namespaces unless otherwise\nrestricted with the namespaceSelector.\n\nExample: Selects Pods with label \"app\" == \"logging\" in all Namespaces or\n Pods with label \"app\" == \"prometheus\" in the \"monitoring\"\n Namespace.\n\n - selector:\n matchExpressions:\n - key: app\n operator: In\n values:\n - logging\n - selector:\n matchLabels:\n app: prometheus\n namespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: monitoring", - "items": { - "description": "MachineDrainRulePodSelector defines to which Pods this MachineDrainRule should be applied.", - "minProperties": 1, - "properties": { - "namespaceSelector": { - "description": "namespaceSelector is a label selector which selects Pods by the labels of\ntheir Namespaces.\nThis field follows standard label selector semantics; if not present or\nempty, it selects Pods of all Namespaces.\n\nIf selector is also set, then the selector as a whole selects\nPods matching selector in Namespaces selected by namespaceSelector.\nIf selector is not set, it selects all Pods in Namespaces selected by\nnamespaceSelector.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "signedIdentity": { + "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope.\nThe required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "properties": { + "exactRepository": { + "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature.\nexactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", + "properties": { + "repository": { + "description": "repository is the reference of the image identity to be matched.\nrepository is required if matchPolicy is set to \"ExactRepository\".\nThe value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "repository" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selector": { - "description": "selector is a label selector which selects Pods by their labels.\nThis field follows standard label selector semantics; if not present or\nempty, it selects all Pods.\n\nIf namespaceSelector is also set, then the selector as a whole selects\nPods matching selector in Namespaces selected by namespaceSelector.\nIf namespaceSelector is not set, it selects all Pods matching selector in\nall Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "matchPolicy": { + "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope.\nAllowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\".\nWhen set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity.\nWhen set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity.\nWhen set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\".\nWhen set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified \u201csignedPrefix\u201d if the the image identity matches the specified remapPrefix.", + "enum": [ + "MatchRepoDigestOrExact", + "MatchRepository", + "ExactRepository", + "RemapIdentity" + ], + "type": "string" + }, + "remapIdentity": { + "description": "remapIdentity specifies the prefix remapping rule for verifying image identity.\nremapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", + "properties": { + "prefix": { + "description": "prefix is required if matchPolicy is set to \"RemapIdentity\".\nprefix is the prefix of the image identity to be matched.\nIf the image identity matches the specified prefix, that prefix is replaced by the specified \u201csignedPrefix\u201d (otherwise it is used as unchanged and no remapping takes place).\nThis is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor\u2019s repository structure.\nThe prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "signedPrefix": { + "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\".\nsignedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" + }, + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" + } + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "prefix", + "signedPrefix" + ], + "type": "object" + } + }, + "required": [ + "matchPolicy" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise", + "rule": "(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + { + "message": "remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise", + "rule": "(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)" + } + ] + } + }, + "required": [ + "rootOfTrust" + ], + "type": "object" + }, + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\".\nScopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest).\nMore general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository\nnamespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number).\nWildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not.\nThis support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored.\nIn addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories\nquay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation.\nIf a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied.\nFor additional details about the format, please refer to the document explaining the docker transport field,\nwhich can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "items": { + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid image scope format, scope must contain a fully qualified domain name or 'localhost'", + "rule": "size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true" + }, + { + "message": "invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching", + "rule": "self.contains('*') ? self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true" + }, + { + "message": "invalid repository namespace or image specification in the image scope", + "rule": "!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\\\w][\\\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true" + } + ] + }, + "maxItems": 256, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "policy", + "scopes" + ], + "type": "object" + }, + "status": { + "description": "status contains the observed state of the resource.", + "properties": { + "conditions": { + "description": "conditions provide details on the status of this API Resource.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" } }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "type": "object" }, - "maxItems": 32, + "maxItems": 8, "minItems": 1, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } }, - "required": [ - "drain" - ], "type": "object" } }, "required": [ - "metadata", "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachineDrainRule", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "ClusterImagePolicy", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachineDrainRuleList": { - "description": "MachineDrainRuleList is a list of MachineDrainRule", + "config.openshift.io/v1/ClusterImagePolicyList": { + "description": "ClusterImagePolicyList is a list of ClusterImagePolicy", "namespaced": true, "properties": { "apiVersion": { @@ -34492,9 +35830,9 @@ "type": "string" }, "items": { - "description": "List of machinedrainrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clusterimagepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.v1beta1.MachineDrainRule" + "$ref": "#/components/schemas/io.openshift.config.v1.ClusterImagePolicy" }, "type": "array" }, @@ -34517,15 +35855,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachineDrainRuleList", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "ClusterImagePolicyList", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachinePool": { - "description": "MachinePool is the Schema for the machinepools API.", - "namespaced": true, + "config.openshift.io/v1/ClusterOperator": { + "description": "ClusterOperator holds the status of a core or optional OpenShift component\nmanaged by the Cluster Version Operator (CVO). This object is used by\noperators to convey their state to the rest of the cluster.\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -34544,247 +35882,631 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "MachinePoolSpec defines the desired state of MachinePool.", + "description": "spec holds configuration that could apply to any operator.", + "type": "object" + }, + "status": { + "description": "status holds the information about the state of an operator. It is consistent with status information across\nthe Kubernetes ecosystem.", "properties": { - "clusterName": { - "description": "clusterName is the name of the Cluster this object belongs to.", - "minLength": 1, - "type": "string" - }, - "failureDomains": { - "description": "failureDomains is the list of failure domains this MachinePool should be attached to.", + "conditions": { + "description": "conditions describes the state of the operator's managed and monitored components.", "items": { - "type": "string" + "description": "ClusterOperatorStatusCondition represents the state of the operator's\nmanaged and monitored components.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", + "type": "string" + }, + "reason": { + "description": "reason is the CamelCase reason for the condition's current status.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "type specifies the aspect reported by this condition.", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created machine instances should\nbe ready.\nDefaults to 0 (machine instance will be considered available as soon as it\nis ready)", - "format": "int32", - "type": "integer" + "extension": { + "description": "extension contains any additional status information specific to the\noperator which owns this status object.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "providerIDList": { - "description": "providerIDList are the identification IDs of machine instances provided by the provider.\nThis field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.", + "relatedObjects": { + "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are:\n1. the detailed resource driving the operator\n2. operator namespaces\n3. operand namespaces", "items": { - "type": "string" - }, - "type": "array" - }, - "replicas": { - "description": "Number of desired machines. Defaults to 1.\nThis is a pointer to distinguish between explicit zero and not specified.", - "format": "int32", - "type": "integer" + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "group": { + "description": "group of the referent.", + "type": "string" + }, + "name": { + "description": "name of the referent.", + "type": "string" + }, + "namespace": { + "description": "namespace of the referent.", + "type": "string" + }, + "resource": { + "description": "resource of the referent.", + "type": "string" + } + }, + "required": [ + "group", + "name", + "resource" + ], + "type": "object" + }, + "type": "array" }, - "template": { - "description": "template describes the machines that will be created.", + "versions": { + "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple\noperand entries in the array. Available operators must report the version of the operator itself with the name \"operator\".\nAn operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", + "items": { + "properties": { + "name": { + "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "type": "string" + }, + "version": { + "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available\noperand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout\n1.1.0", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ClusterOperator", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ClusterOperatorList": { + "description": "ClusterOperatorList is a list of ClusterOperator", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of clusteroperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.config.v1.ClusterOperator" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ClusterOperatorList", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ClusterVersion": { + "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where\nparameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the desired state of the cluster version - the operator will work\nto ensure that the desired version is applied to the cluster.", + "properties": { + "capabilities": { + "description": "capabilities configures the installation of optional, core\ncluster components. A null value here is identical to an\nempty object; see the child properties for default semantics.", "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - } + "additionalEnabledCapabilities": { + "description": "additionalEnabledCapabilities extends the set of managed\ncapabilities beyond the baseline defined in\nbaselineCapabilitySet. The default is an empty set.", + "items": { + "description": "ClusterVersionCapability enumerates optional, core cluster components.", + "enum": [ + "openshift-samples", + "baremetal", + "marketplace", + "Console", + "Insights", + "Storage", + "CSISnapshot", + "NodeTuning", + "MachineAPI", + "Build", + "DeploymentConfig", + "ImageRegistry", + "OperatorLifecycleManager", + "CloudCredential", + "Ingress", + "CloudControllerManager", + "OperatorLifecycleManagerV1" + ], + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "spec": { - "description": "Specification of the desired behavior of the machine.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "bootstrap": { - "description": "bootstrap is a reference to a local struct which encapsulates\nfields to configure the Machine\u2019s bootstrapping mechanism.", - "properties": { - "configRef": { - "description": "configRef is a reference to a bootstrap provider-specific resource\nthat holds configuration details. The reference is optional to\nallow users/operators to specify Bootstrap.DataSecretName without\nthe need of a controller.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSecretName": { - "description": "dataSecretName is the name of the secret that stores the bootstrap data script.\nIf nil, the Machine should remain in the Pending state.", - "type": "string" - } - }, - "type": "object" - }, - "clusterName": { - "description": "clusterName is the name of the Cluster this object belongs to.", - "minLength": 1, - "type": "string" - }, - "failureDomain": { - "description": "failureDomain is the failure domain the machine will be created in.\nMust match a key in the FailureDomains map stored on the cluster object.", + "baselineCapabilitySet": { + "description": "baselineCapabilitySet selects an initial set of\noptional capabilities to enable, which can be extended via\nadditionalEnabledCapabilities. If unset, the cluster will\nchoose a default, and the default may change over time.\nThe current default is vCurrent.", + "enum": [ + "None", + "v4.11", + "v4.12", + "v4.13", + "v4.14", + "v4.15", + "v4.16", + "v4.17", + "v4.18", + "vCurrent" + ], + "type": "string" + } + }, + "type": "object" + }, + "channel": { + "description": "channel is an identifier for explicitly requesting a non-default set\nof updates to be applied to this cluster. The default channel will\ncontain stable updates that are appropriate for production clusters.", + "type": "string" + }, + "clusterID": { + "description": "clusterID uniquely identifies this cluster. This is expected to be\nan RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in\nhexadecimal values). This is a required field.", + "type": "string" + }, + "desiredUpdate": { + "description": "desiredUpdate is an optional field that indicates the desired value of\nthe cluster version. Setting this value will trigger an upgrade (if\nthe current version does not match the desired version). The set of\nrecommended update values is listed as part of available updates in\nstatus, and setting values outside that range may cause the upgrade\nto fail.\n\nSome of the fields are inter-related with restrictions and meanings described here.\n1. image is specified, version is specified, architecture is specified. API validation error.\n2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version.\n3. image is specified, version is not specified, architecture is specified. API validation error.\n4. image is specified, version is not specified, architecture is not specified. image is used.\n5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image.\n6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image.\n7. image is not specified, version is not specified, architecture is specified. API validation error.\n8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status\nabout the failing component. Setting the desired update value back to\nthe previous version will cause a rollback to be attempted. Not all\nrollbacks will succeed.", + "properties": { + "architecture": { + "description": "architecture is an optional field that indicates the desired\nvalue of the cluster architecture. In this context cluster\narchitecture means either a single architecture or a multi\narchitecture. architecture can only be set to Multi thereby\nonly allowing updates from single to multi architecture. If\narchitecture is set, image cannot be set and version must be\nset.\nValid values are 'Multi' and empty.", + "enum": [ + "Multi", + "" + ], + "type": "string" + }, + "force": { + "description": "force allows an administrator to update to an image that has failed\nverification or upgradeable checks. This option should only\nbe used when the authenticity of the provided image has been verified out\nof band because the provided image will run with full administrative access\nto the cluster. Do not use this flag with images that comes from unknown\nor potentially malicious sources.", + "type": "boolean" + }, + "image": { + "description": "image is a container image location that contains the update.\nimage should be used when the desired version does not exist in availableUpdates or history.\nWhen image is set, architecture cannot be specified.\nIf both version and image are set, the version extracted from the referenced image must match the specified version.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version.\nversion is required if architecture is specified.\nIf both version and image are set, the version extracted from the referenced image must match the specified version.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "cannot set both Architecture and Image", + "rule": "has(self.architecture) && has(self.image) ? (self.architecture == \"\" || self.image == \"\") : true" + }, + { + "message": "Version must be set if Architecture is set", + "rule": "has(self.architecture) && self.architecture != \"\" ? self.version != \"\" : true" + } + ] + }, + "overrides": { + "description": "overrides is list of overides for components that are managed by\ncluster version operator. Marking a component unmanaged will prevent\nthe operator from creating or updating the object.", + "items": { + "description": "ComponentOverride allows overriding cluster version operator's behavior\nfor a component.", + "properties": { + "group": { + "description": "group identifies the API group that the kind is in.", + "type": "string" + }, + "kind": { + "description": "kind indentifies which object to override.", + "type": "string" + }, + "name": { + "description": "name is the component's name.", + "type": "string" + }, + "namespace": { + "description": "namespace is the component's namespace. If the resource is cluster\nscoped, the namespace should be empty.", + "type": "string" + }, + "unmanaged": { + "description": "unmanaged controls if cluster version operator should stop managing the\nresources in this cluster.\nDefault: false", + "type": "boolean" + } + }, + "required": [ + "group", + "kind", + "name", + "namespace", + "unmanaged" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "kind", + "group", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "upstream": { + "description": "upstream may be used to specify the preferred update server. By default\nit will use the appropriate update server for the cluster and region.", + "type": "string" + } + }, + "required": [ + "clusterID" + ], + "type": "object" + }, + "status": { + "description": "status contains information about the available updates and any in-progress\nupdates.", + "properties": { + "availableUpdates": { + "description": "availableUpdates contains updates recommended for this\ncluster. Updates which appear in conditionalUpdates but not in\navailableUpdates may expose this cluster to known issues. This list\nmay be empty if no updates are recommended, if the update service\nis unavailable, or if an invalid channel has been specified.", + "items": { + "description": "Release represents an OpenShift release image and associated metadata.", + "properties": { + "channels": { + "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", + "items": { "type": "string" }, - "infrastructureRef": { - "description": "infrastructureRef is a required reference to a custom resource\noffered by an infrastructure provider.", + "type": "array", + "x-kubernetes-list-type": "set" + }, + "image": { + "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", + "type": "string" + }, + "url": { + "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", + "type": "string" + } + }, + "required": [ + "image", + "version" + ], + "type": "object" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "capabilities": { + "description": "capabilities describes the state of optional, core cluster components.", + "properties": { + "enabledCapabilities": { + "description": "enabledCapabilities lists all the capabilities that are currently managed.", + "items": { + "description": "ClusterVersionCapability enumerates optional, core cluster components.", + "enum": [ + "openshift-samples", + "baremetal", + "marketplace", + "Console", + "Insights", + "Storage", + "CSISnapshot", + "NodeTuning", + "MachineAPI", + "Build", + "DeploymentConfig", + "ImageRegistry", + "OperatorLifecycleManager", + "CloudCredential", + "Ingress", + "CloudControllerManager", + "OperatorLifecycleManagerV1" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "knownCapabilities": { + "description": "knownCapabilities lists all the capabilities known to the current cluster.", + "items": { + "description": "ClusterVersionCapability enumerates optional, core cluster components.", + "enum": [ + "openshift-samples", + "baremetal", + "marketplace", + "Console", + "Insights", + "Storage", + "CSISnapshot", + "NodeTuning", + "MachineAPI", + "Build", + "DeploymentConfig", + "ImageRegistry", + "OperatorLifecycleManager", + "CloudCredential", + "Ingress", + "CloudControllerManager", + "OperatorLifecycleManagerV1" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "conditionalUpdates": { + "description": "conditionalUpdates contains the list of updates that may be\nrecommended for this cluster if it meets specific required\nconditions. Consumers interested in the set of updates that are\nactually recommended for this cluster should use\navailableUpdates. This list may be empty if no updates are\nrecommended, if the update service is unavailable, or if an empty\nor invalid channel has been specified.", + "items": { + "description": "ConditionalUpdate represents an update which is recommended to some\nclusters on the version the current cluster is reconciling, but which\nmay not be recommended for the current cluster.", + "properties": { + "conditions": { + "description": "conditions represents the observations of the conditional update's\ncurrent status. Known types are:\n* Recommended, for whether the update is recommended for the current cluster.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "nodeDeletionTimeout": { - "description": "nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine\nhosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.\nDefaults to 10 seconds.", - "type": "string" - }, - "nodeDrainTimeout": { - "description": "nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.\nThe default value is 0, meaning that the node can be drained without any time limitations.\nNOTE: NodeDrainTimeout is different from `kubectl drain --timeout`", - "type": "string" - }, - "nodeVolumeDetachTimeout": { - "description": "nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes\nto be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.", - "type": "string" + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "release": { + "description": "release is the target of the update.", + "properties": { + "channels": { + "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "image": { + "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", + "type": "string" + }, + "url": { + "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", + "type": "string" + } }, - "readinessGates": { - "description": "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).", - "items": { - "description": "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate.", - "properties": { - "conditionType": { - "description": "conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.\nIf the conditions doesn't exist, it will be treated as unknown.\nNote: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.", - "maxLength": 316, - "minLength": 1, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } + "required": [ + "image", + "version" + ], + "type": "object" + }, + "risks": { + "description": "risks represents the range of issues associated with\nupdating to the target release. The cluster-version\noperator will evaluate all entries, and only recommend the\nupdate if there is at least one entry and all entries\nrecommend the update.", + "items": { + "description": "ConditionalUpdateRisk represents a reason and cluster-state\nfor not recommending a conditional update.", + "properties": { + "matchingRules": { + "description": "matchingRules is a slice of conditions for deciding which\nclusters match the risk and which do not. The slice is\nordered by decreasing precedence. The cluster-version\noperator will walk the slice in order, and stop after the\nfirst it can successfully evaluate. If no condition can be\nsuccessfully evaluated, the update will not be recommended.", + "items": { + "description": "ClusterCondition is a union of typed cluster conditions. The 'type'\nproperty determines which of the type-specific properties are relevant.\nWhen evaluated on a cluster, the condition may match, not match, or\nfail to evaluate.", + "properties": { + "promql": { + "description": "promql represents a cluster condition based on PromQL.", + "properties": { + "promql": { + "description": "promql is a PromQL query classifying clusters. This query\nquery should return a 1 in the match case and a 0 in the\ndoes-not-match case. Queries which return no time\nseries, or which return values besides 0 or 1, are\nevaluation failures.", + "type": "string" + } + }, + "required": [ + "promql" + ], + "type": "object" + }, + "type": { + "description": "type represents the cluster-condition type. This defines\nthe members and semantics of any additional properties.", + "enum": [ + "Always", + "PromQL" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "conditionType" - ], - "type": "object" + "message": { + "description": "message provides additional information about the risk of\nupdating, in the event that matchingRules match the cluster\nstate. This is only to be consumed by humans. It may\ncontain Line Feed characters (U+000A), which should be\nrendered as new lines.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "name is the CamelCase reason for not recommending a\nconditional update, in the event that matchingRules match the\ncluster state.", + "minLength": 1, + "type": "string" + }, + "url": { + "description": "url contains information about this risk.", + "format": "uri", + "minLength": 1, + "type": "string" + } }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "conditionType" + "required": [ + "matchingRules", + "message", + "name", + "url" ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "version": { - "description": "version defines the desired Kubernetes version.\nThis field is meant to be optionally used by bootstrap providers.", - "type": "string" - } - }, - "required": [ - "bootstrap", - "clusterName", - "infrastructureRef" - ], - "type": "object" - } + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "release", + "risks" + ], + "type": "object" }, - "type": "object" - } - }, - "required": [ - "clusterName", - "template" - ], - "type": "object" - }, - "status": { - "description": "MachinePoolStatus defines the observed state of MachinePool.", - "properties": { - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this MachinePool.", - "format": "int32", - "type": "integer" - }, - "bootstrapReady": { - "description": "bootstrapReady is the state of the bootstrap provider.", - "type": "boolean" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "conditions": { - "description": "conditions define the current service state of the MachinePool.", + "description": "conditions provides information about the cluster version. The condition\n\"Available\" is set to true if the desiredUpdate has been reached. The\ncondition \"Progressing\" is set to true if an update is being applied.\nThe condition \"Degraded\" is set to true if an update is currently blocked\nby a temporary or permanent error. Conditions are only valid for the\ncurrent desiredUpdate when metadata.generation is equal to\nstatus.generation.", "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", + "description": "ClusterOperatorStatusCondition represents the state of the operator's\nmanaged and monitored components.", "properties": { "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "description": "lastTransitionTime is the time of the last update to the current status property.", "format": "date-time", "type": "string" }, "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", "type": "string" }, "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "description": "reason is the CamelCase reason for the condition's current status.", "type": "string" }, "status": { @@ -34792,7 +36514,7 @@ "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "description": "type specifies the aspect reported by this condition.", "type": "string" } }, @@ -34803,180 +36525,124 @@ ], "type": "object" }, - "type": "array" - }, - "failureMessage": { - "description": "failureMessage indicates that there is a problem reconciling the state,\nand will be set to a descriptive error message.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", - "type": "string" - }, - "failureReason": { - "description": "failureReason indicates that there is a problem reconciling the state, and\nwill be set to a token value suitable for programmatic interpretation.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "infrastructureReady": { - "description": "infrastructureReady is the state of the infrastructure provider.", - "type": "boolean" + "desired": { + "description": "desired is the version that the cluster is reconciling towards.\nIf the cluster is not yet fully initialized desired will be set\nwith the information available, which may be an image or a tag.", + "properties": { + "channels": { + "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "image": { + "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", + "type": "string" + }, + "url": { + "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", + "type": "string" + } + }, + "required": [ + "image", + "version" + ], + "type": "object" }, - "nodeRefs": { - "description": "nodeRefs will point to the corresponding Nodes if it they exist.", + "history": { + "description": "history contains a list of the most recent versions applied to the cluster.\nThis value may be empty during cluster startup, and then will be updated\nwhen a new update is being applied. The newest update is first in the\nlist and it is ordered by recency. Updates in the history have state\nCompleted if the rollout completed - if an update was failing or halfway\napplied the state will be Partial. Only a limited amount of update history\nis preserved.", "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "description": "UpdateHistory is a single attempted update to the cluster.", "properties": { - "apiVersion": { - "description": "API version of the referent.", + "acceptedRisks": { + "description": "acceptedRisks records risks which were accepted to initiate the update.\nFor example, it may menition an Upgradeable=False or missing signature\nthat was overridden via desiredUpdate.force, or an update that was\ninitiated despite not being in the availableUpdates set of recommended\nupdate targets.", "type": "string" }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "completionTime": { + "description": "completionTime, if set, is when the update was fully applied. The update\nthat is currently being applied will have a null completion time.\nCompletion time will always be set for entries that are not the current\nupdate (usually to the started time of the next update).", + "format": "date-time", + "nullable": true, "type": "string" }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "image": { + "description": "image is a container image location that contains the update. This value\nis always populated.", "type": "string" }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "startedTime": { + "description": "startedTime is the time at which the update was started.", + "format": "date-time", "type": "string" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "state": { + "description": "state reflects whether the update was fully applied. The Partial state\nindicates the update is not fully applied, while the Completed state\nindicates the update was successfully rolled out at least once (all\nparts of the update successfully applied).", "type": "string" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "verified": { + "description": "verified indicates whether the provided update was properly verified\nbefore it was installed. If this is false the cluster may not be trusted.\nVerified does not cover upgradeable checks that depend on the cluster\nstate at the time when the update target was accepted.", + "type": "boolean" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "version": { + "description": "version is a semantic version identifying the update version. If the\nrequested image does not define a version, or if a failure occurs\nretrieving the image, this value may be empty.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "completionTime", + "image", + "startedTime", + "state", + "verified" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "observedGeneration": { - "description": "observedGeneration is the latest generation observed by the controller.", + "description": "observedGeneration reports which version of the spec is being synced.\nIf this value is not equal to metadata.generation, then the desired\nand conditions fields may represent a previous version.", "format": "int64", "type": "integer" }, - "phase": { - "description": "phase represents the current phase of cluster actuation.\nE.g. Pending, Running, Terminating, Failed etc.", + "versionHash": { + "description": "versionHash is a fingerprint of the content that the cluster will be\nupdated with. It is used by the operator to avoid unnecessary work\nand is for internal use only.", "type": "string" - }, - "readyReplicas": { - "description": "The number of ready replicas for this MachinePool. A machine is considered ready when the node has been created and is \"Ready\".", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "replicas is the most recently observed number of replicas.", - "format": "int32", - "type": "integer" - }, - "unavailableReplicas": { - "description": "Total number of unavailable machine instances targeted by this machine pool.\nThis is the total number of machine instances that are still required for\nthe machine pool to have 100% available capacity. They may either\nbe machine instances that are running but not yet available or machine instances\nthat still have not been created.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.", - "format": "int32", - "type": "integer" - }, - "v1beta2": { - "description": "v1beta2 groups all the fields that will be added or modified in MachinePool's status with the V1Beta2 version.", - "properties": { - "availableReplicas": { - "description": "availableReplicas is the number of available replicas for this MachinePool. A machine is considered available when Machine's Available condition is true.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "conditions represents the observations of a MachinePool's current state.\nKnown condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate,\nScalingUp, ScalingDown, Remediating, Deleting, Paused.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "readyReplicas": { - "description": "readyReplicas is the number of ready replicas for this MachinePool. A machine is considered ready when Machine's Ready condition is true.", - "format": "int32", - "type": "integer" - }, - "upToDateReplicas": { - "description": "upToDateReplicas is the number of up-to-date replicas targeted by this MachinePool. A machine is considered up-to-date when Machine's UpToDate condition is true.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" } }, + "required": [ + "availableUpdates", + "desired", + "observedGeneration", + "versionHash" + ], "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachinePool", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "ClusterVersion", + "version": "v1" } ] }, - "cluster.x-k8s.io/v1beta1/MachinePoolList": { - "description": "MachinePoolList is a list of MachinePool", + "config.openshift.io/v1/ClusterVersionList": { + "description": "ClusterVersionList is a list of ClusterVersion", "namespaced": true, "properties": { "apiVersion": { @@ -34984,9 +36650,9 @@ "type": "string" }, "items": { - "description": "List of machinepools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clusterversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.v1beta1.MachinePool" + "$ref": "#/components/schemas/io.openshift.config.v1.ClusterVersion" }, "type": "array" }, @@ -35009,145 +36675,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cluster.x-k8s.io", - "kind": "MachinePoolList", - "version": "v1beta1" + "group": "config.openshift.io", + "kind": "ClusterVersionList", + "version": "v1" } ] }, - "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildConfigStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildStatusOutput": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildStatusOutputTo": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageImportStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageStreamImportStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageStreamStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.image.v1.RepositoryImportStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.project.v1.ProjectStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteSpec": { - "properties": { - "alternateBackends": { - "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", - "items": { - "type": "object" - }, - "type": "array" - }, - "host": { - "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", - "type": "string" - }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.", - "type": "object" - }, - "path": { - "description": "path that the router watches for, to route traffic for to the service. Optional.", - "type": "string" - }, - "port": { - "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", - "type": "object" - }, - "subdomain": { - "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission. Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", - "type": "string" - }, - "tls": { - "description": "The tls field provides the ability to configure certificates and termination for the route.", - "type": "object" - }, - "to": { - "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", - "type": "object" - }, - "wildcardPolicy": { - "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", - "type": "string" - } - }, - "required": [ - "to" - ], - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.openshift.api.template.v1.TemplateInstanceStatus": { - "additionalProperties": true, - "type": "object" - }, - "com.github.operator-framework.api.pkg.operators.v1alpha1.StatusDescriptor": { - "additionalProperties": true, - "type": "object" - }, - "com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestStatus": { - "additionalProperties": true, - "type": "object" - }, - "config.openshift.io/v1/APIServer": { - "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains)\nshared by all API servers in the system, among them especially kube-apiserver\nand openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/Console": { + "description": "Console holds cluster-wide configuration for the web console, including the\nlogout URL, and reports the public URL of the console. The canonical name is\n`cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -35169,187 +36704,12 @@ "spec": { "description": "spec holds user settable values for configuration", "properties": { - "additionalCORSAllowedOrigins": { - "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the\nAPI server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth\nserver from JavaScript applications.\nThe values are regular expressions that correspond to the Golang regular expression language.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "audit": { - "default": { - "profile": "Default" - }, - "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided\nAPI servers in the cluster.", + "authentication": { + "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", "properties": { - "customRules": { - "description": "customRules specify profiles per group. These profile take precedence over the\ntop-level profile field if they apply. They are evaluation from top to bottom and\nthe first one that matches, applies.", - "items": { - "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over\nthe top-level profile.", - "properties": { - "group": { - "description": "group is a name of group a request user must be member of in order to this profile to apply.", - "minLength": 1, - "type": "string" - }, - "profile": { - "description": "profile specifies the name of the desired audit policy configuration to be deployed to\nall OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided:\n- Default: the existing default policy.\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for\nwrite requests (create, update, patch).\n- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response\nHTTP payloads for read requests (get, list).\n- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", - "enum": [ - "Default", - "WriteRequestBodies", - "AllRequestBodies", - "None" - ], - "type": "string" - } - }, - "required": [ - "group", - "profile" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group" - ], - "x-kubernetes-list-type": "map" - }, - "profile": { - "default": "Default", - "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests\nsent to any of the OpenShift-provided API servers in the cluster (kube-apiserver,\nopenshift-apiserver and oauth-apiserver), with the exception of those requests that match\none or more of the customRules.\n\nThe following profiles are provided:\n- Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for\nwrite requests (create, update, patch).\n- AllRequestBodies: like 'WriteRequestBodies', but also logs request and response\nHTTP payloads for read requests (get, list).\n- None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you\nare fully aware of the risks of not logging data that can be beneficial when troubleshooting issues.\nIf you disable audit logging and a support situation arises, you might need to enable audit logging\nand reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", - "enum": [ - "Default", - "WriteRequestBodies", - "AllRequestBodies", - "None" - ], - "type": "string" - } - }, - "type": "object" - }, - "clientCA": { - "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for\nincoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.\nYou usually only have to set this if you have your own PKI you wish to honor client certificates from.\nThe ConfigMap must exist in the openshift-config namespace and contain the following required fields:\n- ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "encryption": { - "description": "encryption allows the configuration of encryption of resources at the datastore layer.", - "properties": { - "type": { - "description": "type defines what encryption type should be used to encrypt resources at the datastore layer.\nWhen this field is unset (i.e. when it is set to the empty string), identity is implied.\nThe behavior of unset can and will change over time. Even if encryption is enabled by default,\nthe meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted.\nThis list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", - "enum": [ - "", - "identity", - "aescbc", - "aesgcm" - ], - "type": "string" - } - }, - "type": "object" - }, - "servingCerts": { - "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates\nwill be used for serving secure traffic.", - "properties": { - "namedCertificates": { - "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.\nIf no named certificates are provided, or no named certificates match the server name as understood by a client,\nthe defaultServingCertificate will be used.", - "items": { - "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", - "properties": { - "names": { - "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to\nserve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.\nExact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", - "items": { - "type": "string" - }, - "maxItems": 64, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "servingCertificate": { - "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.\nThe secret must exist in the openshift-config namespace and contain the following required fields:\n- Secret.Data[\"tls.key\"] - TLS private key.\n- Secret.Data[\"tls.crt\"] - TLS certificate.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old,\nIntermediate and Custom profiles are currently supported, and the maximum available\nminTLSVersion is VersionTLS12.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], + "logoutRedirect": { + "description": "An optional, absolute URL to redirect web browsers to after logging out of\nthe console. If not specified, it will redirect to the default login page.\nThis is required when using an identity provider that supports single\nsign-on (SSO) such as:\n- OpenID (Keycloak, Azure)\n- RequestHeader (GSSAPI, SSPI, SAML)\n- OAuth (GitHub, GitLab, Google)\nLogging out of the console will destroy the user's token. The logoutRedirect\nprovides the user the option to perform single logout (SLO) through the identity\nprovider to destroy their single sign-on session.", + "pattern": "^$|^((https):\\/\\/?)[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|\\/?))$", "type": "string" } }, @@ -35360,6 +36720,12 @@ }, "status": { "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "consoleURL": { + "description": "The URL for the console. This will be derived from the host for the route that\nis created for the console.", + "type": "string" + } + }, "type": "object" } }, @@ -35370,13 +36736,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "APIServer", + "kind": "Console", "version": "v1" } ] }, - "config.openshift.io/v1/APIServerList": { - "description": "APIServerList is a list of APIServer", + "config.openshift.io/v1/ConsoleList": { + "description": "ConsoleList is a list of Console", "namespaced": true, "properties": { "apiVersion": { @@ -35384,9 +36750,9 @@ "type": "string" }, "items": { - "description": "List of apiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.APIServer" + "$ref": "#/components/schemas/io.openshift.config.v1.Console" }, "type": "array" }, @@ -35410,13 +36776,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "APIServerList", + "kind": "ConsoleList", "version": "v1" } ] }, - "config.openshift.io/v1/Authentication": { - "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and\nwebhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/DNS": { + "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -35438,99 +36804,105 @@ "spec": { "description": "spec holds user settable values for configuration", "properties": { - "oauthMetadata": { - "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0\nAuthorization Server Metadata for an external OAuth server.\nThis discovery document can be viewed from its served location:\noc get --raw '/.well-known/oauth-authorization-server'\nFor further details, see the IETF Draft:\nhttps://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2\nIf oauthMetadata.name is non-empty, this value has precedence\nover any metadata reference stored in status.\nThe key \"oauthMetadata\" is used to locate the data.\nIf specified and the config map or expected key is not found, no metadata is served.\nIf the specified metadata is not valid, no metadata is served.\nThe namespace for this config map is openshift-config.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "serviceAccountIssuer": { - "description": "serviceAccountIssuer is the identifier of the bound service account token\nissuer.\nThe default is https://kubernetes.default.svc\nWARNING: Updating this field will not result in immediate invalidation of all bound tokens with the\nprevious issuer value. Instead, the tokens issued by previous service account issuer will continue to\nbe trusted for a time period chosen by the platform (currently set to 24h).\nThis time period is subject to change over time.\nThis allows internal components to transition to use new service account issuer without service distruption.", - "type": "string" - }, - "type": { - "description": "type identifies the cluster managed, user facing authentication mode in use.\nSpecifically, it manages the component that responds to login attempts.\nThe default is IntegratedOAuth.", - "enum": [ - "", - "None", - "IntegratedOAuth" - ], + "baseDomain": { + "description": "baseDomain is the base domain of the cluster. All managed DNS records will\nbe sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server\nDNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", "type": "string" }, - "webhookTokenAuthenticator": { - "description": "webhookTokenAuthenticator configures a remote token reviewer.\nThese remote authentication webhooks can be used to verify bearer tokens\nvia the tokenreviews.authentication.k8s.io REST API. This is required to\nhonor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", + "platform": { + "description": "platform holds configuration specific to the underlying\ninfrastructure provider for DNS.\nWhen omitted, this means the user has no opinion and the platform is left\nto choose reasonable defaults. These defaults are subject to change over time.", "properties": { - "kubeConfig": { - "description": "kubeConfig references a secret that contains kube config file data which\ndescribes how to access the remote webhook service.\nThe namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data.\nIf the secret or expected key is not found, the webhook is not honored.\nIf the specified kube config data is not valid, the webhook is not honored.", + "aws": { + "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", + "privateZoneIAMRole": { + "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing\noperations on the cluster's private hosted zone specified in the cluster DNS config.\nWhen left empty, no role should be assumed.", + "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster.\nAllowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms,\nand must handle unrecognized platforms with best-effort defaults.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "allowed values are '' and 'AWS'", + "rule": "self in ['','AWS']" + } + ] } }, "required": [ - "kubeConfig" + "type" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "aws configuration is required when platform is AWS, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)" + } + ] }, - "webhookTokenAuthenticators": { - "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", - "items": { - "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator.\nIt's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", - "properties": { - "kubeConfig": { - "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service.\nFor further details, see:\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\nThe key \"kubeConfig\" is used to locate the data.\nIf the secret or expected key is not found, the webhook is not honored.\nIf the specified kube config data is not valid, the webhook is not honored.\nThe namespace for this secret is determined by the point of use.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } + "privateZone": { + "description": "privateZone is the location where all the DNS records that are only available internally\nto the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "properties": { + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "type": "string" }, - "type": "object" + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "integratedOAuthMetadata": { - "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0\nAuthorization Server Metadata for the in-cluster integrated OAuth server.\nThis discovery document can be viewed from its served location:\noc get --raw '/.well-known/oauth-authorization-server'\nFor further details, see the IETF Draft:\nhttps://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2\nThis contains the observed value based on cluster state.\nAn explicitly set value in spec.oauthMetadata has precedence over this field.\nThis field has no meaning if authentication spec.type is not set to IntegratedOAuth.\nThe key \"oauthMetadata\" is used to locate the data.\nIf the config map or expected key is not found, no metadata is served.\nIf the specified metadata is not valid, no metadata is served.\nThe namespace for this config map is openshift-config-managed.", + "type": "object" + }, + "publicZone": { + "description": "publicZone is the location where all the DNS records that are publicly accessible to\nthe internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object" } }, - "required": [ - "name" - ], "type": "object" } }, "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "type": "object" } }, "required": [ @@ -35540,13 +36912,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "Authentication", + "kind": "DNS", "version": "v1" } ] }, - "config.openshift.io/v1/AuthenticationList": { - "description": "AuthenticationList is a list of Authentication", + "config.openshift.io/v1/DNSList": { + "description": "DNSList is a list of DNS", "namespaced": true, "properties": { "apiVersion": { @@ -35554,9 +36926,9 @@ "type": "string" }, "items": { - "description": "List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.Authentication" + "$ref": "#/components/schemas/io.openshift.config.v1.DNS" }, "type": "array" }, @@ -35580,13 +36952,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "AuthenticationList", + "kind": "DNSList", "version": "v1" } ] }, - "config.openshift.io/v1/Build": { - "description": "Build configures the behavior of OpenShift builds for the entire cluster.\nThis includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/FeatureGate": { + "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -35606,51 +36978,139 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec holds user-settable values for the build controller configuration", + "description": "spec holds user settable values for configuration", "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that\nshould be trusted for image pushes and pulls during builds.\nThe namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on\nimage.config.openshift.io/cluster instead.", + "customNoUpgrade": { + "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.\nBecause of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations\nyour cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", + "nullable": true, "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" + "disabled": { + "description": "disabled is a list of all feature gates that you want to force off", + "items": { + "description": "FeatureGateName is a string to enforce patterns on the name of a FeatureGate", + "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", + "type": "string" + }, + "type": "array" + }, + "enabled": { + "description": "enabled is a list of all feature gates that you want to force on", + "items": { + "description": "FeatureGateName is a string to enforce patterns on the name of a FeatureGate", + "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", + "type": "string" + }, + "type": "array" } }, - "required": [ - "name" - ], "type": "object" }, - "buildDefaults": { - "description": "buildDefaults controls the default information for Builds", - "properties": { - "defaultProxy": { - "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push\nand source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables\nin the build config's strategy.", - "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.\nEmpty means unset and will not result in an env var.", - "type": "string" - }, - "readinessEndpoints": { - "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "items": { - "type": "string" - }, - "type": "array" - }, - "trustedCA": { - "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle.\nThe trustedCA field should only be consumed by a proxy validator. The\nvalidator is responsible for reading the certificate bundle from the required\nkey \"ca-bundle.crt\", merging it with the system default trust bundle,\nand writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\"\nin the \"openshift-config-managed\" namespace. Clients that expect to make\nproxy connections must use the trusted-ca-bundle for all HTTPS requests to\nthe proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as\nwell.\n\nThe namespace for the ConfigMap referenced by trustedCA is\n\"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", + "featureSet": { + "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting.\nTurning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "enum": [ + "CustomNoUpgrade", + "DevPreviewNoUpgrade", + "TechPreviewNoUpgrade", + "" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "CustomNoUpgrade may not be changed", + "rule": "oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true" + }, + { + "message": "TechPreviewNoUpgrade may not be changed", + "rule": "oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true" + }, + { + "message": "DevPreviewNoUpgrade may not be changed", + "rule": "oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": ".spec.featureSet cannot be removed", + "rule": "has(oldSelf.featureSet) ? has(self.featureSet) : true" + } + ] + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "conditions": { + "description": "conditions represent the observations of the current state.\nKnown .status.conditions.type are: \"DeterminationDegraded\"", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "featureGates": { + "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion.\nOperators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate\nthe version they are managing, find the enabled/disabled featuregates and make the operand and operator match.\nThe enabled/disabled values for a particular version may change during the life of the cluster as various\n.spec.featureSet values are selected.\nOperators may choose to restart their processes to pick up these changes, but remembering past enable/disable\nlists is beyond the scope of this API and is the responsibility of individual operators.\nOnly featureGates with .version in the ClusterVersion.status will be present in this list.", + "items": { + "properties": { + "disabled": { + "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", + "items": { "properties": { "name": { - "description": "name is the metadata.name of the referenced config map", + "description": "name is the name of the FeatureGate.", + "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", "type": "string" } }, @@ -35658,159 +37118,16 @@ "name" ], "type": "object" - } - }, - "type": "object" - }, - "env": { - "description": "env is a set of default environment variables that will be applied to the\nbuild if the specified variables do not exist on the build", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } }, - "required": [ - "name" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "gitProxy": { - "description": "gitProxy contains the proxy settings for git operations only. If set, this will override\nany Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", - "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.\nEmpty means unset and will not result in an env var.", - "type": "string" - }, - "readinessEndpoints": { - "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "items": { - "type": "string" - }, - "type": "array" - }, - "trustedCA": { - "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle.\nThe trustedCA field should only be consumed by a proxy validator. The\nvalidator is responsible for reading the certificate bundle from the required\nkey \"ca-bundle.crt\", merging it with the system default trust bundle,\nand writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\"\nin the \"openshift-config-managed\" namespace. Clients that expect to make\nproxy connections must use the trusted-ca-bundle for all HTTPS requests to\nthe proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as\nwell.\n\nThe namespace for the ConfigMap referenced by trustedCA is\n\"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", + "enabled": { + "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", + "items": { "properties": { "name": { - "description": "name is the metadata.name of the referenced config map", + "description": "name is the name of the FeatureGate.", + "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", "type": "string" } }, @@ -35818,157 +37135,24 @@ "name" ], "type": "object" - } - }, - "type": "object" - }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image.\nUser can override a default label by providing a label with the same name in their\nBuild/BuildConfig.", - "items": { - "properties": { - "name": { - "description": "name defines the name of the label. It must have non-zero length.", - "type": "string" - }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "resources": { - "description": "resources defines resource requirements to execute the build.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "buildOverrides": { - "description": "buildOverrides controls override settings for builds", - "properties": { - "forcePull": { - "description": "forcePull overrides, if set, the equivalent value in the builds,\ni.e. false disables force pull for all builds,\ntrue enables force pull for all builds,\nindependently of what each build specifies itself", - "type": "boolean" - }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image.\nIf user provided a label in their Build/BuildConfig with the same name as one in this\nlist, the user's label will be overwritten.", - "items": { - "properties": { - "name": { - "description": "name defines the name of the label. It must have non-zero length.", - "type": "string" - }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" - } }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { + "version": { + "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", "type": "string" - }, - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object" + } }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing\ntolerations set on a build pod.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } + "required": [ + "version" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "version" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" @@ -35981,13 +37165,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "Build", + "kind": "FeatureGate", "version": "v1" } ] }, - "config.openshift.io/v1/BuildList": { - "description": "BuildList is a list of Build", + "config.openshift.io/v1/FeatureGateList": { + "description": "FeatureGateList is a list of FeatureGate", "namespaced": true, "properties": { "apiVersion": { @@ -35995,9 +37179,9 @@ "type": "string" }, "items": { - "description": "List of builds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of featuregates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.Build" + "$ref": "#/components/schemas/io.openshift.config.v1.FeatureGate" }, "type": "array" }, @@ -36021,13 +37205,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "BuildList", + "kind": "FeatureGateList", "version": "v1" } ] }, - "config.openshift.io/v1/ClusterOperator": { - "description": "ClusterOperator is the Custom Resource object which holds the current state\nof an operator. This object is used by operators to convey their state to\nthe rest of the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/Image": { + "description": "Image governs policies related to imagestream imports and runtime configuration\nfor external registries. It allows cluster admins to configure which registries\nOpenShift is allowed to import images from, extra CA trust bundles for external\nregistries, and policies to block or allow registry hostnames.\nWhen exposing OpenShift's image registry to the public, this also lets cluster\nadmins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -36047,109 +37231,111 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec holds configuration that could apply to any operator.", - "type": "object" - }, - "status": { - "description": "status holds the information about the state of an operator. It is consistent with status information across\nthe Kubernetes ecosystem.", + "description": "spec holds user settable values for configuration", "properties": { - "conditions": { - "description": "conditions describes the state of the operator's managed and monitored components.", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that\nshould be trusted during imagestream import, pod image pull, build image pull, and\nimageregistry pullthrough.\nThe namespace for this config map is openshift-config.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import\nimages from. Set this list to the registries that you trust to contain valid Docker\nimages and that you want applications to be able to import from. Users with\npermission to create Images or ImageStreamMappings via the API are not affected by\nthis policy - typically only administrators or system integrations will have those\npermissions.", "items": { - "description": "ClusterOperatorStatusCondition represents the state of the operator's\nmanaged and monitored components.", + "description": "RegistryLocation contains a location of the registry specified by the registry domain\nname. The domain name might include wildcards, like '*' or '??'.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", - "type": "string" - }, - "reason": { - "description": "reason is the CamelCase reason for the condition's current status.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "domainName": { + "description": "domainName specifies a domain name for the registry\nIn case the registry use non-standard (80 or 443) port, the port should be included\nin the domain name as well.", "type": "string" }, - "type": { - "description": "type specifies the aspect reported by this condition.", - "type": "string" + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http)\nBy default (if not specified) the registry is assumed as secure.", + "type": "boolean" } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "extension": { - "description": "extension contains any additional status information specific to the\noperator which owns this status object.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-list-type": "atomic" }, - "relatedObjects": { - "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are:\n1. the detailed resource driving the operator\n2. operator namespaces\n3. operand namespaces", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image\nregistry. The external hostname should be set only when the image registry\nis exposed externally. The first value is used in 'publicDockerImageRepository'\nfield in ImageStreams. The value must be in \"hostname[:port]\" format.", "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "group": { - "description": "group of the referent.", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "registrySources": { + "description": "registrySources contains configuration that determines how the container runtime\nshould treat individual registries when accessing images for builds+pods. (e.g.\nwhether or not to allow insecure access). It does not contain configuration for the\ninternal cluster registry.", + "properties": { + "allowedRegistries": { + "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "items": { "type": "string" }, - "name": { - "description": "name of the referent.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "blockedRegistries": { + "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "items": { "type": "string" }, - "namespace": { - "description": "namespace of the referent.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "containerRuntimeSearchRegistries": { + "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified\ndomains in their pull specs. Registries will be searched in the order provided in the list.\nNote: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", + "format": "hostname", + "items": { "type": "string" }, - "resource": { - "description": "resource of the referent.", - "type": "string" - } + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" }, - "required": [ - "group", - "name", - "resource" - ], - "type": "object" - }, - "type": "array" - }, - "versions": { - "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple\noperand entries in the array. Available operators must report the version of the operator itself with the name \"operator\".\nAn operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", - "items": { - "properties": { - "name": { - "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "insecureRegistries": { + "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "items": { "type": "string" }, - "version": { - "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available\noperand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout\n1.1.0", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "array" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of blockedRegistries or allowedRegistries may be set", + "rule": "has(self.blockedRegistries) ? !has(self.allowedRegistries) : true" + } + ] + } + }, + "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image\nregistry. The external hostname should be set only when the image registry\nis exposed externally. The first value is used in 'publicDockerImageRepository'\nfield in ImageStreams. The value must be in \"hostname[:port]\" format.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image\nregistry. The value must be in \"hostname[:port]\" format.\nThis value is set by the image registry operator which controls the internal registry\nhostname.", + "type": "string" } }, "type": "object" @@ -36162,26 +37348,19 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "ClusterOperator", + "kind": "Image", "version": "v1" } ] }, - "config.openshift.io/v1/ClusterOperatorList": { - "description": "ClusterOperatorList is a list of ClusterOperator", - "namespaced": true, + "config.openshift.io/v1/ImageContentPolicy": { + "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of clusteroperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.ClusterOperator" - }, - "type": "array" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -36189,608 +37368,625 @@ "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ClusterOperatorList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ClusterVersion": { - "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where\nparameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec is the desired state of the cluster version - the operator will work\nto ensure that the desired version is applied to the cluster.", + "description": "spec holds user settable values for configuration", "properties": { - "capabilities": { - "description": "capabilities configures the installation of optional, core\ncluster components. A null value here is identical to an\nempty object; see the child properties for default semantics.", - "properties": { - "additionalEnabledCapabilities": { - "description": "additionalEnabledCapabilities extends the set of managed\ncapabilities beyond the baseline defined in\nbaselineCapabilitySet. The default is an empty set.", - "items": { - "description": "ClusterVersionCapability enumerates optional, core cluster components.", - "enum": [ - "openshift-samples", - "baremetal", - "marketplace", - "Console", - "Insights", - "Storage", - "CSISnapshot", - "NodeTuning", - "MachineAPI", - "Build", - "DeploymentConfig", - "ImageRegistry", - "OperatorLifecycleManager", - "CloudCredential", - "Ingress", - "CloudControllerManager", - "OperatorLifecycleManagerV1" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "baselineCapabilitySet": { - "description": "baselineCapabilitySet selects an initial set of\noptional capabilities to enable, which can be extended via\nadditionalEnabledCapabilities. If unset, the cluster will\nchoose a default, and the default may change over time.\nThe current default is vCurrent.", - "enum": [ - "None", - "v4.11", - "v4.12", - "v4.13", - "v4.14", - "v4.15", - "v4.16", - "v4.17", - "v4.18", - "vCurrent" - ], - "type": "string" - } - }, - "type": "object" - }, - "channel": { - "description": "channel is an identifier for explicitly requesting that a non-default\nset of updates be applied to this cluster. The default channel will be\ncontain stable updates that are appropriate for production clusters.", - "type": "string" - }, - "clusterID": { - "description": "clusterID uniquely identifies this cluster. This is expected to be\nan RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in\nhexadecimal values). This is a required field.", - "type": "string" - }, - "desiredUpdate": { - "description": "desiredUpdate is an optional field that indicates the desired value of\nthe cluster version. Setting this value will trigger an upgrade (if\nthe current version does not match the desired version). The set of\nrecommended update values is listed as part of available updates in\nstatus, and setting values outside that range may cause the upgrade\nto fail.\n\nSome of the fields are inter-related with restrictions and meanings described here.\n1. image is specified, version is specified, architecture is specified. API validation error.\n2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used.\n3. image is specified, version is not specified, architecture is specified. API validation error.\n4. image is specified, version is not specified, architecture is not specified. image is used.\n5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image.\n6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image.\n7. image is not specified, version is not specified, architecture is specified. API validation error.\n8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status\nabout the failing component. Setting the desired update value back to\nthe previous version will cause a rollback to be attempted. Not all\nrollbacks will succeed.", - "properties": { - "architecture": { - "description": "architecture is an optional field that indicates the desired\nvalue of the cluster architecture. In this context cluster\narchitecture means either a single architecture or a multi\narchitecture. architecture can only be set to Multi thereby\nonly allowing updates from single to multi architecture. If\narchitecture is set, image cannot be set and version must be\nset.\nValid values are 'Multi' and empty.", - "enum": [ - "Multi", - "" - ], - "type": "string" - }, - "force": { - "description": "force allows an administrator to update to an image that has failed\nverification or upgradeable checks. This option should only\nbe used when the authenticity of the provided image has been verified out\nof band because the provided image will run with full administrative access\nto the cluster. Do not use this flag with images that comes from unknown\nor potentially malicious sources.", - "type": "boolean" - }, - "image": { - "description": "image is a container image location that contains the update.\nimage should be used when the desired version does not exist in availableUpdates or history.\nWhen image is set, version is ignored. When image is set, version should be empty.\nWhen image is set, architecture cannot be specified.", - "type": "string" - }, - "version": { - "description": "version is a semantic version identifying the update version.\nversion is ignored if image is specified and required if\narchitecture is specified.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "cannot set both Architecture and Image", - "rule": "has(self.architecture) && has(self.image) ? (self.architecture == \"\" || self.image == \"\") : true" - }, - { - "message": "Version must be set if Architecture is set", - "rule": "has(self.architecture) && self.architecture != \"\" ? self.version != \"\" : true" - } - ] - }, - "overrides": { - "description": "overrides is list of overides for components that are managed by\ncluster version operator. Marking a component unmanaged will prevent\nthe operator from creating or updating the object.", + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in RepositoryDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", "items": { - "description": "ComponentOverride allows overriding cluster version operator's behavior\nfor a component.", + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "properties": { - "group": { - "description": "group identifies the API group that the kind is in.", - "type": "string" - }, - "kind": { - "description": "kind indentifies which object to override.", - "type": "string" + "allowMirrorByTags": { + "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests.\nPulling images by tag can potentially yield different images, depending on which endpoint\nwe pull from. Forcing digest-pulls for mirrors avoids that issue.", + "type": "boolean" }, - "name": { - "description": "name is the component's name.", - "type": "string" + "mirrors": { + "description": "mirrors is zero or more repositories that may also contain the same images.\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec. No mirror will be configured.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors. Other cluster configuration,\nincluding (but not limited to) other repositoryDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.", + "items": { + "pattern": "^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])(:[0-9]+)?(\\/[^\\/:\\n]+)*(\\/[^\\/:\\n]+((:[^\\/:\\n]+)|(@[^\\n]+)))?$", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" }, - "namespace": { - "description": "namespace is the component's namespace. If the resource is cluster\nscoped, the namespace should be empty.", + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "pattern": "^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])(:[0-9]+)?(\\/[^\\/:\\n]+)*(\\/[^\\/:\\n]+((:[^\\/:\\n]+)|(@[^\\n]+)))?$", "type": "string" - }, - "unmanaged": { - "description": "unmanaged controls if cluster version operator should stop managing the\nresources in this cluster.\nDefault: false", - "type": "boolean" } }, "required": [ - "group", - "kind", - "name", - "namespace", - "unmanaged" + "source" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ - "kind", - "group", - "namespace", - "name" + "source" ], "x-kubernetes-list-type": "map" - }, - "upstream": { - "description": "upstream may be used to specify the preferred update server. By default\nit will use the appropriate update server for the cluster and region.", - "type": "string" } }, - "required": [ - "clusterID" - ], "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ImageContentPolicy", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ImageContentPolicyList": { + "description": "ImageContentPolicyList is a list of ImageContentPolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "status": { - "description": "status contains information about the available updates and any in-progress\nupdates.", + "items": { + "description": "List of imagecontentpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.config.v1.ImageContentPolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ImageContentPolicyList", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ImageDigestMirrorSet": { + "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", "properties": { - "availableUpdates": { - "description": "availableUpdates contains updates recommended for this\ncluster. Updates which appear in conditionalUpdates but not in\navailableUpdates may expose this cluster to known issues. This list\nmay be empty if no updates are recommended, if the update service\nis unavailable, or if an invalid channel has been specified.", + "imageDigestMirrors": { + "description": "imageDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in imageDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo use mirrors to pull images using tag specification, users should configure\na list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects,\nonly the objects which define the most specific namespace match will be used.\nFor example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as\nthe \"source\", only the objects using quay.io/libpod/busybox are going to apply\nfor pull specification quay.io/libpod/busybox.\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.\nUsers who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", "items": { - "description": "Release represents an OpenShift release image and associated metadata.", + "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "properties": { - "channels": { - "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.\nIf unset, the image will continue to be pulled from the the repository in the pull spec.\nsourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "enum": [ + "NeverContactSource", + "AllowContactingSource" + ], + "type": "string" + }, + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.\nImages can be pulled from these mirrors only if they are referenced by their digests.\nThe mirrored location is obtained by replacing the part of the input reference that\nmatches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,\na (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo\nrepository to be used.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors.\nIf no mirror is specified or all image pulls from the mirror list fail, the image will continue to be\npulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\"\nOther cluster configuration, including (but not limited to) other imageDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.\n\"mirrors\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "items": { + "pattern": "^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, - "image": { - "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", - "type": "string" - }, - "url": { - "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", - "type": "string" - }, - "version": { - "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname\ne.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.\n\"source\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\n[*.]host\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "pattern": "^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", "type": "string" } }, "required": [ - "image", - "version" + "source" ], "type": "object" }, - "nullable": true, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "capabilities": { - "description": "capabilities describes the state of optional, core cluster components.", + } + }, + "type": "object" + }, + "status": { + "description": "status contains the observed state of the resource.", + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ImageDigestMirrorSet", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ImageDigestMirrorSetList": { + "description": "ImageDigestMirrorSetList is a list of ImageDigestMirrorSet", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of imagedigestmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.config.v1.ImageDigestMirrorSet" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ImageDigestMirrorSetList", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ImageList": { + "description": "ImageList is a list of Image", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of images. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.config.v1.Image" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "config.openshift.io", + "kind": "ImageList", + "version": "v1" + } + ] + }, + "config.openshift.io/v1/ImagePolicy": { + "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "properties": { + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how\nimages not matching the verification policy will be treated.", "properties": { - "enabledCapabilities": { - "description": "enabledCapabilities lists all the capabilities that are currently managed.", - "items": { - "description": "ClusterVersionCapability enumerates optional, core cluster components.", - "enum": [ - "openshift-samples", - "baremetal", - "marketplace", - "Console", - "Insights", - "Storage", - "CSISnapshot", - "NodeTuning", - "MachineAPI", - "Build", - "DeploymentConfig", - "ImageRegistry", - "OperatorLifecycleManager", - "CloudCredential", - "Ingress", - "CloudControllerManager", - "OperatorLifecycleManagerV1" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "knownCapabilities": { - "description": "knownCapabilities lists all the capabilities known to the current cluster.", - "items": { - "description": "ClusterVersionCapability enumerates optional, core cluster components.", - "enum": [ - "openshift-samples", - "baremetal", - "marketplace", - "Console", - "Insights", - "Storage", - "CSISnapshot", - "NodeTuning", - "MachineAPI", - "Build", - "DeploymentConfig", - "ImageRegistry", - "OperatorLifecycleManager", - "CloudCredential", - "Ingress", - "CloudControllerManager", - "OperatorLifecycleManagerV1" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "conditionalUpdates": { - "description": "conditionalUpdates contains the list of updates that may be\nrecommended for this cluster if it meets specific required\nconditions. Consumers interested in the set of updates that are\nactually recommended for this cluster should use\navailableUpdates. This list may be empty if no updates are\nrecommended, if the update service is unavailable, or if an empty\nor invalid channel has been specified.", - "items": { - "description": "ConditionalUpdate represents an update which is recommended to some\nclusters on the version the current cluster is reconciling, but which\nmay not be recommended for the current cluster.", - "properties": { - "conditions": { - "description": "conditions represents the observations of the conditional update's\ncurrent status. Known types are:\n* Recommended, for whether the update is recommended for the current cluster.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "rootOfTrust": { + "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval.\nThis allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "properties": { + "fulcioCAWithRekor": { + "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key.\nfulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise\nFor more information about Fulcio and Rekor, please refer to the document at:\nhttps://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "fulcioCAData": { + "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA.\nfulcioCAData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the fulcioCAData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'.", + "rule": "string(self).startsWith('-----BEGIN CERTIFICATE-----')" + }, + { + "message": "the fulcioCAData must end with base64 encoding of '-----END CERTIFICATE-----'.", + "rule": "string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')" + } + ] }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "fulcioSubject": { + "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "properties": { + "oidcIssuer": { + "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length.\nIt will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL.\nWhen Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token.\nExample: \"https://expected.OIDC.issuer/\"", + "maxLength": 2048, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "oidcIssuer must be a valid URL", + "rule": "isURL(self)" + } + ] + }, + "signedEmail": { + "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for.\nThe signedEmail must be a valid email address and at most 320 characters in length.\nExample: \"expected-signing-user@example.com\"", + "maxLength": 320, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid email address", + "rule": "self.matches('^\\\\S+@\\\\S+$')" + } + ] + } + }, + "required": [ + "oidcIssuer", + "signedEmail" ], - "type": "string" + "type": "object" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "rekorKeyData": { + "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the rekorKeyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" + }, + { + "message": "the rekorKeyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" + } + ] } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "fulcioCAData", + "fulcioSubject", + "rekorKeyData" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "release": { - "description": "release is the target of the update.", - "properties": { - "channels": { - "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", - "items": { - "type": "string" + "policyType": { + "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated.\nAllowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\".\nWhen set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification.\nWhen set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification.\nWhen set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "type": "string" + }, + "publicKey": { + "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification.\npublicKey is required when policyType is PublicKey, and forbidden otherwise.", + "properties": { + "keyData": { + "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key.\nkeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "minLength": 68, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the keyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" + }, + { + "message": "the keyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" + } + ] }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", - "type": "string" + "rekorKeyData": { + "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", + "format": "byte", + "maxLength": 8192, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the rekorKeyData must start with base64 encoding of '-----BEGIN PUBLIC KEY-----'.", + "rule": "string(self).startsWith('-----BEGIN PUBLIC KEY-----')" + }, + { + "message": "the rekorKeyData must end with base64 encoding of '-----END PUBLIC KEY-----'.", + "rule": "string(self).endsWith('-----END PUBLIC KEY-----\\n') || string(self).endsWith('-----END PUBLIC KEY-----')" + } + ] + } }, - "url": { - "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", - "type": "string" + "required": [ + "keyData" + ], + "type": "object" + } + }, + "required": [ + "policyType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "publicKey is required when policyType is PublicKey, and forbidden otherwise", + "rule": "has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)" + }, + { + "message": "fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise", + "rule": "has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)" + } + ] + }, + "signedIdentity": { + "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope.\nThe required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "properties": { + "exactRepository": { + "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature.\nexactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", + "properties": { + "repository": { + "description": "repository is the reference of the image identity to be matched.\nrepository is required if matchPolicy is set to \"ExactRepository\".\nThe value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" + }, + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" + } + ] + } }, - "version": { - "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", - "type": "string" - } + "required": [ + "repository" + ], + "type": "object" }, - "required": [ - "image", - "version" - ], - "type": "object" - }, - "risks": { - "description": "risks represents the range of issues associated with\nupdating to the target release. The cluster-version\noperator will evaluate all entries, and only recommend the\nupdate if there is at least one entry and all entries\nrecommend the update.", - "items": { - "description": "ConditionalUpdateRisk represents a reason and cluster-state\nfor not recommending a conditional update.", + "matchPolicy": { + "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope.\nAllowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\".\nWhen set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity.\nWhen set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity.\nWhen set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\".\nWhen set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified \u201csignedPrefix\u201d if the the image identity matches the specified remapPrefix.", + "enum": [ + "MatchRepoDigestOrExact", + "MatchRepository", + "ExactRepository", + "RemapIdentity" + ], + "type": "string" + }, + "remapIdentity": { + "description": "remapIdentity specifies the prefix remapping rule for verifying image identity.\nremapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", "properties": { - "matchingRules": { - "description": "matchingRules is a slice of conditions for deciding which\nclusters match the risk and which do not. The slice is\nordered by decreasing precedence. The cluster-version\noperator will walk the slice in order, and stop after the\nfirst it can successfully evaluate. If no condition can be\nsuccessfully evaluated, the update will not be recommended.", - "items": { - "description": "ClusterCondition is a union of typed cluster conditions. The 'type'\nproperty determines which of the type-specific properties are relevant.\nWhen evaluated on a cluster, the condition may match, not match, or\nfail to evaluate.", - "properties": { - "promql": { - "description": "promql represents a cluster condition based on PromQL.", - "properties": { - "promql": { - "description": "promql is a PromQL query classifying clusters. This query\nquery should return a 1 in the match case and a 0 in the\ndoes-not-match case. Queries which return no time\nseries, or which return values besides 0 or 1, are\nevaluation failures.", - "type": "string" - } - }, - "required": [ - "promql" - ], - "type": "object" - }, - "type": { - "description": "type represents the cluster-condition type. This defines\nthe members and semantics of any additional properties.", - "enum": [ - "Always", - "PromQL" - ], - "type": "string" - } + "prefix": { + "description": "prefix is required if matchPolicy is set to \"RemapIdentity\".\nprefix is the prefix of the image identity to be matched.\nIf the image identity matches the specified prefix, that prefix is replaced by the specified \u201csignedPrefix\u201d (otherwise it is used as unchanged and no remapping takes place).\nThis is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor\u2019s repository structure.\nThe prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" }, - "required": [ - "type" - ], - "type": "object" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "message": { - "description": "message provides additional information about the risk of\nupdating, in the event that matchingRules match the cluster\nstate. This is only to be consumed by humans. It may\ncontain Line Feed characters (U+000A), which should be\nrendered as new lines.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "name is the CamelCase reason for not recommending a\nconditional update, in the event that matchingRules match the\ncluster state.", - "minLength": 1, - "type": "string" + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" + } + ] }, - "url": { - "description": "url contains information about this risk.", - "format": "uri", - "minLength": 1, - "type": "string" + "signedPrefix": { + "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\".\nsignedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", + "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" + }, + { + "message": "invalid repository or prefix in the signedIdentity. The repository or prefix must starts with 'localhost' or a valid '.' separated domain. If contains registry paths, the path component names must start with at least one letter or number, with following parts able to be separated by one period, one or two underscore and multiple dashes.", + "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" + } + ] } }, "required": [ - "matchingRules", - "message", - "name", - "url" + "prefix", + "signedPrefix" ], "type": "object" + } + }, + "required": [ + "matchPolicy" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise", + "rule": "(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)" }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + { + "message": "remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise", + "rule": "(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)" + } + ] + } + }, + "required": [ + "rootOfTrust" + ], + "type": "object" + }, + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\".\nScopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest).\nMore general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository\nnamespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number).\nWildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not.\nThis support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored.\nIn addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories\nquay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation.\nIf a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied.\nFor additional details about the format, please refer to the document explaining the docker transport field,\nwhich can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "items": { + "maxLength": 512, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid image scope format, scope must contain a fully qualified domain name or 'localhost'", + "rule": "size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true" + }, + { + "message": "invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching", + "rule": "self.contains('*') ? self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true" + }, + { + "message": "invalid repository namespace or image specification in the image scope", + "rule": "!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\\\w][\\\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true" } - }, - "required": [ - "release", - "risks" - ], - "type": "object" + ] }, + "maxItems": 256, "type": "array", - "x-kubernetes-list-type": "atomic" - }, + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "policy", + "scopes" + ], + "type": "object" + }, + "status": { + "description": "status contains the observed state of the resource.", + "properties": { "conditions": { - "description": "conditions provides information about the cluster version. The condition\n\"Available\" is set to true if the desiredUpdate has been reached. The\ncondition \"Progressing\" is set to true if an update is being applied.\nThe condition \"Degraded\" is set to true if an update is currently blocked\nby a temporary or permanent error. Conditions are only valid for the\ncurrent desiredUpdate when metadata.generation is equal to\nstatus.generation.", + "description": "conditions provide details on the status of this API Resource.\ncondition type 'Pending' indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid.", "items": { - "description": "ClusterOperatorStatusCondition represents the state of the operator's\nmanaged and monitored components.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { - "description": "reason is the CamelCase reason for the condition's current status.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "type specifies the aspect reported by this condition.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, + "maxItems": 8, + "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" - }, - "desired": { - "description": "desired is the version that the cluster is reconciling towards.\nIf the cluster is not yet fully initialized desired will be set\nwith the information available, which may be an image or a tag.", - "properties": { - "channels": { - "description": "channels is the set of Cincinnati channels to which the release\ncurrently belongs.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is a container image location that contains the update. When this\nfield is part of spec, image is optional if version is specified and the\navailableUpdates field contains a matching version.", - "type": "string" - }, - "url": { - "description": "url contains information about this release. This URL is set by\nthe 'url' metadata property on a release or the metadata returned by\nthe update API and should be displayed as a link in user\ninterfaces. The URL field may not be set for test or nightly\nreleases.", - "type": "string" - }, - "version": { - "description": "version is a semantic version identifying the update version. When this\nfield is part of spec, version is optional if image is specified.", - "type": "string" - } - }, - "required": [ - "image", - "version" - ], - "type": "object" - }, - "history": { - "description": "history contains a list of the most recent versions applied to the cluster.\nThis value may be empty during cluster startup, and then will be updated\nwhen a new update is being applied. The newest update is first in the\nlist and it is ordered by recency. Updates in the history have state\nCompleted if the rollout completed - if an update was failing or halfway\napplied the state will be Partial. Only a limited amount of update history\nis preserved.", - "items": { - "description": "UpdateHistory is a single attempted update to the cluster.", - "properties": { - "acceptedRisks": { - "description": "acceptedRisks records risks which were accepted to initiate the update.\nFor example, it may menition an Upgradeable=False or missing signature\nthat was overriden via desiredUpdate.force, or an update that was\ninitiated despite not being in the availableUpdates set of recommended\nupdate targets.", - "type": "string" - }, - "completionTime": { - "description": "completionTime, if set, is when the update was fully applied. The update\nthat is currently being applied will have a null completion time.\nCompletion time will always be set for entries that are not the current\nupdate (usually to the started time of the next update).", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "image": { - "description": "image is a container image location that contains the update. This value\nis always populated.", - "type": "string" - }, - "startedTime": { - "description": "startedTime is the time at which the update was started.", - "format": "date-time", - "type": "string" - }, - "state": { - "description": "state reflects whether the update was fully applied. The Partial state\nindicates the update is not fully applied, while the Completed state\nindicates the update was successfully rolled out at least once (all\nparts of the update successfully applied).", - "type": "string" - }, - "verified": { - "description": "verified indicates whether the provided update was properly verified\nbefore it was installed. If this is false the cluster may not be trusted.\nVerified does not cover upgradeable checks that depend on the cluster\nstate at the time when the update target was accepted.", - "type": "boolean" - }, - "version": { - "description": "version is a semantic version identifying the update version. If the\nrequested image does not define a version, or if a failure occurs\nretrieving the image, this value may be empty.", - "type": "string" - } - }, - "required": [ - "completionTime", - "image", - "startedTime", - "state", - "verified" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "observedGeneration": { - "description": "observedGeneration reports which version of the spec is being synced.\nIf this value is not equal to metadata.generation, then the desired\nand conditions fields may represent a previous version.", - "format": "int64", - "type": "integer" - }, - "versionHash": { - "description": "versionHash is a fingerprint of the content that the cluster will be\nupdated with. It is used by the operator to avoid unnecessary work\nand is for internal use only.", - "type": "string" } }, - "required": [ - "availableUpdates", - "desired", - "observedGeneration", - "versionHash" - ], "type": "object" } }, @@ -36801,13 +37997,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "ClusterVersion", + "kind": "ImagePolicy", "version": "v1" } ] }, - "config.openshift.io/v1/ClusterVersionList": { - "description": "ClusterVersionList is a list of ClusterVersion", + "config.openshift.io/v1/ImagePolicyList": { + "description": "ImagePolicyList is a list of ImagePolicy", "namespaced": true, "properties": { "apiVersion": { @@ -36815,9 +38011,9 @@ "type": "string" }, "items": { - "description": "List of clusterversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of imagepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.ClusterVersion" + "$ref": "#/components/schemas/io.openshift.config.v1.ImagePolicy" }, "type": "array" }, @@ -36841,13 +38037,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "ClusterVersionList", + "kind": "ImagePolicyList", "version": "v1" } ] }, - "config.openshift.io/v1/Console": { - "description": "Console holds cluster-wide configuration for the web console, including the\nlogout URL, and reports the public URL of the console. The canonical name is\n`cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/ImageTagMirrorSet": { + "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -36869,28 +38065,47 @@ "spec": { "description": "spec holds user settable values for configuration", "properties": { - "authentication": { - "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", - "properties": { - "logoutRedirect": { - "description": "An optional, absolute URL to redirect web browsers to after logging out of\nthe console. If not specified, it will redirect to the default login page.\nThis is required when using an identity provider that supports single\nsign-on (SSO) such as:\n- OpenID (Keycloak, Azure)\n- RequestHeader (GSSAPI, SSPI, SAML)\n- OAuth (GitHub, GitLab, Google)\nLogging out of the console will destroy the user's token. The logoutRedirect\nprovides the user the option to perform single logout (SLO) through the identity\nprovider to destroy their single sign-on session.", - "pattern": "^$|^((https):\\/\\/?)[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|\\/?))$", - "type": "string" - } + "imageTagMirrors": { + "description": "imageTagMirrors allows images referenced by image tags in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in imageTagMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo use mirrors to pull images using digest specification only, users should configure\na list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects,\nonly the objects which define the most specific namespace match will be used.\nFor example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as\nthe \"source\", only the objects using quay.io/libpod/busybox are going to apply\nfor pull specification quay.io/libpod/busybox.\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.\nUsers who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", + "items": { + "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "properties": { + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.\nIf unset, the image will continue to be pulled from the repository in the pull spec.\nsourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "enum": [ + "NeverContactSource", + "AllowContactingSource" + ], + "type": "string" + }, + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.\nImages can be pulled from these mirrors only if they are referenced by their tags.\nThe mirrored location is obtained by replacing the part of the input reference that\nmatches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,\na (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo\nrepository to be used.\nPulling images by tag can potentially yield different images, depending on which endpoint we pull from.\nConfiguring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors.\nIf no mirror is specified or all image pulls from the mirror list fail, the image will continue to be\npulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\".\nOther cluster configuration, including (but not limited to) other imageTagMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.\n\"mirrors\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "items": { + "pattern": "^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname\ne.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.\n\"source\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\n[*.]host\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "pattern": "^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", + "type": "string" + } + }, + "required": [ + "source" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "consoleURL": { - "description": "The URL for the console. This will be derived from the host for the route that\nis created for the console.", - "type": "string" - } - }, + "description": "status contains the observed state of the resource.", "type": "object" } }, @@ -36901,13 +38116,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "Console", + "kind": "ImageTagMirrorSet", "version": "v1" } ] }, - "config.openshift.io/v1/ConsoleList": { - "description": "ConsoleList is a list of Console", + "config.openshift.io/v1/ImageTagMirrorSetList": { + "description": "ImageTagMirrorSetList is a list of ImageTagMirrorSet", "namespaced": true, "properties": { "apiVersion": { @@ -36915,9 +38130,9 @@ "type": "string" }, "items": { - "description": "List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of imagetagmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.Console" + "$ref": "#/components/schemas/io.openshift.config.v1.ImageTagMirrorSet" }, "type": "array" }, @@ -36941,977 +38156,13 @@ "x-kubernetes-group-version-kind": [ { "group": "config.openshift.io", - "kind": "ConsoleList", + "kind": "ImageTagMirrorSetList", "version": "v1" } ] }, - "config.openshift.io/v1/DNS": { - "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "baseDomain": { - "description": "baseDomain is the base domain of the cluster. All managed DNS records will\nbe sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server\nDNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", - "type": "string" - }, - "platform": { - "description": "platform holds configuration specific to the underlying\ninfrastructure provider for DNS.\nWhen omitted, this means the user has no opinion and the platform is left\nto choose reasonable defaults. These defaults are subject to change over time.", - "properties": { - "aws": { - "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", - "properties": { - "privateZoneIAMRole": { - "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing\noperations on the cluster's private hosted zone specified in the cluster DNS config.\nWhen left empty, no role should be assumed.", - "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$", - "type": "string" - } - }, - "type": "object" - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster.\nAllowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms,\nand must handle unrecognized platforms with best-effort defaults.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "allowed values are '' and 'AWS'", - "rule": "self in ['','AWS']" - } - ] - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "aws configuration is required when platform is AWS, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)" - } - ] - }, - "privateZone": { - "description": "privateZone is the location where all the DNS records that are only available internally\nto the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object" - } - }, - "type": "object" - }, - "publicZone": { - "description": "publicZone is the location where all the DNS records that are publicly accessible to\nthe internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "DNS", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/DNSList": { - "description": "DNSList is a list of DNS", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.DNS" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "DNSList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/FeatureGate": { - "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "customNoUpgrade": { - "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.\nBecause of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations\nyour cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", - "nullable": true, - "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that you want to force off", - "items": { - "description": "FeatureGateName is a string to enforce patterns on the name of a FeatureGate", - "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", - "type": "string" - }, - "type": "array" - }, - "enabled": { - "description": "enabled is a list of all feature gates that you want to force on", - "items": { - "description": "FeatureGateName is a string to enforce patterns on the name of a FeatureGate", - "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "featureSet": { - "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting.\nTurning on or off features may cause irreversible changes in your cluster which cannot be undone.", - "enum": [ - "CustomNoUpgrade", - "DevPreviewNoUpgrade", - "TechPreviewNoUpgrade", - "" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "CustomNoUpgrade may not be changed", - "rule": "oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true" - }, - { - "message": "TechPreviewNoUpgrade may not be changed", - "rule": "oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true" - }, - { - "message": "DevPreviewNoUpgrade may not be changed", - "rule": "oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": ".spec.featureSet cannot be removed", - "rule": "has(oldSelf.featureSet) ? has(self.featureSet) : true" - } - ] - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "conditions": { - "description": "conditions represent the observations of the current state.\nKnown .status.conditions.type are: \"DeterminationDegraded\"", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "featureGates": { - "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion.\nOperators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate\nthe version they are managing, find the enabled/disabled featuregates and make the operand and operator match.\nThe enabled/disabled values for a particular version may change during the life of the cluster as various\n.spec.featureSet values are selected.\nOperators may choose to restart their processes to pick up these changes, but remembering past enable/disable\nlists is beyond the scope of this API and is the responsibility of individual operators.\nOnly featureGates with .version in the ClusterVersion.status will be present in this list.", - "items": { - "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", - "items": { - "properties": { - "name": { - "description": "name is the name of the FeatureGate.", - "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "enabled": { - "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", - "items": { - "properties": { - "name": { - "description": "name is the name of the FeatureGate.", - "pattern": "^([A-Za-z0-9-]+\\.)*[A-Za-z0-9-]+\\.?$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "version": { - "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", - "type": "string" - } - }, - "required": [ - "version" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "version" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "FeatureGate", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/FeatureGateList": { - "description": "FeatureGateList is a list of FeatureGate", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of featuregates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.FeatureGate" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "FeatureGateList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/Image": { - "description": "Image governs policies related to imagestream imports and runtime configuration\nfor external registries. It allows cluster admins to configure which registries\nOpenShift is allowed to import images from, extra CA trust bundles for external\nregistries, and policies to block or allow registry hostnames.\nWhen exposing OpenShift's image registry to the public, this also lets cluster\nadmins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that\nshould be trusted during imagestream import, pod image pull, build image pull, and\nimageregistry pullthrough.\nThe namespace for this config map is openshift-config.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import\nimages from. Set this list to the registries that you trust to contain valid Docker\nimages and that you want applications to be able to import from. Users with\npermission to create Images or ImageStreamMappings via the API are not affected by\nthis policy - typically only administrators or system integrations will have those\npermissions.", - "items": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain\nname. The domain name might include wildcards, like '*' or '??'.", - "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry\nIn case the registry use non-standard (80 or 443) port, the port should be included\nin the domain name as well.", - "type": "string" - }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http)\nBy default (if not specified) the registry is assumed as secure.", - "type": "boolean" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image\nregistry. The external hostname should be set only when the image registry\nis exposed externally. The first value is used in 'publicDockerImageRepository'\nfield in ImageStreams. The value must be in \"hostname[:port]\" format.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "registrySources": { - "description": "registrySources contains configuration that determines how the container runtime\nshould treat individual registries when accessing images for builds+pods. (e.g.\nwhether or not to allow insecure access). It does not contain configuration for the\ninternal cluster registry.", - "properties": { - "allowedRegistries": { - "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "blockedRegistries": { - "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "containerRuntimeSearchRegistries": { - "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified\ndomains in their pull specs. Registries will be searched in the order provided in the list.\nNote: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", - "format": "hostname", - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "insecureRegistries": { - "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of blockedRegistries or allowedRegistries may be set", - "rule": "has(self.blockedRegistries) ? !has(self.allowedRegistries) : true" - } - ] - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image\nregistry. The external hostname should be set only when the image registry\nis exposed externally. The first value is used in 'publicDockerImageRepository'\nfield in ImageStreams. The value must be in \"hostname[:port]\" format.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image\nregistry. The value must be in \"hostname[:port]\" format.\nThis value is set by the image registry operator which controls the internal registry\nhostname.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "Image", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageContentPolicy": { - "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in RepositoryDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", - "items": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", - "properties": { - "allowMirrorByTags": { - "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests.\nPulling images by tag can potentially yield different images, depending on which endpoint\nwe pull from. Forcing digest-pulls for mirrors avoids that issue.", - "type": "boolean" - }, - "mirrors": { - "description": "mirrors is zero or more repositories that may also contain the same images.\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec. No mirror will be configured.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors. Other cluster configuration,\nincluding (but not limited to) other repositoryDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.", - "items": { - "pattern": "^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])(:[0-9]+)?(\\/[^\\/:\\n]+)*(\\/[^\\/:\\n]+((:[^\\/:\\n]+)|(@[^\\n]+)))?$", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", - "pattern": "^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])(:[0-9]+)?(\\/[^\\/:\\n]+)*(\\/[^\\/:\\n]+((:[^\\/:\\n]+)|(@[^\\n]+)))?$", - "type": "string" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "source" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageContentPolicy", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageContentPolicyList": { - "description": "ImageContentPolicyList is a list of ImageContentPolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagecontentpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.ImageContentPolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageContentPolicyList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageDigestMirrorSet": { - "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "imageDigestMirrors": { - "description": "imageDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in imageDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo use mirrors to pull images using tag specification, users should configure\na list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects,\nonly the objects which define the most specific namespace match will be used.\nFor example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as\nthe \"source\", only the objects using quay.io/libpod/busybox are going to apply\nfor pull specification quay.io/libpod/busybox.\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.\nUsers who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", - "items": { - "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", - "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.\nIf unset, the image will continue to be pulled from the the repository in the pull spec.\nsourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", - "enum": [ - "NeverContactSource", - "AllowContactingSource" - ], - "type": "string" - }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.\nImages can be pulled from these mirrors only if they are referenced by their digests.\nThe mirrored location is obtained by replacing the part of the input reference that\nmatches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,\na (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo\nrepository to be used.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors.\nIf no mirror is specified or all image pulls from the mirror list fail, the image will continue to be\npulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\"\nOther cluster configuration, including (but not limited to) other imageDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.\n\"mirrors\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "items": { - "pattern": "^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname\ne.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.\n\"source\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\n[*.]host\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "pattern": "^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", - "type": "string" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "status": { - "description": "status contains the observed state of the resource.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageDigestMirrorSet", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageDigestMirrorSetList": { - "description": "ImageDigestMirrorSetList is a list of ImageDigestMirrorSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagedigestmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.ImageDigestMirrorSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageDigestMirrorSetList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageList": { - "description": "ImageList is a list of Image", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of images. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.Image" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageTagMirrorSet": { - "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "imageTagMirrors": { - "description": "imageTagMirrors allows images referenced by image tags in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in imageTagMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nTo use mirrors to pull images using digest specification only, users should configure\na list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects,\nonly the objects which define the most specific namespace match will be used.\nFor example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as\nthe \"source\", only the objects using quay.io/libpod/busybox are going to apply\nfor pull specification quay.io/libpod/busybox.\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified\nrepository in the pull spec.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.\nUsers who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", - "items": { - "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", - "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.\nIf unset, the image will continue to be pulled from the repository in the pull spec.\nsourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", - "enum": [ - "NeverContactSource", - "AllowContactingSource" - ], - "type": "string" - }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.\nImages can be pulled from these mirrors only if they are referenced by their tags.\nThe mirrored location is obtained by replacing the part of the input reference that\nmatches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,\na (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo\nrepository to be used.\nPulling images by tag can potentially yield different images, depending on which endpoint we pull from.\nConfiguring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors.\nIf no mirror is specified or all image pulls from the mirror list fail, the image will continue to be\npulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\".\nOther cluster configuration, including (but not limited to) other imageTagMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.\n\"mirrors\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "items": { - "pattern": "^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname\ne.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.\n\"source\" uses one of the following formats:\nhost[:port]\nhost[:port]/namespace[/namespace\u2026]\nhost[:port]/namespace[/namespace\u2026]/repo\n[*.]host\nfor more information about the format, see the document about the location field:\nhttps://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "pattern": "^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$", - "type": "string" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "status": { - "description": "status contains the observed state of the resource.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageTagMirrorSet", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/ImageTagMirrorSetList": { - "description": "ImageTagMirrorSetList is a list of ImageTagMirrorSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagetagmirrorsets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1.ImageTagMirrorSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImageTagMirrorSetList", - "version": "v1" - } - ] - }, - "config.openshift.io/v1/Infrastructure": { - "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "config.openshift.io/v1/Infrastructure": { + "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -38867,6 +39118,7 @@ "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes.\nThe default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster.\nThe 'SingleReplica' mode will be used in single-node deployments\nand the operators should not configure the operand for highly-available operation\nThe 'External' mode indicates that the control plane is hosted externally to the cluster and that\nits components are not visible within the cluster.", "enum": [ "HighlyAvailable", + "HighlyAvailableArbiter", "SingleReplica", "External" ], @@ -42140,956 +42392,6 @@ } ] }, - "config.openshift.io/v1alpha1/ClusterImagePolicy": { - "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec contains the configuration for the cluster image policy.", - "properties": { - "policy": { - "description": "policy contains configuration to allow scopes to be verified, and defines how\nimages not matching the verification policy will be treated.", - "properties": { - "rootOfTrust": { - "description": "rootOfTrust specifies the root of trust for the policy.", - "properties": { - "fulcioCAWithRekor": { - "description": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.\nFor more information about Fulcio and Rekor, please refer to the document at:\nhttps://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "properties": { - "fulcioCAData": { - "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA.\nfulcioCAData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - }, - "fulcioSubject": { - "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "properties": { - "oidcIssuer": { - "description": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token.\nExample: \"https://expected.OIDC.issuer/\"", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "oidcIssuer must be a valid URL", - "rule": "isURL(self)" - } - ] - }, - "signedEmail": { - "description": "signedEmail holds the email address the the Fulcio certificate is issued for.\nExample: \"expected-signing-user@example.com\"", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid email address", - "rule": "self.matches('^\\\\S+@\\\\S+$')" - } - ] - } - }, - "required": [ - "oidcIssuer", - "signedEmail" - ], - "type": "object" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - } - }, - "required": [ - "fulcioCAData", - "fulcioSubject", - "rekorKeyData" - ], - "type": "object" - }, - "policyType": { - "description": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust.\n\"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification.\n\"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification.\n\"PKI\" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "type": "string" - }, - "publicKey": { - "description": "publicKey defines the root of trust based on a sigstore public key.", - "properties": { - "keyData": { - "description": "keyData contains inline base64-encoded data for the PEM format public key.\nKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - } - }, - "required": [ - "keyData" - ], - "type": "object" - } - }, - "required": [ - "policyType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "publicKey is required when policyType is PublicKey, and forbidden otherwise", - "rule": "has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)" - }, - { - "message": "fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise", - "rule": "has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)" - } - ] - }, - "signedIdentity": { - "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "properties": { - "exactRepository": { - "description": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "properties": { - "repository": { - "description": "repository is the reference of the image identity to be matched.\nThe value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "matchPolicy": { - "description": "matchPolicy sets the type of matching to be used.\nValid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\".\nIf set matchPolicy to ExactRepository, then the exactRepository must be specified.\nIf set matchPolicy to RemapIdentity, then the remapIdentity must be specified.\n\"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity.\n\"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity.\n\"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\".\n\"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified \u201csignedPrefix\u201d if the the image identity matches the specified remapPrefix.", - "enum": [ - "MatchRepoDigestOrExact", - "MatchRepository", - "ExactRepository", - "RemapIdentity" - ], - "type": "string" - }, - "remapIdentity": { - "description": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", - "properties": { - "prefix": { - "description": "prefix is the prefix of the image identity to be matched.\nIf the image identity matches the specified prefix, that prefix is replaced by the specified \u201csignedPrefix\u201d (otherwise it is used as unchanged and no remapping takes place).\nThis useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor\u2019s repository structure.\nThe prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - }, - "signedPrefix": { - "description": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - } - }, - "required": [ - "prefix", - "signedPrefix" - ], - "type": "object" - } - }, - "required": [ - "matchPolicy" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise", - "rule": "(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)" - }, - { - "message": "remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise", - "rule": "(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)" - } - ] - } - }, - "required": [ - "rootOfTrust" - ], - "type": "object" - }, - "scopes": { - "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\".\nScopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest).\nMore general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository\nnamespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number).\nWildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not.\nIf multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored.\nIn addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories\nquay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation.\nIf a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied.\nFor additional details about the format, please refer to the document explaining the docker transport field,\nwhich can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "items": { - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid image scope format, scope must contain a fully qualified domain name or 'localhost'", - "rule": "size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true" - }, - { - "message": "invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching", - "rule": "self.contains('*') ? self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true" - }, - { - "message": "invalid repository namespace or image specification in the image scope", - "rule": "!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\\\w][\\\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true" - } - ] - }, - "maxItems": 256, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "required": [ - "policy", - "scopes" - ], - "type": "object" - }, - "status": { - "description": "status contains the observed state of the resource.", - "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ClusterImagePolicy", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/ClusterImagePolicyList": { - "description": "ClusterImagePolicyList is a list of ClusterImagePolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterimagepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1alpha1.ClusterImagePolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ClusterImagePolicyList", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/ClusterMonitoring": { - "description": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.\nClusterMonitoring is the Schema for the Cluster Monitoring Operators API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user configuration for the Cluster Monitoring Operator", - "properties": { - "userDefined": { - "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring.", - "properties": { - "mode": { - "description": "mode defines the different configurations of UserDefinedMonitoring\nValid values are Disabled and NamespaceIsolated\nDisabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\nNamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", - "enum": [ - "Disabled", - "NamespaceIsolated" - ], - "type": "string" - } - }, - "required": [ - "mode" - ], - "type": "object" - } - }, - "required": [ - "userDefined" - ], - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ClusterMonitoring", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/ClusterMonitoringList": { - "description": "ClusterMonitoringList is a list of ClusterMonitoring", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clustermonitoring. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1alpha1.ClusterMonitoring" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ClusterMonitoringList", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/ImagePolicy": { - "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "policy": { - "description": "policy contains configuration to allow scopes to be verified, and defines how\nimages not matching the verification policy will be treated.", - "properties": { - "rootOfTrust": { - "description": "rootOfTrust specifies the root of trust for the policy.", - "properties": { - "fulcioCAWithRekor": { - "description": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key.\nFor more information about Fulcio and Rekor, please refer to the document at:\nhttps://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "properties": { - "fulcioCAData": { - "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA.\nfulcioCAData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - }, - "fulcioSubject": { - "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "properties": { - "oidcIssuer": { - "description": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token.\nExample: \"https://expected.OIDC.issuer/\"", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "oidcIssuer must be a valid URL", - "rule": "isURL(self)" - } - ] - }, - "signedEmail": { - "description": "signedEmail holds the email address the the Fulcio certificate is issued for.\nExample: \"expected-signing-user@example.com\"", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid email address", - "rule": "self.matches('^\\\\S+@\\\\S+$')" - } - ] - } - }, - "required": [ - "oidcIssuer", - "signedEmail" - ], - "type": "object" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - } - }, - "required": [ - "fulcioCAData", - "fulcioSubject", - "rekorKeyData" - ], - "type": "object" - }, - "policyType": { - "description": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust.\n\"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification.\n\"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification.\n\"PKI\" is a DevPreview feature that indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "type": "string" - }, - "publicKey": { - "description": "publicKey defines the root of trust based on a sigstore public key.", - "properties": { - "keyData": { - "description": "keyData contains inline base64-encoded data for the PEM format public key.\nKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key.\nrekorKeyData must be at most 8192 characters.", - "format": "byte", - "maxLength": 8192, - "type": "string" - } - }, - "required": [ - "keyData" - ], - "type": "object" - } - }, - "required": [ - "policyType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "publicKey is required when policyType is PublicKey, and forbidden otherwise", - "rule": "has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)" - }, - { - "message": "fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise", - "rule": "has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)" - } - ] - }, - "signedIdentity": { - "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "properties": { - "exactRepository": { - "description": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "properties": { - "repository": { - "description": "repository is the reference of the image identity to be matched.\nThe value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "matchPolicy": { - "description": "matchPolicy sets the type of matching to be used.\nValid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\".\nIf set matchPolicy to ExactRepository, then the exactRepository must be specified.\nIf set matchPolicy to RemapIdentity, then the remapIdentity must be specified.\n\"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity.\n\"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity.\n\"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\".\n\"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified \u201csignedPrefix\u201d if the the image identity matches the specified remapPrefix.", - "enum": [ - "MatchRepoDigestOrExact", - "MatchRepository", - "ExactRepository", - "RemapIdentity" - ], - "type": "string" - }, - "remapIdentity": { - "description": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", - "properties": { - "prefix": { - "description": "prefix is the prefix of the image identity to be matched.\nIf the image identity matches the specified prefix, that prefix is replaced by the specified \u201csignedPrefix\u201d (otherwise it is used as unchanged and no remapping takes place).\nThis useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor\u2019s repository structure.\nThe prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - }, - "signedPrefix": { - "description": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces,\nor repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form.\nFor example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid repository or prefix in the signedIdentity, should not include the tag or digest", - "rule": "self.matches('.*:([\\\\w][\\\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true" - }, - { - "message": "invalid repository or prefix in the signedIdentity", - "rule": "self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')" - } - ] - } - }, - "required": [ - "prefix", - "signedPrefix" - ], - "type": "object" - } - }, - "required": [ - "matchPolicy" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise", - "rule": "(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)" - }, - { - "message": "remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise", - "rule": "(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)" - } - ] - } - }, - "required": [ - "rootOfTrust" - ], - "type": "object" - }, - "scopes": { - "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\".\nScopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest).\nMore general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository\nnamespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number).\nWildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not.\nIf multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored.\nIn addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories\nquay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation.\nIf a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied.\nFor additional details about the format, please refer to the document explaining the docker transport field,\nwhich can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "items": { - "maxLength": 512, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid image scope format, scope must contain a fully qualified domain name or 'localhost'", - "rule": "size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true" - }, - { - "message": "invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching", - "rule": "self.contains('*') ? self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true" - }, - { - "message": "invalid repository namespace or image specification in the image scope", - "rule": "!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\\\w][\\\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true" - } - ] - }, - "maxItems": 256, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "required": [ - "policy", - "scopes" - ], - "type": "object" - }, - "status": { - "description": "status contains the observed state of the resource.", - "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImagePolicy", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/ImagePolicyList": { - "description": "ImagePolicyList is a list of ImagePolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1alpha1.ImagePolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "ImagePolicyList", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "gatherConfig": { - "description": "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", - "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None.", - "enum": [ - "", - "None", - "ObfuscateNetworking" - ], - "type": "string" - }, - "disabledGatherers": { - "description": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "InsightsDataGather", - "version": "v1alpha1" - } - ] - }, - "config.openshift.io/v1alpha1/InsightsDataGatherList": { - "description": "InsightsDataGatherList is a list of InsightsDataGather", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of insightsdatagathers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.config.v1alpha1.InsightsDataGather" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "config.openshift.io", - "kind": "InsightsDataGatherList", - "version": "v1alpha1" - } - ] - }, "console.openshift.io/v1/ConsoleCLIDownload": { "description": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "namespaced": false, @@ -44602,198 +43904,6 @@ } ] }, - "console.openshift.io/v1alpha1/ConsolePlugin": { - "description": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ConsolePluginSpec is the desired plugin configuration.", - "properties": { - "displayName": { - "description": "displayName is the display name of the plugin.", - "minLength": 1, - "type": "string" - }, - "proxy": { - "description": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", - "items": { - "description": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", - "properties": { - "alias": { - "description": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint: \n /api/proxy/plugin///? \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", - "maxLength": 128, - "minLength": 1, - "pattern": "^[A-Za-z0-9-_]+$", - "type": "string" - }, - "authorize": { - "default": false, - "description": "authorize indicates if the proxied request should contain the logged-in user's OpenShift access token in the \"Authorization\" request header. For example: \n Authorization: Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0 \n By default the access token is not part of the proxied request.", - "type": "boolean" - }, - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", - "pattern": "^-----BEGIN CERTIFICATE-----([\\s\\S]*)-----END CERTIFICATE-----\\s?$", - "type": "string" - }, - "service": { - "description": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", - "properties": { - "name": { - "description": "name of Service that the plugin needs to connect to.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "namespace of Service that the plugin needs to connect to", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "port": { - "description": "port on which the Service that the plugin needs to connect to is listening on.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "name", - "namespace", - "port" - ], - "type": "object" - }, - "type": { - "description": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", - "pattern": "^(Service)$", - "type": "string" - } - }, - "required": [ - "alias", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "service": { - "description": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", - "properties": { - "basePath": { - "default": "/", - "description": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", - "minLength": 1, - "pattern": "^/", - "type": "string" - }, - "name": { - "description": "name of Service that is serving the plugin assets.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "namespace of Service that is serving the plugin assets.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "port": { - "description": "port on which the Service that is serving the plugin is listening to.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "basePath", - "name", - "namespace", - "port" - ], - "type": "object" - } - }, - "required": [ - "service" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "console.openshift.io", - "kind": "ConsolePlugin", - "version": "v1alpha1" - } - ] - }, - "console.openshift.io/v1alpha1/ConsolePluginList": { - "description": "ConsolePluginList is a list of ConsolePlugin", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of consoleplugins. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.console.v1alpha1.ConsolePlugin" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "console.openshift.io", - "kind": "ConsolePluginList", - "version": "v1alpha1" - } - ] - }, "controlplane.operator.openshift.io/v1alpha1/PodNetworkConnectivityCheck": { "description": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "namespaced": true, @@ -72365,89 +71475,8 @@ } ] }, - "forklift.konveyor.io/v1beta1/ForkliftController": { - "description": "ForkliftController is the Schema for the forkliftcontrollers API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Spec defines the desired state of ForkliftController", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "status": { - "description": "Status defines the observed state of ForkliftController", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "ForkliftController", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/ForkliftControllerList": { - "description": "ForkliftControllerList is a list of ForkliftController", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of forkliftcontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.ForkliftController" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "ForkliftControllerList", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/Hook": { - "description": "Hook is the Schema for the hooks API", + "gateway.networking.k8s.io/v1/GRPCRoute": { + "description": "GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge.", "namespaced": true, "properties": { "apiVersion": { @@ -72467,1038 +71496,1109 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Hook specification.", - "properties": { - "deadline": { - "description": "Hook deadline in seconds.", - "format": "int64", - "type": "integer" - }, - "image": { - "description": "Image to run.", - "type": "string" - }, - "playbook": { - "description": "A base64 encoded Ansible playbook.", - "type": "string" - }, - "serviceAccount": { - "description": "Service account.", - "type": "string" - } - }, - "required": [ - "image" - ], - "type": "object" - }, - "status": { - "description": "Hook status.", + "description": "Spec defines the desired state of GRPCRoute.", "properties": { - "conditions": { - "description": "List of conditions.", + "hostnames": { + "description": "Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\nSupport: Core", "items": { - "description": "Condition", - "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" - }, - "status": { - "description": "The condition status [true,false].", - "type": "string" - }, - "type": { - "description": "The condition type.", - "type": "string" - } - }, - "required": [ - "category", - "lastTransitionTime", - "status", - "type" - ], - "type": "object" + "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", + "maxLength": 253, + "minLength": 1, + "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" }, + "maxItems": 16, "type": "array" }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "Hook", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/HookList": { - "description": "HookList is a list of Hook", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hooks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.Hook" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "HookList", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/Host": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "HostSpec defines the desired state of Host", - "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "ipAddress": { - "description": "IP address used for disk transfer.", - "type": "string" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, - "provider": { - "description": "Provider", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Credentials.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Type used to qualify the name.", - "type": "string" - } - }, - "required": [ - "ipAddress", - "provider", - "secret" - ], - "type": "object" - }, - "status": { - "description": "HostStatus defines the observed state of Host", - "properties": { - "conditions": { - "description": "List of conditions.", + "parentRefs": { + "description": "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nParentRefs must be _distinct_. This means either that:\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\nSome examples:\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.", "items": { - "description": "Condition", + "description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" - }, - "status": { - "description": "The condition status [true,false].", + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "type": { - "description": "The condition type.", - "type": "string" - } - }, - "required": [ - "category", - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "Host", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/HostList": { - "description": "HostList is a list of Host", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hosts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.Host" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "HostList", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/Migration": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "MigrationSpec defines the desired state of Migration", - "properties": { - "cancel": { - "description": "List of VMs which will have their imports canceled.", - "items": { - "description": "Source reference.\nEither the ID or Name must be specified.", - "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", + "kind": { + "default": "Gateway", + "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", + "description": "Name is the name of the referent.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, - "type": { - "description": "Type used to qualify the name.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "cutover": { - "description": "Date and time to finalize a warm migration.\nIf present, this will override the value set on the Plan.", - "format": "date-time", - "type": "string" - }, - "plan": { - "description": "Reference to the associated Plan.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "plan" - ], - "type": "object" - }, - "status": { - "description": "MigrationStatus defines the observed state of Migration", - "properties": { - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "conditions": { - "description": "List of conditions.", - "items": { - "description": "Condition", - "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "status": { - "description": "The condition status [true,false].", - "type": "string" + "port": { + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "type": { - "description": "The condition type.", + "sectionName": { + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, "required": [ - "category", - "lastTransitionTime", - "status", - "type" + "name" ], "type": "object" }, - "type": "array" - }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "started": { - "description": "Started timestamp.", - "format": "date-time", - "type": "string" + "maxItems": 32, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "sectionName must be specified when parentRefs includes 2 or more references to the same parent", + "rule": "self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))" + }, + { + "message": "sectionName must be unique when parentRefs includes 2 or more references to the same parent", + "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))" + } + ] }, - "vms": { - "description": "VM status", + "rules": { + "description": "Rules are a list of GRPC matchers, filters and actions.", "items": { - "description": "VM Status", + "description": "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", "properties": { - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "conditions": { - "description": "List of conditions.", + "backendRefs": { + "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\nSupport: Core for Kubernetes Service\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", "items": { - "description": "Condition", + "description": "GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", + "filters": { + "description": "Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)", "items": { - "type": "string" + "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", + "properties": { + "extensionRef": { + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nSupport: Implementation-specific\n\nThis filter can be used multiple times within the same rule.", + "properties": { + "group": { + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "group", + "kind", + "name" + ], + "type": "object" + }, + "requestHeaderModifier": { + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", + "properties": { + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { + "type": "string" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "requestMirror": { + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", + "properties": { + "backendRef": { + "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", + "properties": { + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] + }, + "fraction": { + "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "properties": { + "denominator": { + "default": 100, + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "numerator": { + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "numerator" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "numerator must be less than or equal to denominator", + "rule": "self.numerator <= self.denominator" + } + ] + }, + "percent": { + "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "format": "int32", + "maximum": 100, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "backendRef" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", + "rule": "!(has(self.percent) && has(self.fraction))" + } + ] + }, + "responseHeaderModifier": { + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", + "properties": { + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { + "type": "string" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "type": { + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.", + "enum": [ + "ResponseHeaderModifier", + "RequestHeaderModifier", + "RequestMirror", + "ExtensionRef" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", + "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + }, + { + "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", + "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", + "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", + "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + }, + { + "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", + "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" + }, + { + "message": "filter.requestMirror must be specified for RequestMirror filter.type", + "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + }, + { + "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", + "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + }, + { + "message": "filter.extensionRef must be specified for ExtensionRef filter.type", + "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + } + ] }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "RequestHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + }, + { + "message": "ResponseHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + } + ] }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "message": { - "description": "The human readable description of the condition.", + "kind": { + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, - "reason": { - "description": "The reason for the condition or transition.", + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" }, - "status": { - "description": "The condition status [true,false].", + "namespace": { + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "type": { - "description": "The condition type.", - "type": "string" + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "weight": { + "default": 1, + "description": "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\nSupport for this field varies based on the context where used.", + "format": "int32", + "maximum": 1000000, + "minimum": 0, + "type": "integer" } }, "required": [ - "category", - "lastTransitionTime", - "status", - "type" + "name" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] }, + "maxItems": 16, "type": "array" }, - "error": { - "description": "Errors", - "properties": { - "phase": { - "type": "string" - }, - "reasons": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "phase", - "reasons" - ], - "type": "object" - }, - "firmware": { - "description": "The firmware type detected from the OVF file produced by virt-v2v.", - "type": "string" - }, - "hooks": { - "description": "Enable hooks.", + "filters": { + "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nIf an implementation cannot support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", "items": { - "description": "Plan hook.", + "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "properties": { - "hook": { - "description": "Hook reference.", + "extensionRef": { + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nSupport: Implementation-specific\n\nThis filter can be used multiple times within the same rule.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "group": { + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "group", + "kind", + "name" + ], + "type": "object" }, - "step": { - "description": "Pipeline step.", - "type": "string" - } - }, - "required": [ - "hook", - "step" - ], - "type": "object" - }, - "type": "array" - }, - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "instanceType": { - "description": "Selected InstanceType that will override the VM properties.", - "type": "string" - }, - "luks": { - "description": "Disk decryption LUKS keys", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, - "networkNameTemplate": { - "description": "NetworkNameTemplate is a template for generating network interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .NetworkName: If target network is multus, name of the Multus network attachment definition, empty otherwise.\n - .NetworkNamespace: If target network is multus, namespace where the network attachment definition is located.\n - .NetworkType: type of the network (\"Multus\" or \"Pod\")\n - .NetworkIndex: sequential index of the network interface (0-based)\nThe template can be used to customize network interface names based on target network configuration.\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"net-{{.NetworkIndex}}\"\n \"{{if eq .NetworkType \"Pod\"}}pod{{else}}multus-{{.NetworkIndex}}{{end}}\"", - "type": "string" - }, - "newName": { - "description": "The new name of the VM after matching DNS1123 requirements.", - "type": "string" - }, - "operatingSystem": { - "description": "The Operating System detected by virt-v2v.", - "type": "string" - }, - "phase": { - "description": "Phase", - "type": "string" - }, - "pipeline": { - "description": "Migration pipeline.", - "items": { - "description": "Pipeline step.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations.", - "type": "object" - }, - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "description": { - "description": "Name", - "type": "string" - }, - "error": { - "description": "Error.", + "requestHeaderModifier": { + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", "properties": { - "phase": { - "type": "string" + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "reasons": { + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "items": { "type": "string" }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "required": [ - "phase", - "reasons" - ], "type": "object" }, - "name": { - "description": "Name.", - "type": "string" - }, - "phase": { - "description": "Phase", - "type": "string" - }, - "progress": { - "description": "Progress.", + "requestMirror": { + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", "properties": { - "completed": { - "description": "Completed units.", - "format": "int64", - "type": "integer" + "backendRef": { + "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", + "properties": { + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] }, - "total": { - "description": "Total units.", - "format": "int64", + "fraction": { + "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "properties": { + "denominator": { + "default": 100, + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "numerator": { + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "numerator" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "numerator must be less than or equal to denominator", + "rule": "self.numerator <= self.denominator" + } + ] + }, + "percent": { + "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "format": "int32", + "maximum": 100, + "minimum": 0, "type": "integer" } }, "required": [ - "completed", - "total" + "backendRef" ], - "type": "object" - }, - "reason": { - "description": "Reason", - "type": "string" - }, - "started": { - "description": "Started timestamp.", - "format": "date-time", - "type": "string" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", + "rule": "!(has(self.percent) && has(self.fraction))" + } + ] }, - "tasks": { - "description": "Nested tasks.", - "items": { - "description": "Migration task.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations.", - "type": "object" - }, - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "description": { - "description": "Name", - "type": "string" - }, - "error": { - "description": "Error.", + "responseHeaderModifier": { + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", + "properties": { + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "phase": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "reasons": { - "items": { - "type": "string" - }, - "type": "array" + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" } }, "required": [ - "phase", - "reasons" + "name", + "value" ], "type": "object" }, - "name": { - "description": "Name.", - "type": "string" - }, - "phase": { - "description": "Phase", + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { "type": "string" }, - "progress": { - "description": "Progress.", + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "completed": { - "description": "Completed units.", - "format": "int64", - "type": "integer" + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" }, - "total": { - "description": "Total units.", - "format": "int64", - "type": "integer" + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" } }, "required": [ - "completed", - "total" + "name", + "value" ], "type": "object" }, - "reason": { - "description": "Reason", + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "type": { + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.", + "enum": [ + "ResponseHeaderModifier", + "RequestHeaderModifier", + "RequestMirror", + "ExtensionRef" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", + "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + }, + { + "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", + "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", + "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", + "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + }, + { + "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", + "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" + }, + { + "message": "filter.requestMirror must be specified for RequestMirror filter.type", + "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + }, + { + "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", + "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + }, + { + "message": "filter.extensionRef must be specified for ExtensionRef filter.type", + "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + } + ] + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "RequestHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + }, + { + "message": "ResponseHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + } + ] + }, + "matches": { + "description": "Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria.", + "items": { + "description": "GRPCRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a gRPC request only if its service\nis `foo` AND it contains the `version: v1` header:\n\n```\nmatches:\n - method:\n type: Exact\n service: \"foo\"\n headers:\n - name: \"version\"\n value \"v1\"\n\n```", + "properties": { + "headers": { + "description": "Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route.", + "items": { + "description": "GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request\nheaders.", + "properties": { + "name": { + "description": "Name is the name of the gRPC Header to be matched.\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "started": { - "description": "Started timestamp.", - "format": "date-time", + "type": { + "default": "Exact", + "description": "Type specifies how to match against the value of the header.", + "enum": [ + "Exact", + "RegularExpression" + ], + "type": "string" + }, + "value": { + "description": "Value is the value of the gRPC Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" } }, "required": [ "name", - "progress" + "value" ], "type": "object" }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "method": { + "description": "Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match.", + "properties": { + "method": { + "description": "Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\nAt least one of Service and Method MUST be a non-empty string.", + "maxLength": 1024, + "type": "string" + }, + "service": { + "description": "Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\nAt least one of Service and Method MUST be a non-empty string.", + "maxLength": 1024, + "type": "string" + }, + "type": { + "default": "Exact", + "description": "Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\nSupport: Implementation-specific (RegularExpression)", + "enum": [ + "Exact", + "RegularExpression" + ], + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "One or both of 'service' or 'method' must be specified", + "rule": "has(self.type) ? has(self.service) || has(self.method) : true" + }, + { + "message": "service must only contain valid characters (matching ^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$)", + "rule": "(!has(self.type) || self.type == 'Exact') && has(self.service) ? self.service.matches(r\"\"\"^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$\"\"\"): true" + }, + { + "message": "method must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)", + "rule": "(!has(self.type) || self.type == 'Exact') && has(self.method) ? self.method.matches(r\"\"\"^[A-Za-z_][A-Za-z_0-9]*$\"\"\"): true" + } + ] + } + }, + "type": "object" + }, + "maxItems": 8, + "type": "array" + } + }, + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128", + "rule": "(self.size() > 0 ? (has(self[0].matches) ? self[0].matches.size() : 0) : 0) + (self.size() > 1 ? (has(self[1].matches) ? self[1].matches.size() : 0) : 0) + (self.size() > 2 ? (has(self[2].matches) ? self[2].matches.size() : 0) : 0) + (self.size() > 3 ? (has(self[3].matches) ? self[3].matches.size() : 0) : 0) + (self.size() > 4 ? (has(self[4].matches) ? self[4].matches.size() : 0) : 0) + (self.size() > 5 ? (has(self[5].matches) ? self[5].matches.size() : 0) : 0) + (self.size() > 6 ? (has(self[6].matches) ? self[6].matches.size() : 0) : 0) + (self.size() > 7 ? (has(self[7].matches) ? self[7].matches.size() : 0) : 0) + (self.size() > 8 ? (has(self[8].matches) ? self[8].matches.size() : 0) : 0) + (self.size() > 9 ? (has(self[9].matches) ? self[9].matches.size() : 0) : 0) + (self.size() > 10 ? (has(self[10].matches) ? self[10].matches.size() : 0) : 0) + (self.size() > 11 ? (has(self[11].matches) ? self[11].matches.size() : 0) : 0) + (self.size() > 12 ? (has(self[12].matches) ? self[12].matches.size() : 0) : 0) + (self.size() > 13 ? (has(self[13].matches) ? self[13].matches.size() : 0) : 0) + (self.size() > 14 ? (has(self[14].matches) ? self[14].matches.size() : 0) : 0) + (self.size() > 15 ? (has(self[15].matches) ? self[15].matches.size() : 0) : 0) <= 128" + } + ] + } + }, + "type": "object" + }, + "status": { + "description": "Status defines the current state of GRPCRoute.", + "properties": { + "parents": { + "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", + "items": { + "description": "RouteParentStatus describes the status of a route with respect to an\nassociated Parent.", + "properties": { + "conditions": { + "description": "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n* The Route refers to a nonexistent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" } }, "required": [ - "name", - "progress" + "lastTransitionTime", + "message", + "reason", + "status", + "type" ], "type": "object" }, - "type": "array" - }, - "pvcNameTemplate": { - "description": "PVCNameTemplate is a template for generating PVC names for VM disks.\nIt follows Go template syntax and has access to the following variables:\n - .VmName: name of the VM\n - .PlanName: name of the migration plan\n - .DiskIndex: initial volume index of the disk\n - .RootDiskIndex: index of the root disk\n - .Shared: true if the volume is shared by multiple VMs, false otherwise\nNote:\n This template overrides the plan level template.\nExamples:\n \"{{.VmName}}-disk-{{.DiskIndex}}\"\n \"{{if eq .DiskIndex .RootDiskIndex}}root{{else}}data{{end}}-{{.DiskIndex}}\"\n \"{{if .Shared}}shared-{{end}}{{.VmName}}-{{.DiskIndex}}\"", - "type": "string" - }, - "restorePowerState": { - "description": "Source VM power state before migration.", - "type": "string" - }, - "rootDisk": { - "description": "Choose the primary disk the VM boots from", - "type": "string" - }, - "started": { - "description": "Started timestamp.", - "format": "date-time", - "type": "string" - }, - "targetName": { - "description": "TargetName specifies a custom name for the VM in the target cluster.\nIf not provided, the original VM name will be used and automatically adjusted to meet k8s DNS1123 requirements.\nIf provided, this exact name will be used instead. The migration will fail if the name is not unique or already in use.", - "type": "string" - }, - "targetPowerState": { - "description": "TargetPowerState specifies the desired power state of the target VM after migration.\n- \"on\": Target VM will be powered on after migration\n- \"off\": Target VM will be powered off after migration\n- \"auto\" or nil (default): Target VM will match the source VM's power state", - "enum": [ - "on", - "off", - "auto" + "maxItems": 8, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" ], - "type": "string" - }, - "type": { - "description": "Type used to qualify the name.", - "type": "string" + "x-kubernetes-list-type": "map" }, - "volumeNameTemplate": { - "description": "VolumeNameTemplate is a template for generating volume interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .PVCName: name of the PVC mounted to the VM using this volume\n - .VolumeIndex: sequential index of the volume interface (0-based)\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"disk-{{.VolumeIndex}}\"\n \"pvc-{{.PVCName}}\"", + "controllerName": { + "description": "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", "type": "string" }, - "warm": { - "description": "Warm migration status", + "parentRef": { + "description": "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of.", "properties": { - "consecutiveFailures": { - "type": "integer" + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" }, - "failures": { - "type": "integer" + "kind": { + "default": "Gateway", + "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" }, - "nextPrecopyAt": { - "format": "date-time", + "name": { + "description": "Name is the name of the referent.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, "type": "string" }, - "precopies": { - "items": { - "description": "Precopy durations", - "properties": { - "createTaskId": { - "type": "string" - }, - "deltas": { - "items": { - "properties": { - "deltaId": { - "type": "string" - }, - "disk": { - "type": "string" - } - }, - "required": [ - "deltaId", - "disk" - ], - "type": "object" - }, - "type": "array" - }, - "end": { - "format": "date-time", - "type": "string" - }, - "removeTaskId": { - "type": "string" - }, - "snapshot": { - "type": "string" - }, - "start": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" + "namespace": { + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "successes": { + "port": { + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, "type": "integer" + }, + "sectionName": { + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" } }, "required": [ - "consecutiveFailures", - "failures", - "successes" + "name" ], "type": "object" } }, "required": [ - "phase", - "pipeline" + "controllerName", + "parentRef" ], "type": "object" }, + "maxItems": 32, "type": "array" } }, + "required": [ + "parents" + ], "type": "object" } }, @@ -73506,14 +72606,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "Migration", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "GRPCRoute", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/MigrationList": { - "description": "MigrationList is a list of Migration", + "gateway.networking.k8s.io/v1/GRPCRouteList": { + "description": "GRPCRouteList is a list of GRPCRoute", "namespaced": true, "properties": { "apiVersion": { @@ -73521,9 +72621,9 @@ "type": "string" }, "items": { - "description": "List of migrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of grpcroutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.Migration" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.GRPCRoute" }, "type": "array" }, @@ -73546,14 +72646,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "MigrationList", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "GRPCRouteList", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/NetworkMap": { - "description": "", + "gateway.networking.k8s.io/v1/Gateway": { + "description": "Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses.", "namespaced": true, "properties": { "apiVersion": { @@ -73573,299 +72673,728 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Network map spec.", + "description": "Spec defines the desired state of Gateway.", "properties": { - "map": { - "description": "Map.", + "addresses": { + "description": "Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\nSupport: Extended", "items": { - "description": "Mapped network.", - "properties": { - "destination": { - "description": "Destination network.", + "description": "GatewayAddress describes an address that can be bound to a Gateway.", + "oneOf": [ + { "properties": { - "name": { - "description": "The name.", - "type": "string" - }, - "namespace": { - "description": "The namespace (multus only).", - "type": "string" - }, "type": { - "description": "Type of network to use for the destination.\nValid values:\n- pod: Use the Kubernetes pod network\n- multus: Use a Multus additional network\n- ignored: Network is excluded from mapping", "enum": [ - "pod", - "multus", - "ignored" - ], - "type": "string" + "IPAddress" + ] + }, + "value": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ] } - }, - "required": [ - "type" - ], - "type": "object" + } }, - "source": { - "description": "Source network.", + { "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, "type": { - "description": "Type used to qualify the name.", - "type": "string" + "not": { + "enum": [ + "IPAddress" + ] + } } - }, - "type": "object" + } + } + ], + "properties": { + "type": { + "default": "IPAddress", + "description": "Type of the address.", + "maxLength": 253, + "minLength": 1, + "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string" + }, + "value": { + "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", + "maxLength": 253, + "minLength": 1, + "type": "string" } }, "required": [ - "destination", - "source" + "value" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", + "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" + } + ] }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "IPAddress values must be unique", + "rule": "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + }, + { + "message": "Hostname values must be unique", + "rule": "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + } + ] }, - "provider": { - "description": "Provider", + "gatewayClassName": { + "description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "infrastructure": { + "description": "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\nSupport: Extended", "properties": { - "destination": { - "description": "Destination.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "annotations": { + "additionalProperties": { + "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", + "maxLength": 4096, + "minLength": 0, + "type": "string" + }, + "description": "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\nSupport: Extended", + "maxProperties": 8, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", + "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + { + "message": "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total.", + "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" } + ] + }, + "labels": { + "additionalProperties": { + "description": "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\nValid values include:\n\n* MyValue\n* my.name\n* 123-my-value", + "maxLength": 63, + "minLength": 0, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" }, + "description": "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\nSupport: Extended", + "maxProperties": 8, "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", + "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + }, + { + "message": "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total.", + "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" + } + ] }, - "source": { - "description": "Source.", + "parametersRef": { + "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the Gateway SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nSupport: Implementation-specific", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "group": { + "description": "Group is the group of the referent.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is kind of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "group", + "kind", + "name" + ], + "type": "object" } }, - "required": [ - "destination", - "source" - ], "type": "object" - } - }, - "required": [ - "map", - "provider" - ], - "type": "object" - }, - "status": { - "description": "MapStatus defines the observed state of Maps.", - "properties": { - "conditions": { - "description": "List of conditions.", + }, + "listeners": { + "description": "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n## Distinct Listeners\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on the objects\nthey support:\n\nHTTPRoute\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\nTLSRoute\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\"Distinct\" Listeners have the following property:\n\n**The implementation can match inbound requests to a single distinct\nListener**.\n\nWhen multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\nWhen multiple listeners have the same value for the Protocol field, then\neach of the Listeners with matching Protocol values MUST have different\nvalues for other fields.\n\nThe set of fields that MUST be different for a Listener differs per protocol.\nThe following rules define the rules for what fields MUST be considered for\nListeners to be distinct with each protocol currently defined in the\nGateway API spec.\n\nThe set of listeners that all share a protocol value MUST have _different_\nvalues for _at least one_ of these fields to be distinct:\n\n* **HTTP, HTTPS, TLS**: Port, Hostname\n* **TCP, UDP**: Port\n\nOne **very** important rule to call out involves what happens when an\nimplementation:\n\n* Supports TCP protocol Listeners, as well as HTTP, HTTPS, or TLS protocol\n Listeners, and\n* sees HTTP, HTTPS, or TLS protocols with the same `port` as one with TCP\n Protocol.\n\nIn this case all the Listeners that share a port with the\nTCP Listener are not distinct and so MUST NOT be accepted.\n\nIf an implementation does not support TCP Protocol Listeners, then the\nprevious rule does not apply, and the TCP Listeners SHOULD NOT be\naccepted.\n\nNote that the `tls` field is not used for determining if a listener is distinct, because\nListeners that _only_ differ on TLS config will still conflict in all cases.\n\n### Listeners that are distinct only by Hostname\n\nWhen the Listeners are distinct based only on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\nExact matches MUST be processed before wildcard matches, and wildcard\nmatches MUST be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\n\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n## Handling indistinct Listeners\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are _Conflicted_, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\nThe words \"indistinct\" and \"conflicted\" are considered equivalent for the\npurpose of this documentation.\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners.\n\nSpecifically, an implementation MAY accept a partial Listener set subject to\nthe following rules:\n\n* The implementation MUST NOT pick one conflicting Listener as the winner.\n ALL indistinct Listeners must not be accepted for processing.\n* At least one distinct Listener MUST be present, or else the Gateway effectively\n contains _no_ Listeners, and must be rejected from processing as a whole.\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n## General Listener behavior\n\nNote that, for all distinct Listeners, requests SHOULD match at most one Listener.\nFor example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\n\nThis concept is known as \"Listener Isolation\", and it is an Extended feature\nof Gateway API. Implementations that do not support Listener Isolation MUST\nclearly document this, and MUST NOT claim support for the\n`GatewayHTTPListenerIsolation` feature.\n\nImplementations that _do_ support Listener Isolation SHOULD claim support\nfor the Extended `GatewayHTTPListenerIsolation` feature and pass the associated\nconformance tests.\n\n## Compatible Listeners\n\nA Gateway's Listeners are considered _compatible_ if:\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\nIn a future release the MinItems=1 requirement MAY be dropped.\n\nSupport: Core", "items": { - "description": "Condition", + "description": "Listener embodies the concept of a logical endpoint where a Gateway accepts\nnetwork connections.", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" + "allowedRoutes": { + "default": { + "namespaces": { + "from": "Same" + } }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" + "description": "AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\nSupport: Core", + "properties": { + "kinds": { + "description": "Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\nSupport: Core", + "items": { + "description": "RouteGroupKind indicates the group and kind of a Route resource.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the Route.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is the kind of the Route.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array" + }, + "namespaces": { + "default": { + "from": "Same" + }, + "description": "Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\nSupport: Core", + "properties": { + "from": { + "default": "Same", + "description": "From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\nSupport: Core", + "enum": [ + "All", + "Selector", + "Same", + "None" + ], + "type": "string" + }, + "selector": { + "description": "Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" }, - "message": { - "description": "The human readable description of the condition.", + "hostname": { + "description": "Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match both the SNI and Host header.\n Note that this does not require the SNI and Host header to be the same.\n The semantics of this are described in more detail below.\n\nTo ensure security, Section 11.1 of RFC-6066 emphasizes that server\nimplementations that rely on SNI hostname matching MUST also verify\nhostnames within the application protocol.\n\nSection 9.1.2 of RFC-7540 provides a mechanism for servers to reject the\nreuse of a connection by responding with the HTTP 421 Misdirected Request\nstatus code. This indicates that the origin server has rejected the\nrequest because it appears to have been misdirected.\n\nTo detect misdirected requests, Gateways SHOULD match the authority of\nthe requests with all the SNI hostname(s) configured across all the\nGateway Listeners on the same port and protocol:\n\n* If another Listener has an exact match or more specific wildcard entry,\n the Gateway SHOULD return a 421.\n* If the current Listener (selected by SNI matching during ClientHello)\n does not match the Host:\n * If another Listener does match the Host the Gateway SHOULD return a\n 421.\n * If no other Listener matches the Host, the Gateway MUST return a\n 404.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "reason": { - "description": "The reason for the condition or transition.", + "name": { + "description": "Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "status": { - "description": "The condition status [true,false].", - "type": "string" + "port": { + "description": "Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "type": { - "description": "The condition type.", + "protocol": { + "description": "Protocol specifies the network protocol this listener expects to receive.\n\nSupport: Core", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$", "type": "string" + }, + "tls": { + "description": "TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\nSupport: Core", + "properties": { + "certificateRefs": { + "description": "CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\nSupport: Implementation-specific (More than one reference or other resource types)", + "items": { + "description": "SecretObjectReference identifies an API object including its namespace,\ndefaulting to Secret.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.", + "properties": { + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "default": "Secret", + "description": "Kind is kind of the referent. For example \"Secret\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 64, + "type": "array" + }, + "mode": { + "default": "Terminate", + "description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core", + "enum": [ + "Terminate", + "Passthrough" + ], + "type": "string" + }, + "options": { + "additionalProperties": { + "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", + "maxLength": 4096, + "minLength": 0, + "type": "string" + }, + "description": "Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\nSupport: Implementation-specific", + "maxProperties": 16, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "certificateRefs or options must be specified when mode is Terminate", + "rule": "self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true" + } + ] } }, "required": [ - "category", - "lastTransitionTime", - "status", - "type" + "name", + "port", + "protocol" ], "type": "object" }, + "maxItems": 64, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']", + "rule": "self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" + }, + { + "message": "tls mode must be Terminate for protocol HTTPS", + "rule": "self.all(l, (l.protocol == 'HTTPS' && has(l.tls)) ? (l.tls.mode == '' || l.tls.mode == 'Terminate') : true)" + }, + { + "message": "hostname must not be specified for protocols ['TCP', 'UDP']", + "rule": "self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" + }, + { + "message": "Listener name must be unique within the Gateway", + "rule": "self.all(l1, self.exists_one(l2, l1.name == l2.name))" + }, + { + "message": "Combination of port, protocol and hostname must be unique for each listener", + "rule": "self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" + } + ] + } + }, + "required": [ + "gatewayClassName", + "listeners" + ], + "type": "object" + }, + "status": { + "default": { + "conditions": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + }, + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Programmed" + } + ] + }, + "description": "Status defines the current state of Gateway.", + "properties": { + "addresses": { + "description": "Addresses lists the network addresses that have been bound to the\nGateway.\n\nThis list may differ from the addresses provided in the spec under some\nconditions:\n\n * no addresses are specified, all addresses are dynamically assigned\n * a combination of specified and dynamic addresses are assigned\n * a specified address was unusable (e.g. already in use)", + "items": { + "description": "GatewayStatusAddress describes a network address that is bound to a Gateway.", + "oneOf": [ + { + "properties": { + "type": { + "enum": [ + "IPAddress" + ] + }, + "value": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ] + } + } + }, + { + "properties": { + "type": { + "not": { + "enum": [ + "IPAddress" + ] + } + } + } + } + ], + "properties": { + "type": { + "default": "IPAddress", + "description": "Type of the address.", + "maxLength": 253, + "minLength": 1, + "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string" + }, + "value": { + "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", + "maxLength": 253, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", + "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" + } + ] + }, + "maxItems": 16, "type": "array" }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "references": { + "conditions": { + "default": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + }, + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Programmed" + } + ], + "description": "Conditions describe the current conditions of the Gateway.\n\nImplementations should prefer to express Gateway conditions\nusing the `GatewayConditionType` and `GatewayConditionReason`\nconstants so that operators and tools can converge on a common\nvocabulary to describe Gateway state.\n\nKnown condition types are:\n\n* \"Accepted\"\n* \"Programmed\"\n* \"Ready\"", "items": { - "description": "Source reference.\nEither the ID or Name must be specified.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "Type used to qualify the name.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "type": "object" }, - "type": "array" + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "listeners": { + "description": "Listeners provide status for each unique listener port defined in the Spec.", + "items": { + "description": "ListenerStatus is the status associated with a Listener.", + "properties": { + "attachedRoutes": { + "description": "AttachedRoutes represents the total number of Routes that have been\nsuccessfully attached to this Listener.\n\nSuccessful attachment of a Route to a Listener is based solely on the\ncombination of the AllowedRoutes field on the corresponding Listener\nand the Route's ParentRefs field. A Route is successfully attached to\na Listener when it is selected by the Listener's AllowedRoutes field\nAND the Route has a valid ParentRef selecting the whole Gateway\nresource or a specific Listener as a parent resource (more detail on\nattachment semantics can be found in the documentation on the various\nRoute kinds ParentRefs fields). Listener or Route status does not impact\nsuccessful attachment, i.e. the AttachedRoutes field count MUST be set\nfor Listeners with condition Accepted: false and MUST count successfully\nattached Routes that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting Route attachment and\nmeasuring blast radius/impact of changes to a Listener.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "Conditions describe the current condition of this listener.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "name": { + "description": "Name is the name of the Listener that this status corresponds to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "supportedKinds": { + "description": "SupportedKinds is the list indicating the Kinds supported by this\nlistener. This MUST represent the kinds an implementation supports for\nthat Listener configuration.\n\nIf kinds are specified in Spec that are not supported, they MUST NOT\nappear in this list and an implementation MUST set the \"ResolvedRefs\"\ncondition to \"False\" with the \"InvalidRouteKinds\" reason. If both valid\nand invalid Route kinds are specified, the implementation MUST\nreference the valid Route kinds that have been specified.", + "items": { + "description": "RouteGroupKind indicates the group and kind of a Route resource.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the Route.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is the kind of the Route.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array" + } + }, + "required": [ + "attachedRoutes", + "conditions", + "name", + "supportedKinds" + ], + "type": "object" + }, + "maxItems": 64, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "NetworkMap", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/NetworkMapList": { - "description": "NetworkMapList is a list of NetworkMap", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of networkmaps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.NetworkMap" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "NetworkMapList", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "Gateway", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/OpenstackVolumePopulator": { - "description": "", - "namespaced": true, + "gateway.networking.k8s.io/v1/GatewayClass": { + "description": "GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\nGatewayClass is a Cluster level resource.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -73884,63 +73413,151 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { + "description": "Spec defines the desired state of GatewayClass.", "properties": { - "identityUrl": { - "type": "string" - }, - "imageId": { - "type": "string" + "controllerName": { + "description": "ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\nExample: \"example.net/gateway-controller\".\n\nThis field is not mutable and cannot be empty.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Value is immutable", + "rule": "self == oldSelf" + } + ] }, - "secretName": { + "description": { + "description": "Description helps describe a GatewayClass with more details.", + "maxLength": 64, "type": "string" }, - "transferNetwork": { - "description": "The network attachment definition that should be used for disk transfer.", + "parametersRef": { + "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the GatewayClass SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nSupport: Implementation-specific", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "group": { + "description": "Group is the group of the referent.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is kind of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "description": "Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "group", + "kind", + "name" + ], + "type": "object" } }, "required": [ - "identityUrl", - "imageId", - "secretName" + "controllerName" ], "type": "object" }, "status": { + "default": { + "conditions": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + } + ] + }, + "description": "Status defines the current state of GatewayClass.\n\nImplementations MUST populate status on all GatewayClass resources which\nspecify their controller name.", "properties": { - "progress": { - "type": "string" + "conditions": { + "default": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + } + ], + "description": "Conditions is the current status from the controller for\nthis GatewayClass.\n\nControllers should prefer to publish conditions using values\nof GatewayClassConditionType for the type of each Condition.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" @@ -73952,14 +73569,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "OpenstackVolumePopulator", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "GatewayClass", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/OpenstackVolumePopulatorList": { - "description": "OpenstackVolumePopulatorList is a list of OpenstackVolumePopulator", + "gateway.networking.k8s.io/v1/GatewayClassList": { + "description": "GatewayClassList is a list of GatewayClass", "namespaced": true, "properties": { "apiVersion": { @@ -73967,9 +73584,9 @@ "type": "string" }, "items": { - "description": "List of openstackvolumepopulators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of gatewayclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.OpenstackVolumePopulator" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.GatewayClass" }, "type": "array" }, @@ -73992,109 +73609,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "OpenstackVolumePopulatorList", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/OvirtVolumePopulator": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "diskId": { - "type": "string" - }, - "engineSecretName": { - "type": "string" - }, - "engineUrl": { - "type": "string" - }, - "transferNetwork": { - "description": "The network attachment definition that should be used for disk transfer.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "diskId", - "engineSecretName", - "engineUrl" - ], - "type": "object" - }, - "status": { - "properties": { - "progress": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "OvirtVolumePopulator", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "GatewayClassList", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/OvirtVolumePopulatorList": { - "description": "OvirtVolumePopulatorList is a list of OvirtVolumePopulator", + "gateway.networking.k8s.io/v1/GatewayList": { + "description": "GatewayList is a list of Gateway", "namespaced": true, "properties": { "apiVersion": { @@ -74102,9 +73624,9 @@ "type": "string" }, "items": { - "description": "List of ovirtvolumepopulators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of gateways. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.OvirtVolumePopulator" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.Gateway" }, "type": "array" }, @@ -74127,14 +73649,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "OvirtVolumePopulatorList", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "GatewayList", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/Plan": { - "description": "", + "gateway.networking.k8s.io/v1/HTTPRoute": { + "description": "HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed.", "namespaced": true, "properties": { "apiVersion": { @@ -74154,2244 +73676,1623 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "PlanSpec defines the desired state of Plan.", + "description": "Spec defines the desired state of HTTPRoute.", "properties": { - "archived": { - "description": "Whether this plan should be archived.", - "type": "boolean" - }, - "deleteGuestConversionPod": { - "description": "DeleteGuestConversionPod determines if the guest conversion pod should be deleted after successful migration.\nNote:\n - If this option is enabled and migration succeeds then the pod will get deleted. However the VM could still not boot and the virt-v2v logs, with additional information, will be deleted alongside guest conversion pod.\n - If migration fails the conversion pod will remain present even if this option is enabled.", - "type": "boolean" - }, - "description": { - "description": "Description", - "type": "string" - }, - "diskBus": { - "description": "Deprecated: this field will be deprecated in 2.8.", - "type": "string" - }, - "installLegacyDrivers": { - "description": "InstallLegacyDrivers determines whether to install legacy windows drivers in the VM.\nThe following Vm's are lack of SHA-2 support and need legacy drivers:\nWindows XP (all)\nWindows Server 2003\nWindows Vista (all)\nWindows Server 2008\nWindows 7 (pre-SP1)\nWindows Server 2008 R2\nBehavior:\n- If set to nil (unset), the system will automatically detect whether the VM requires legacy drivers\n based on its guest OS type (using IsLegacyWindows).\n- If set to true, legacy drivers will be installed unconditionally by setting the VIRTIO_WIN environment variable.\n- If set to false, legacy drivers will be skipped, and the system will fall back to using the standard (SHA-2 signed) drivers.\n\nWhen enabled, legacy drivers are exposed to the virt-v2v conversion process via the VIRTIO_WIN environment variable,\nwhich points to the legacy ISO at /usr/local/virtio-win.iso.", - "type": "boolean" + "hostnames": { + "description": "Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\nSupport: Core", + "items": { + "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", + "maxLength": 253, + "minLength": 1, + "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "maxItems": 16, + "type": "array" }, - "map": { - "description": "Resource mapping.", - "properties": { - "network": { - "description": "Network.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "parentRefs": { + "description": "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nParentRefs must be _distinct_. This means either that:\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\nSome examples:\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.", + "items": { + "description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storage": { - "description": "Storage.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "kind": { + "default": "Gateway", + "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "network", - "storage" - ], - "type": "object" - }, - "migrateSharedDisks": { - "default": true, - "description": "Determines if the plan should migrate shared disks.", - "type": "boolean" - }, - "networkNameTemplate": { - "description": "NetworkNameTemplate is a template for generating network interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .NetworkName: If target network is multus, name of the Multus network attachment definition, empty otherwise.\n - .NetworkNamespace: If target network is multus, namespace where the network attachment definition is located.\n - .NetworkType: type of the network (\"Multus\" or \"Pod\")\n - .NetworkIndex: sequential index of the network interface (0-based)\nThe template can be used to customize network interface names based on target network configuration.\nNote:\n - This template can be overridden at the individual VM level\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"net-{{.NetworkIndex}}\"\n \"{{if eq .NetworkType \"Pod\"}}pod{{else}}multus-{{.NetworkIndex}}{{end}}\"", - "type": "string" - }, - "preserveClusterCpuModel": { - "description": "Preserve the CPU model and flags the VM runs with in its oVirt cluster.", - "type": "boolean" - }, - "preserveStaticIPs": { - "description": "Preserve static IPs of VMs in vSphere", - "type": "boolean" - }, - "provider": { - "description": "Providers.", - "properties": { - "destination": { - "description": "Destination.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "name": { + "description": "Name is the name of the referent.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "namespace": { + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "port": { + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "sectionName": { + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } }, - "source": { - "description": "Source.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "sectionName must be specified when parentRefs includes 2 or more references to the same parent", + "rule": "self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))" + }, + { + "message": "sectionName must be unique when parentRefs includes 2 or more references to the same parent", + "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))" + } + ] + }, + "rules": { + "default": [ + { + "matches": [ + { + "path": { + "type": "PathPrefix", + "value": "/" + } } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + ] } - }, - "required": [ - "destination", - "source" ], - "type": "object" - }, - "pvcNameTemplate": { - "description": "PVCNameTemplate is a template for generating PVC names for VM disks.\nIt follows Go template syntax and has access to the following variables:\n - .VmName: name of the VM\n - .PlanName: name of the migration plan\n - .DiskIndex: initial volume index of the disk\n - .WinDriveLetter: Windows drive letter (lower case, if applicable, e.g. \"c\", require guest agent)\n - .RootDiskIndex: index of the root disk\n - .Shared: true if the volume is shared by multiple VMs, false otherwise\n - .FileName: name of the file in the source provider (vmWare only, require guest agent)\nNote:\n This template can be overridden at the individual VM level.\nExamples:\n \"{{.VmName}}-disk-{{.DiskIndex}}\"\n \"{{if eq .DiskIndex .RootDiskIndex}}root{{else}}data{{end}}-{{.DiskIndex}}\"\n \"{{if .Shared}}shared-{{end}}{{.VmName}}-{{.DiskIndex}}\"", - "type": "string" - }, - "pvcNameTemplateUseGenerateName": { - "default": true, - "description": "PVCNameTemplateUseGenerateName indicates if the PVC name template should use generateName instead of name.\nSetting this to false will use the name field of the PVCNameTemplate.\nThis is useful when using a template that generates a name without a suffix.\nFor example, if the template is \"{{.VmName}}-disk-{{.DiskIndex}}\", setting this to false will result in\nthe PVC name being \"{{.VmName}}-disk-{{.DiskIndex}}\", which may not be unique.\nbut will be more predictable.\n**DANGER** When set to false, the generated PVC name may not be unique and may cause conflicts.", - "type": "boolean" - }, - "skipGuestConversion": { - "default": false, - "description": "Determines if the plan should skip the guest conversion.", - "type": "boolean" - }, - "targetAffinity": { - "description": "TargetAffinity allows specifying hard- and soft-affinity for VMs.\nit is possible to write matching rules against workloads (VMs and Pods) and Nodes.\nSince VMs are a workload type based on Pods, Pod-affinity affects VMs as well.\nSee virtual machine instance Affinity documentation for more details,\nhttps://kubevirt.io/user-guide/compute/node_assignment/#affinity-and-anti-affinity", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", + "description": "Rules are a list of HTTP matchers, filters and actions.", + "items": { + "description": "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", + "properties": { + "backendRefs": { + "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints,\nimplementations SHOULD return a 503 for requests to that backend instead.\nIf an implementation chooses to do this, all of the above rules for 500 responses\nMUST also apply for responses that return a 503.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + "items": { + "description": "HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", + "properties": { + "filters": { + "description": "Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)", + "items": { + "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "extensionRef": { + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", + "properties": { + "group": { + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "kind": { + "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "group", + "kind", + "name" + ], + "type": "object" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "requestHeaderModifier": { + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name", + "value" ], "type": "object" }, + "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "matchLabels": { - "additionalProperties": { + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name", + "value" ], "type": "object" }, + "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "requestMirror": { + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", + "properties": { + "backendRef": { + "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", + "properties": { + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "kind": { + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] }, - "required": [ - "key", - "operator" - ], - "type": "object" + "fraction": { + "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "properties": { + "denominator": { + "default": 100, + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "numerator": { + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "numerator" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "numerator must be less than or equal to denominator", + "rule": "self.numerator <= self.denominator" + } + ] + }, + "percent": { + "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "format": "int32", + "maximum": 100, + "minimum": 0, + "type": "integer" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "backendRef" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", + "rule": "!(has(self.percent) && has(self.fraction))" + } + ] }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "requestRedirect": { + "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "properties": { + "hostname": { + "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "port": { + "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "scheme": { + "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", + "enum": [ + "http", + "https" + ], + "type": "string" + }, + "statusCode": { + "default": 302, + "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", + "enum": [ + 301, + 302 + ], + "type": "integer" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + }, + "responseHeaderModifier": { + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name", + "value" ], "type": "object" }, + "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "matchLabels": { - "additionalProperties": { + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name", + "value" ], "type": "object" }, + "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": { + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "RequestHeaderModifier", + "ResponseHeaderModifier", + "RequestMirror", + "RequestRedirect", + "URLRewrite", + "ExtensionRef" + ], "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + }, + "urlRewrite": { + "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", + "properties": { + "hostname": { + "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines a path rewrite.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, + "required": [ + "type" + ], "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", + "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + }, + { + "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", + "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", + "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", + "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + }, + { + "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", + "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" + }, + { + "message": "filter.requestMirror must be specified for RequestMirror filter.type", + "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + }, + { + "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", + "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" + }, + { + "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", + "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" + }, + { + "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", + "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + }, + { + "message": "filter.urlRewrite must be specified for URLRewrite filter.type", + "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + }, + { + "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", + "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + }, + { + "message": "filter.extensionRef must be specified for ExtensionRef filter.type", + "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + } + ] }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + { + "message": "RequestHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + { + "message": "ResponseHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + { + "message": "RequestRedirect filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" + }, + { + "message": "URLRewrite filter cannot be repeated", + "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" + } + ] }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "targetLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "TargetLabels are labels that should be applied to the target virtual machines.\nSee Pod Labels documentation for more details,\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#labels", - "type": "object" - }, - "targetNamespace": { - "description": "Target namespace.", - "type": "string" - }, - "targetNodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "TargetNodeSelector, constrains the scheduler to only schedule VMs on nodes,\nwhich contain the specified labels.\nSee virtual machine instance NodeSelector documentation for more details,\nhttps://kubevirt.io/user-guide/compute/node_assignment/#nodeselector", - "type": "object" - }, - "targetPowerState": { - "description": "TargetPowerState specifies the desired power state of the target VM after migration.\n- \"on\": Target VM will be powered on after migration\n- \"off\": Target VM will be powered off after migration\n- \"auto\" or nil (default): Target VM will match the source VM's power state", - "enum": [ - "on", - "off", - "auto" - ], - "type": "string" - }, - "transferNetwork": { - "description": "The network attachment definition that should be used for disk transfer.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Migration type. e.g. \"cold\", \"warm\", \"live\". Supersedes the `warm` boolean if set.", - "enum": [ - "cold", - "warm", - "live" - ], - "type": "string" - }, - "useCompatibilityMode": { - "default": true, - "description": "useCompatibilityMode controls whether to use VirtIO devices when skipGuestConversion is true (Raw Copy mode).\nThis setting has no effect when skipGuestConversion is false (V2V Conversion always uses VirtIO).\n- true (default): Use compatibility devices (SATA bus, E1000E NIC) to ensure bootability\n- false: Use high-performance VirtIO devices (requires VirtIO drivers already installed in source VM)", - "type": "boolean" - }, - "vms": { - "description": "List of VMs.", - "items": { - "description": "A VM listed on the plan.", - "properties": { - "hooks": { - "description": "Enable hooks.", - "items": { - "description": "Plan hook.", - "properties": { - "hook": { - "description": "Hook reference.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" }, - "step": { - "description": "Pipeline step.", + "kind": { + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" + }, + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "weight": { + "default": 1, + "description": "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\nSupport for this field varies based on the context where used.", + "format": "int32", + "maximum": 1000000, + "minimum": 0, + "type": "integer" } }, "required": [ - "hook", - "step" + "name" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] }, + "maxItems": 16, "type": "array" }, - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "instanceType": { - "description": "Selected InstanceType that will override the VM properties.", - "type": "string" - }, - "luks": { - "description": "Disk decryption LUKS keys", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, - "networkNameTemplate": { - "description": "NetworkNameTemplate is a template for generating network interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .NetworkName: If target network is multus, name of the Multus network attachment definition, empty otherwise.\n - .NetworkNamespace: If target network is multus, namespace where the network attachment definition is located.\n - .NetworkType: type of the network (\"Multus\" or \"Pod\")\n - .NetworkIndex: sequential index of the network interface (0-based)\nThe template can be used to customize network interface names based on target network configuration.\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"net-{{.NetworkIndex}}\"\n \"{{if eq .NetworkType \"Pod\"}}pod{{else}}multus-{{.NetworkIndex}}{{end}}\"", - "type": "string" - }, - "pvcNameTemplate": { - "description": "PVCNameTemplate is a template for generating PVC names for VM disks.\nIt follows Go template syntax and has access to the following variables:\n - .VmName: name of the VM\n - .PlanName: name of the migration plan\n - .DiskIndex: initial volume index of the disk\n - .RootDiskIndex: index of the root disk\n - .Shared: true if the volume is shared by multiple VMs, false otherwise\nNote:\n This template overrides the plan level template.\nExamples:\n \"{{.VmName}}-disk-{{.DiskIndex}}\"\n \"{{if eq .DiskIndex .RootDiskIndex}}root{{else}}data{{end}}-{{.DiskIndex}}\"\n \"{{if .Shared}}shared-{{end}}{{.VmName}}-{{.DiskIndex}}\"", - "type": "string" - }, - "rootDisk": { - "description": "Choose the primary disk the VM boots from", - "type": "string" - }, - "targetName": { - "description": "TargetName specifies a custom name for the VM in the target cluster.\nIf not provided, the original VM name will be used and automatically adjusted to meet k8s DNS1123 requirements.\nIf provided, this exact name will be used instead. The migration will fail if the name is not unique or already in use.", - "type": "string" - }, - "targetPowerState": { - "description": "TargetPowerState specifies the desired power state of the target VM after migration.\n- \"on\": Target VM will be powered on after migration\n- \"off\": Target VM will be powered off after migration\n- \"auto\" or nil (default): Target VM will match the source VM's power state", - "enum": [ - "on", - "off", - "auto" - ], - "type": "string" - }, - "type": { - "description": "Type used to qualify the name.", - "type": "string" - }, - "volumeNameTemplate": { - "description": "VolumeNameTemplate is a template for generating volume interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .PVCName: name of the PVC mounted to the VM using this volume\n - .VolumeIndex: sequential index of the volume interface (0-based)\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"disk-{{.VolumeIndex}}\"\n \"pvc-{{.PVCName}}\"", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "volumeNameTemplate": { - "description": "VolumeNameTemplate is a template for generating volume interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .PVCName: name of the PVC mounted to the VM using this volume\n - .VolumeIndex: sequential index of the volume interface (0-based)\nNote:\n - This template can be overridden at the individual VM level\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"disk-{{.VolumeIndex}}\"\n \"pvc-{{.PVCName}}\"", - "type": "string" - }, - "warm": { - "description": "Whether this is a warm migration.\nDeprecated: this field will be deprecated in 2.10. Use Type instead.", - "type": "boolean" - } - }, - "required": [ - "map", - "provider", - "targetNamespace", - "vms" - ], - "type": "object" - }, - "status": { - "description": "PlanStatus defines the observed state of Plan.", - "properties": { - "conditions": { - "description": "List of conditions.", - "items": { - "description": "Condition", - "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", + "filters": { + "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that cannot be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation cannot support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", "items": { - "type": "string" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" - }, - "status": { - "description": "The condition status [true,false].", - "type": "string" - }, - "type": { - "description": "The condition type.", - "type": "string" - } - }, - "required": [ - "category", - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "migration": { - "description": "Migration", - "properties": { - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "history": { - "description": "History", - "items": { - "description": "Snapshot", - "properties": { - "conditions": { - "description": "List of conditions.", - "items": { - "description": "Condition", + "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", + "properties": { + "extensionRef": { + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", + "group": { + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "status": { - "description": "The condition status [true,false].", + "kind": { + "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, - "type": { - "description": "The condition type.", + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" } }, "required": [ - "category", - "lastTransitionTime", - "status", - "type" + "group", + "kind", + "name" ], "type": "object" }, - "type": "array" - }, - "map": { - "description": "Map.", - "properties": { - "network": { - "description": "Snapshot object reference.", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - }, - "storage": { - "description": "Snapshot object reference.", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - } - }, - "required": [ - "network", - "storage" - ], - "type": "object" - }, - "migration": { - "description": "Migration", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - }, - "plan": { - "description": "Plan", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - }, - "provider": { - "description": "Provider", - "properties": { - "destination": { - "description": "Snapshot object reference.", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" + "requestHeaderModifier": { + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", + "properties": { + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - }, - "source": { - "description": "Snapshot object reference.", - "properties": { - "generation": { - "format": "int64", - "type": "integer" - }, - "name": { - "type": "string" - }, - "namespace": { + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { "type": "string" }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "generation", - "name", - "namespace", - "uid" - ], - "type": "object" - } - }, - "required": [ - "destination", - "source" - ], - "type": "object" - } - }, - "required": [ - "map", - "migration", - "plan", - "provider" - ], - "type": "object" - }, - "type": "array" - }, - "started": { - "description": "Started timestamp.", - "format": "date-time", - "type": "string" - }, - "vms": { - "description": "VM status", - "items": { - "description": "VM Status", - "properties": { - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "conditions": { - "description": "List of conditions.", - "items": { - "description": "Condition", - "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" }, - "items": { - "description": "A list of items referenced in the `Message`.", + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "items": { - "type": "string" + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" - }, - "status": { - "description": "The condition status [true,false].", - "type": "string" - }, - "type": { - "description": "The condition type.", - "type": "string" + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "required": [ - "category", - "lastTransitionTime", - "status", - "type" - ], "type": "object" }, - "type": "array" - }, - "error": { - "description": "Errors", - "properties": { - "phase": { - "type": "string" - }, - "reasons": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "phase", - "reasons" - ], - "type": "object" - }, - "firmware": { - "description": "The firmware type detected from the OVF file produced by virt-v2v.", - "type": "string" - }, - "hooks": { - "description": "Enable hooks.", - "items": { - "description": "Plan hook.", + "requestMirror": { + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", "properties": { - "hook": { - "description": "Hook reference.", + "backendRef": { + "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": "Service", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "port": { + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Must have port for Service reference", + "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + } + ] + }, + "fraction": { + "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "properties": { + "denominator": { + "default": 100, + "format": "int32", + "minimum": 1, + "type": "integer" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "numerator": { + "format": "int32", + "minimum": 0, + "type": "integer" } }, + "required": [ + "numerator" + ], "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "numerator must be less than or equal to denominator", + "rule": "self.numerator <= self.denominator" + } + ] }, - "step": { - "description": "Pipeline step.", - "type": "string" + "percent": { + "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "format": "int32", + "maximum": 100, + "minimum": 0, + "type": "integer" } }, "required": [ - "hook", - "step" + "backendRef" ], - "type": "object" - }, - "type": "array" - }, - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "instanceType": { - "description": "Selected InstanceType that will override the VM properties.", - "type": "string" - }, - "luks": { - "description": "Disk decryption LUKS keys", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", + "rule": "!(has(self.percent) && has(self.fraction))" + } + ] }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, - "networkNameTemplate": { - "description": "NetworkNameTemplate is a template for generating network interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .NetworkName: If target network is multus, name of the Multus network attachment definition, empty otherwise.\n - .NetworkNamespace: If target network is multus, namespace where the network attachment definition is located.\n - .NetworkType: type of the network (\"Multus\" or \"Pod\")\n - .NetworkIndex: sequential index of the network interface (0-based)\nThe template can be used to customize network interface names based on target network configuration.\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"net-{{.NetworkIndex}}\"\n \"{{if eq .NetworkType \"Pod\"}}pod{{else}}multus-{{.NetworkIndex}}{{end}}\"", - "type": "string" - }, - "newName": { - "description": "The new name of the VM after matching DNS1123 requirements.", - "type": "string" - }, - "operatingSystem": { - "description": "The Operating System detected by virt-v2v.", - "type": "string" - }, - "phase": { - "description": "Phase", - "type": "string" - }, - "pipeline": { - "description": "Migration pipeline.", - "items": { - "description": "Pipeline step.", + "requestRedirect": { + "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations.", - "type": "object" - }, - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "description": { - "description": "Name", + "hostname": { + "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "error": { - "description": "Error.", + "path": { + "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", "properties": { - "phase": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, "type": "string" }, - "reasons": { - "items": { - "type": "string" - }, - "type": "array" + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" } }, "required": [ - "phase", - "reasons" + "type" ], - "type": "object" - }, - "name": { - "description": "Name.", - "type": "string" - }, - "phase": { - "description": "Phase", - "type": "string" - }, - "progress": { - "description": "Progress.", - "properties": { - "completed": { - "description": "Completed units.", - "format": "int64", - "type": "integer" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" }, - "total": { - "description": "Total units.", - "format": "int64", - "type": "integer" + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" } - }, - "required": [ - "completed", - "total" - ], - "type": "object" + ] }, - "reason": { - "description": "Reason", - "type": "string" + "port": { + "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "started": { - "description": "Started timestamp.", - "format": "date-time", + "scheme": { + "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", + "enum": [ + "http", + "https" + ], "type": "string" }, - "tasks": { - "description": "Nested tasks.", + "statusCode": { + "default": 302, + "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", + "enum": [ + 301, + 302 + ], + "type": "integer" + } + }, + "type": "object" + }, + "responseHeaderModifier": { + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", + "properties": { + "add": { + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "items": { - "description": "Migration task.", + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations.", - "type": "object" - }, - "completed": { - "description": "Completed timestamp.", - "format": "date-time", - "type": "string" - }, - "description": { - "description": "Name", - "type": "string" - }, - "error": { - "description": "Error.", - "properties": { - "phase": { - "type": "string" - }, - "reasons": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "phase", - "reasons" - ], - "type": "object" - }, "name": { - "description": "Name.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "phase": { - "description": "Phase", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" - }, - "progress": { - "description": "Progress.", - "properties": { - "completed": { - "description": "Completed units.", - "format": "int64", - "type": "integer" - }, - "total": { - "description": "Total units.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "completed", - "total" - ], - "type": "object" - }, - "reason": { - "description": "Reason", + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "remove": { + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "items": { + "type": "string" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "set": { + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "items": { + "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, - "started": { - "description": "Started timestamp.", - "format": "date-time", + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, "type": "string" } }, "required": [ "name", - "progress" + "value" ], "type": "object" }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "required": [ - "name", - "progress" - ], "type": "object" }, - "type": "array" - }, - "pvcNameTemplate": { - "description": "PVCNameTemplate is a template for generating PVC names for VM disks.\nIt follows Go template syntax and has access to the following variables:\n - .VmName: name of the VM\n - .PlanName: name of the migration plan\n - .DiskIndex: initial volume index of the disk\n - .RootDiskIndex: index of the root disk\n - .Shared: true if the volume is shared by multiple VMs, false otherwise\nNote:\n This template overrides the plan level template.\nExamples:\n \"{{.VmName}}-disk-{{.DiskIndex}}\"\n \"{{if eq .DiskIndex .RootDiskIndex}}root{{else}}data{{end}}-{{.DiskIndex}}\"\n \"{{if .Shared}}shared-{{end}}{{.VmName}}-{{.DiskIndex}}\"", - "type": "string" - }, - "restorePowerState": { - "description": "Source VM power state before migration.", - "type": "string" - }, - "rootDisk": { - "description": "Choose the primary disk the VM boots from", - "type": "string" - }, - "started": { - "description": "Started timestamp.", - "format": "date-time", - "type": "string" - }, - "targetName": { - "description": "TargetName specifies a custom name for the VM in the target cluster.\nIf not provided, the original VM name will be used and automatically adjusted to meet k8s DNS1123 requirements.\nIf provided, this exact name will be used instead. The migration will fail if the name is not unique or already in use.", - "type": "string" - }, - "targetPowerState": { - "description": "TargetPowerState specifies the desired power state of the target VM after migration.\n- \"on\": Target VM will be powered on after migration\n- \"off\": Target VM will be powered off after migration\n- \"auto\" or nil (default): Target VM will match the source VM's power state", - "enum": [ - "on", - "off", - "auto" - ], - "type": "string" - }, - "type": { - "description": "Type used to qualify the name.", - "type": "string" - }, - "volumeNameTemplate": { - "description": "VolumeNameTemplate is a template for generating volume interface names in the target virtual machine.\nIt follows Go template syntax and has access to the following variables:\n - .PVCName: name of the PVC mounted to the VM using this volume\n - .VolumeIndex: sequential index of the volume interface (0-based)\nNote:\n - This template will override at the plan level template\n - If not specified on VM level and on Plan leverl, default naming conventions will be used\nExamples:\n \"disk-{{.VolumeIndex}}\"\n \"pvc-{{.PVCName}}\"", - "type": "string" - }, - "warm": { - "description": "Warm migration status", - "properties": { - "consecutiveFailures": { - "type": "integer" - }, - "failures": { - "type": "integer" - }, - "nextPrecopyAt": { - "format": "date-time", - "type": "string" - }, - "precopies": { - "items": { - "description": "Precopy durations", + "type": { + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "RequestHeaderModifier", + "ResponseHeaderModifier", + "RequestMirror", + "RequestRedirect", + "URLRewrite", + "ExtensionRef" + ], + "type": "string" + }, + "urlRewrite": { + "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", + "properties": { + "hostname": { + "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines a path rewrite.\n\nSupport: Extended", "properties": { - "createTaskId": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, "type": "string" }, - "deltas": { - "items": { - "properties": { - "deltaId": { - "type": "string" - }, - "disk": { - "type": "string" - } - }, - "required": [ - "deltaId", - "disk" - ], - "type": "object" - }, - "type": "array" - }, - "end": { - "format": "date-time", + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, "type": "string" }, - "removeTaskId": { + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" }, - "snapshot": { - "type": "string" + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" }, - "start": { - "format": "date-time", - "type": "string" + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" } - }, - "type": "object" - }, - "type": "array" + ] + } }, - "successes": { - "type": "integer" - } - }, - "required": [ - "consecutiveFailures", - "failures", - "successes" - ], - "type": "object" - } - }, - "required": [ - "phase", - "pipeline" + "type": "object" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", + "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" + }, + { + "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", + "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", + "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" + }, + { + "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", + "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" + }, + { + "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", + "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" + }, + { + "message": "filter.requestMirror must be specified for RequestMirror filter.type", + "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" + }, + { + "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", + "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" + }, + { + "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", + "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" + }, + { + "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", + "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + }, + { + "message": "filter.urlRewrite must be specified for URLRewrite filter.type", + "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + }, + { + "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", + "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" + }, + { + "message": "filter.extensionRef must be specified for ExtensionRef filter.type", + "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + } + ] + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + }, + { + "message": "RequestHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" + }, + { + "message": "ResponseHeaderModifier filter cannot be repeated", + "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + }, + { + "message": "RequestRedirect filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" + }, + { + "message": "URLRewrite filter cannot be repeated", + "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" + } + ] + }, + "matches": { + "default": [ + { + "path": { + "type": "PathPrefix", + "value": "/" + } + } ], - "type": "object" + "description": "Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned.", + "items": { + "description": "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n```\nmatch:\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n```", + "properties": { + "headers": { + "description": "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route.", + "items": { + "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", + "properties": { + "name": { + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "type": { + "default": "Exact", + "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", + "enum": [ + "Exact", + "RegularExpression" + ], + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP Header to be matched.", + "maxLength": 4096, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "method": { + "description": "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\nSupport: Extended", + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH" + ], + "type": "string" + }, + "path": { + "default": { + "type": "PathPrefix", + "value": "/" + }, + "description": "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided.", + "properties": { + "type": { + "default": "PathPrefix", + "description": "Type specifies how to match against the path Value.\n\nSupport: Core (Exact, PathPrefix)\n\nSupport: Implementation-specific (RegularExpression)", + "enum": [ + "Exact", + "PathPrefix", + "RegularExpression" + ], + "type": "string" + }, + "value": { + "default": "/", + "description": "Value of the HTTP path to match against.", + "maxLength": 1024, + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" + }, + { + "message": "must not contain '//' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" + }, + { + "message": "must not contain '/./' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + }, + { + "message": "must not contain '/../' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + }, + { + "message": "must not contain '%2f' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + }, + { + "message": "must not contain '%2F' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + }, + { + "message": "must not contain '#' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + }, + { + "message": "must not end with '/..' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + }, + { + "message": "must not end with '/.' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + }, + { + "message": "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']", + "rule": "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + }, + { + "message": "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + } + ] + }, + "queryParams": { + "description": "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\nSupport: Extended", + "items": { + "description": "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters.", + "properties": { + "name": { + "description": "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "type": { + "default": "Exact", + "description": "Type specifies how to match against the value of the query parameter.\n\nSupport: Extended (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect.", + "enum": [ + "Exact", + "RegularExpression" + ], + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP query param to be matched.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "maxItems": 64, + "type": "array" }, - "type": "array" - } - }, - "type": "object" - }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "Plan", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/PlanList": { - "description": "PlanList is a list of Plan", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of plans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.Plan" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "PlanList", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/Provider": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Defines the desired state of Provider.", - "properties": { - "secret": { - "description": "References a secret containing credentials and\nother confidential information.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "timeouts": { + "description": "Timeouts defines the timeouts that can be configured for an HTTP request.\n\nSupport: Extended", + "properties": { + "backendRequest": { + "description": "BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\nThe value of BackendRequest must be a Gateway API Duration string as defined by\nGEP-2257. When this field is unspecified, its behavior is implementation-specific;\nwhen specified, the value of BackendRequest must be no more than the value of the\nRequest timeout (since the Request timeout encompasses the BackendRequest timeout).\n\nSupport: Extended", + "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", + "type": "string" + }, + "request": { + "description": "Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\nThe value of Request is a Gateway API Duration string as defined by GEP-2257. When this\nfield is unspecified, request timeout behavior is implementation-specific.\n\nSupport: Extended", + "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "backendRequest timeout cannot be longer than request timeout", + "rule": "!(has(self.request) && has(self.backendRequest) && duration(self.request) != duration('0s') && duration(self.backendRequest) > duration(self.request))" + } + ] + } }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "settings": { - "additionalProperties": { - "type": "string" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "RequestRedirect filter must not be used together with backendRefs", + "rule": "(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" + }, + { + "message": "When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + } + ] }, - "description": "Provider settings.", - "type": "object" - }, - "type": { - "description": "Provider type.", - "type": "string" - }, - "url": { - "description": "The provider URL.\nEmpty may be used for the `host` provider.", - "type": "string" + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128", + "rule": "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" + } + ] } }, - "required": [ - "secret", - "type" - ], "type": "object" }, "status": { - "description": "ProviderStatus defines the observed state of Provider", + "description": "Status defines the current state of HTTPRoute.", "properties": { - "conditions": { - "description": "List of conditions.", + "parents": { + "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", "items": { - "description": "Condition", + "description": "RouteParentStatus describes the status of a route with respect to an\nassociated Parent.", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", + "conditions": { + "description": "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n* The Route refers to a nonexistent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to.", "items": { - "type": "string" + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" + "maxItems": 8, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "status": { - "description": "The condition status [true,false].", + "controllerName": { + "description": "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", "type": "string" }, - "type": { - "description": "The condition type.", - "type": "string" + "parentRef": { + "description": "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "default": "Gateway", + "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "port": { + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "sectionName": { + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" } }, "required": [ - "category", - "lastTransitionTime", - "status", - "type" + "controllerName", + "parentRef" ], "type": "object" }, + "maxItems": 32, "type": "array" - }, - "fingerprint": { - "description": "Fingerprint.", - "type": "string" - }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "phase": { - "description": "Current life cycle phase of the provider.", - "type": "string" } }, + "required": [ + "parents" + ], "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "Provider", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "HTTPRoute", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/ProviderList": { - "description": "ProviderList is a list of Provider", + "gateway.networking.k8s.io/v1/HTTPRouteList": { + "description": "HTTPRouteList is a list of HTTPRoute", "namespaced": true, "properties": { "apiVersion": { @@ -76399,9 +75300,9 @@ "type": "string" }, "items": { - "description": "List of providers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of httproutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.Provider" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.HTTPRoute" }, "type": "array" }, @@ -76424,14 +75325,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "ProviderList", - "version": "v1beta1" + "group": "gateway.networking.k8s.io", + "kind": "HTTPRouteList", + "version": "v1" } ] }, - "forklift.konveyor.io/v1beta1/StorageMap": { - "description": "", + "gateway.networking.k8s.io/v1beta1/Gateway": { + "description": "Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses.", "namespaced": true, "properties": { "apiVersion": { @@ -76451,338 +75352,728 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Storage map spec.", + "description": "Spec defines the desired state of Gateway.", "properties": { - "map": { - "description": "Map.", + "addresses": { + "description": "Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\nSupport: Extended", "items": { - "description": "Mapped storage.", - "properties": { - "destination": { - "description": "Destination storage.", + "description": "GatewayAddress describes an address that can be bound to a Gateway.", + "oneOf": [ + { "properties": { - "accessMode": { - "description": "Access mode.", + "type": { "enum": [ - "ReadWriteOnce", - "ReadWriteMany", - "ReadOnlyMany" - ], - "type": "string" - }, - "storageClass": { - "description": "A storage class.", - "type": "string" + "IPAddress" + ] }, - "volumeMode": { - "description": "Volume mode.", - "enum": [ - "Filesystem", - "Block" - ], - "type": "string" - } - }, - "required": [ - "storageClass" - ], - "type": "object" - }, - "offloadPlugin": { - "description": "Offload Plugin", - "properties": { - "vsphereXcopyConfig": { - "description": "VSphereXcopyPluginConfig works with the Vsphere Xcopy Volume Populator\nto offload the copy to Vsphere and the storage array.", - "properties": { - "secretRef": { - "description": "SecretRef is the name of the secret with the storage credentials for the plugin.\nThe secret should reside in the same namespace where the source provider is.", - "type": "string" + "value": { + "anyOf": [ + { + "format": "ipv4" }, - "storageVendorProduct": { - "description": "StorageVendorProduct the string identifier of the storage vendor product", - "enum": [ - "vantara", - "ontap", - "primera3par", - "pureFlashArray", - "powerflex", - "powermax" - ], - "type": "string" + { + "format": "ipv6" } - }, - "required": [ - "secretRef", - "storageVendorProduct" - ], - "type": "object" + ] } - }, - "required": [ - "vsphereXcopyConfig" - ], - "type": "object" + } }, - "source": { - "description": "Source storage.", + { "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", - "type": "string" - }, - "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", - "type": "string" - }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" - }, "type": { - "description": "Type used to qualify the name.", - "type": "string" + "not": { + "enum": [ + "IPAddress" + ] + } } - }, - "type": "object" + } + } + ], + "properties": { + "type": { + "default": "IPAddress", + "description": "Type of the address.", + "maxLength": 253, + "minLength": 1, + "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string" + }, + "value": { + "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", + "maxLength": 253, + "minLength": 1, + "type": "string" } }, "required": [ - "destination", - "source" + "value" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", + "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" + } + ] }, - "type": "array" + "maxItems": 16, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "IPAddress values must be unique", + "rule": "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + }, + { + "message": "Hostname values must be unique", + "rule": "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" + } + ] }, - "provider": { - "description": "Provider", + "gatewayClassName": { + "description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "infrastructure": { + "description": "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\nSupport: Extended", "properties": { - "destination": { - "description": "Destination.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "annotations": { + "additionalProperties": { + "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", + "maxLength": 4096, + "minLength": 0, + "type": "string" + }, + "description": "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\nSupport: Extended", + "maxProperties": 8, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", + "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + { + "message": "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total.", + "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" } + ] + }, + "labels": { + "additionalProperties": { + "description": "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\nValid values include:\n\n* MyValue\n* my.name\n* 123-my-value", + "maxLength": 63, + "minLength": 0, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" }, + "description": "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\nSupport: Extended", + "maxProperties": 8, "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", + "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + }, + { + "message": "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total.", + "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" + } + ] }, - "source": { - "description": "Source.", + "parametersRef": { + "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the Gateway SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nSupport: Implementation-specific", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "group": { + "description": "Group is the group of the referent.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is kind of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "group", + "kind", + "name" + ], + "type": "object" } }, - "required": [ - "destination", - "source" - ], "type": "object" - } - }, - "required": [ - "map", - "provider" - ], - "type": "object" - }, - "status": { - "description": "MapStatus defines the observed state of Maps.", - "properties": { - "conditions": { - "description": "List of conditions.", + }, + "listeners": { + "description": "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n## Distinct Listeners\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on the objects\nthey support:\n\nHTTPRoute\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\nTLSRoute\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\"Distinct\" Listeners have the following property:\n\n**The implementation can match inbound requests to a single distinct\nListener**.\n\nWhen multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\nWhen multiple listeners have the same value for the Protocol field, then\neach of the Listeners with matching Protocol values MUST have different\nvalues for other fields.\n\nThe set of fields that MUST be different for a Listener differs per protocol.\nThe following rules define the rules for what fields MUST be considered for\nListeners to be distinct with each protocol currently defined in the\nGateway API spec.\n\nThe set of listeners that all share a protocol value MUST have _different_\nvalues for _at least one_ of these fields to be distinct:\n\n* **HTTP, HTTPS, TLS**: Port, Hostname\n* **TCP, UDP**: Port\n\nOne **very** important rule to call out involves what happens when an\nimplementation:\n\n* Supports TCP protocol Listeners, as well as HTTP, HTTPS, or TLS protocol\n Listeners, and\n* sees HTTP, HTTPS, or TLS protocols with the same `port` as one with TCP\n Protocol.\n\nIn this case all the Listeners that share a port with the\nTCP Listener are not distinct and so MUST NOT be accepted.\n\nIf an implementation does not support TCP Protocol Listeners, then the\nprevious rule does not apply, and the TCP Listeners SHOULD NOT be\naccepted.\n\nNote that the `tls` field is not used for determining if a listener is distinct, because\nListeners that _only_ differ on TLS config will still conflict in all cases.\n\n### Listeners that are distinct only by Hostname\n\nWhen the Listeners are distinct based only on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\nExact matches MUST be processed before wildcard matches, and wildcard\nmatches MUST be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\n\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n## Handling indistinct Listeners\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are _Conflicted_, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\nThe words \"indistinct\" and \"conflicted\" are considered equivalent for the\npurpose of this documentation.\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners.\n\nSpecifically, an implementation MAY accept a partial Listener set subject to\nthe following rules:\n\n* The implementation MUST NOT pick one conflicting Listener as the winner.\n ALL indistinct Listeners must not be accepted for processing.\n* At least one distinct Listener MUST be present, or else the Gateway effectively\n contains _no_ Listeners, and must be rejected from processing as a whole.\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n## General Listener behavior\n\nNote that, for all distinct Listeners, requests SHOULD match at most one Listener.\nFor example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\n\nThis concept is known as \"Listener Isolation\", and it is an Extended feature\nof Gateway API. Implementations that do not support Listener Isolation MUST\nclearly document this, and MUST NOT claim support for the\n`GatewayHTTPListenerIsolation` feature.\n\nImplementations that _do_ support Listener Isolation SHOULD claim support\nfor the Extended `GatewayHTTPListenerIsolation` feature and pass the associated\nconformance tests.\n\n## Compatible Listeners\n\nA Gateway's Listeners are considered _compatible_ if:\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\nIn a future release the MinItems=1 requirement MAY be dropped.\n\nSupport: Core", "items": { - "description": "Condition", + "description": "Listener embodies the concept of a logical endpoint where a Gateway accepts\nnetwork connections.", "properties": { - "category": { - "description": "The condition category.", - "type": "string" - }, - "durable": { - "description": "The condition is durable - never un-staged.", - "type": "boolean" - }, - "items": { - "description": "A list of items referenced in the `Message`.", - "items": { - "type": "string" + "allowedRoutes": { + "default": { + "namespaces": { + "from": "Same" + } }, - "type": "array" - }, - "lastTransitionTime": { - "description": "When the last status transition occurred.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "The human readable description of the condition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition or transition.", - "type": "string" - }, - "status": { - "description": "The condition status [true,false].", - "type": "string" + "description": "AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\nSupport: Core", + "properties": { + "kinds": { + "description": "Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\nSupport: Core", + "items": { + "description": "RouteGroupKind indicates the group and kind of a Route resource.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the Route.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is the kind of the Route.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array" + }, + "namespaces": { + "default": { + "from": "Same" + }, + "description": "Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\nSupport: Core", + "properties": { + "from": { + "default": "Same", + "description": "From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\nSupport: Core", + "enum": [ + "All", + "Selector", + "Same", + "None" + ], + "type": "string" + }, + "selector": { + "description": "Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" }, - "type": { - "description": "The condition type.", - "type": "string" - } - }, - "required": [ - "category", - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "The most recent generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "references": { - "items": { - "description": "Source reference.\nEither the ID or Name must be specified.", - "properties": { - "id": { - "description": "The object ID.\nvsphere:\n The managed object ID.", + "hostname": { + "description": "Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match both the SNI and Host header.\n Note that this does not require the SNI and Host header to be the same.\n The semantics of this are described in more detail below.\n\nTo ensure security, Section 11.1 of RFC-6066 emphasizes that server\nimplementations that rely on SNI hostname matching MUST also verify\nhostnames within the application protocol.\n\nSection 9.1.2 of RFC-7540 provides a mechanism for servers to reject the\nreuse of a connection by responding with the HTTP 421 Misdirected Request\nstatus code. This indicates that the origin server has rejected the\nrequest because it appears to have been misdirected.\n\nTo detect misdirected requests, Gateways SHOULD match the authority of\nthe requests with all the SNI hostname(s) configured across all the\nGateway Listeners on the same port and protocol:\n\n* If another Listener has an exact match or more specific wildcard entry,\n the Gateway SHOULD return a 421.\n* If the current Listener (selected by SNI matching during ClientHello)\n does not match the Host:\n * If another Listener does match the Host the Gateway SHOULD return a\n 421.\n * If no other Listener matches the Host, the Gateway MUST return a\n 404.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "name": { - "description": "An object Name.\nvsphere:\n A qualified name.", + "description": "Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "namespace": { - "description": "The VM Namespace\nOnly relevant for an openshift source.", - "type": "string" + "port": { + "description": "Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "type": { - "description": "Type used to qualify the name.", + "protocol": { + "description": "Protocol specifies the network protocol this listener expects to receive.\n\nSupport: Core", + "maxLength": 255, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$", "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "forklift.konveyor.io", - "kind": "StorageMap", - "version": "v1beta1" - } - ] - }, - "forklift.konveyor.io/v1beta1/StorageMapList": { - "description": "StorageMapList is a list of StorageMap", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storagemaps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.StorageMap" + }, + "tls": { + "description": "TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\nSupport: Core", + "properties": { + "certificateRefs": { + "description": "CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\nSupport: Implementation-specific (More than one reference or other resource types)", + "items": { + "description": "SecretObjectReference identifies an API object including its namespace,\ndefaulting to Secret.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.", + "properties": { + "group": { + "default": "", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "default": "Secret", + "description": "Kind is kind of the referent. For example \"Secret\".", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 64, + "type": "array" + }, + "mode": { + "default": "Terminate", + "description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core", + "enum": [ + "Terminate", + "Passthrough" + ], + "type": "string" + }, + "options": { + "additionalProperties": { + "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", + "maxLength": 4096, + "minLength": 0, + "type": "string" + }, + "description": "Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\nSupport: Implementation-specific", + "maxProperties": 16, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "certificateRefs or options must be specified when mode is Terminate", + "rule": "self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true" + } + ] + } + }, + "required": [ + "name", + "port", + "protocol" + ], + "type": "object" + }, + "maxItems": 64, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']", + "rule": "self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" + }, + { + "message": "tls mode must be Terminate for protocol HTTPS", + "rule": "self.all(l, (l.protocol == 'HTTPS' && has(l.tls)) ? (l.tls.mode == '' || l.tls.mode == 'Terminate') : true)" + }, + { + "message": "hostname must not be specified for protocols ['TCP', 'UDP']", + "rule": "self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" + }, + { + "message": "Listener name must be unique within the Gateway", + "rule": "self.all(l1, self.exists_one(l2, l1.name == l2.name))" + }, + { + "message": "Combination of port, protocol and hostname must be unique for each listener", + "rule": "self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" + } + ] + } }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "required": [ + "gatewayClassName", + "listeners" + ], + "type": "object" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "status": { + "default": { + "conditions": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + }, + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Programmed" + } + ] + }, + "description": "Status defines the current state of Gateway.", + "properties": { + "addresses": { + "description": "Addresses lists the network addresses that have been bound to the\nGateway.\n\nThis list may differ from the addresses provided in the spec under some\nconditions:\n\n * no addresses are specified, all addresses are dynamically assigned\n * a combination of specified and dynamic addresses are assigned\n * a specified address was unusable (e.g. already in use)", + "items": { + "description": "GatewayStatusAddress describes a network address that is bound to a Gateway.", + "oneOf": [ + { + "properties": { + "type": { + "enum": [ + "IPAddress" + ] + }, + "value": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ] + } + } + }, + { + "properties": { + "type": { + "not": { + "enum": [ + "IPAddress" + ] + } + } + } + } + ], + "properties": { + "type": { + "default": "IPAddress", + "description": "Type of the address.", + "maxLength": 253, + "minLength": 1, + "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string" + }, + "value": { + "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", + "maxLength": 253, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", + "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" + } + ] + }, + "maxItems": 16, + "type": "array" + }, + "conditions": { + "default": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + }, + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Programmed" + } + ], + "description": "Conditions describe the current conditions of the Gateway.\n\nImplementations should prefer to express Gateway conditions\nusing the `GatewayConditionType` and `GatewayConditionReason`\nconstants so that operators and tools can converge on a common\nvocabulary to describe Gateway state.\n\nKnown condition types are:\n\n* \"Accepted\"\n* \"Programmed\"\n* \"Ready\"", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "listeners": { + "description": "Listeners provide status for each unique listener port defined in the Spec.", + "items": { + "description": "ListenerStatus is the status associated with a Listener.", + "properties": { + "attachedRoutes": { + "description": "AttachedRoutes represents the total number of Routes that have been\nsuccessfully attached to this Listener.\n\nSuccessful attachment of a Route to a Listener is based solely on the\ncombination of the AllowedRoutes field on the corresponding Listener\nand the Route's ParentRefs field. A Route is successfully attached to\na Listener when it is selected by the Listener's AllowedRoutes field\nAND the Route has a valid ParentRef selecting the whole Gateway\nresource or a specific Listener as a parent resource (more detail on\nattachment semantics can be found in the documentation on the various\nRoute kinds ParentRefs fields). Listener or Route status does not impact\nsuccessful attachment, i.e. the AttachedRoutes field count MUST be set\nfor Listeners with condition Accepted: false and MUST count successfully\nattached Routes that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting Route attachment and\nmeasuring blast radius/impact of changes to a Listener.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "Conditions describe the current condition of this listener.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "name": { + "description": "Name is the name of the Listener that this status corresponds to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "supportedKinds": { + "description": "SupportedKinds is the list indicating the Kinds supported by this\nlistener. This MUST represent the kinds an implementation supports for\nthat Listener configuration.\n\nIf kinds are specified in Spec that are not supported, they MUST NOT\nappear in this list and an implementation MUST set the \"ResolvedRefs\"\ncondition to \"False\" with the \"InvalidRouteKinds\" reason. If both valid\nand invalid Route kinds are specified, the implementation MUST\nreference the valid Route kinds that have been specified.", + "items": { + "description": "RouteGroupKind indicates the group and kind of a Route resource.", + "properties": { + "group": { + "default": "gateway.networking.k8s.io", + "description": "Group is the group of the Route.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is the kind of the Route.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array" + } + }, + "required": [ + "attachedRoutes", + "conditions", + "name", + "supportedKinds" + ], + "type": "object" + }, + "maxItems": 64, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + }, + "type": "object" } }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "StorageMapList", + "group": "gateway.networking.k8s.io", + "kind": "Gateway", "version": "v1beta1" } ] }, - "forklift.konveyor.io/v1beta1/VSphereXcopyVolumePopulator": { - "description": "", - "namespaced": true, + "gateway.networking.k8s.io/v1beta1/GatewayClass": { + "description": "GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\nGatewayClass is a Cluster level resource.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -76801,36 +76092,151 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { + "description": "Spec defines the desired state of GatewayClass.", "properties": { - "secretName": { - "description": "The secret name with vsphere and storage credentials", - "type": "string" - }, - "storageVendorProduct": { - "description": "StorageVendorProduct is the storage vendor the target disk and PVC are connected to\nSupported values [vantara, ontap, primera3par]", - "type": "string" + "controllerName": { + "description": "ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\nExample: \"example.net/gateway-controller\".\n\nThis field is not mutable and cannot be empty.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Value is immutable", + "rule": "self == oldSelf" + } + ] }, - "vmId": { - "description": "VmId is the VM object id in vSphere", + "description": { + "description": "Description helps describe a GatewayClass with more details.", + "maxLength": 64, "type": "string" }, - "vmdkPath": { - "description": "VmdkPath is the full path the vmdk disk. A valid path format is\n'[] /.vmdk'", - "type": "string" + "parametersRef": { + "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the GatewayClass SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nSupport: Implementation-specific", + "properties": { + "group": { + "description": "Group is the group of the referent.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "Kind is kind of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "Name is the name of the referent.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "group", + "kind", + "name" + ], + "type": "object" } }, "required": [ - "secretName", - "storageVendorProduct", - "vmId", - "vmdkPath" + "controllerName" ], "type": "object" }, "status": { + "default": { + "conditions": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + } + ] + }, + "description": "Status defines the current state of GatewayClass.\n\nImplementations MUST populate status on all GatewayClass resources which\nspecify their controller name.", "properties": { - "progress": { - "type": "string" + "conditions": { + "default": [ + { + "lastTransitionTime": "1970-01-01T00:00:00Z", + "message": "Waiting for controller", + "reason": "Pending", + "status": "Unknown", + "type": "Accepted" + } + ], + "description": "Conditions is the current status from the controller for\nthis GatewayClass.\n\nControllers should prefer to publish conditions using values\nof GatewayClassConditionType for the type of each Condition.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" @@ -76842,14 +76248,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "VSphereXcopyVolumePopulator", + "group": "gateway.networking.k8s.io", + "kind": "GatewayClass", "version": "v1beta1" } ] }, - "forklift.konveyor.io/v1beta1/VSphereXcopyVolumePopulatorList": { - "description": "VSphereXcopyVolumePopulatorList is a list of VSphereXcopyVolumePopulator", + "gateway.networking.k8s.io/v1beta1/GatewayClassList": { + "description": "GatewayClassList is a list of GatewayClass", "namespaced": true, "properties": { "apiVersion": { @@ -76857,9 +76263,9 @@ "type": "string" }, "items": { - "description": "List of vspherexcopyvolumepopulators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of gatewayclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.konveyor.forklift.v1beta1.VSphereXcopyVolumePopulator" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.GatewayClass" }, "type": "array" }, @@ -76882,14 +76288,54 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "forklift.konveyor.io", - "kind": "VSphereXcopyVolumePopulatorList", + "group": "gateway.networking.k8s.io", + "kind": "GatewayClassList", "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/GRPCRoute": { - "description": "GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge.", + "gateway.networking.k8s.io/v1beta1/GatewayList": { + "description": "GatewayList is a list of Gateway", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of gateways. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.Gateway" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "gateway.networking.k8s.io", + "kind": "GatewayList", + "version": "v1beta1" + } + ] + }, + "gateway.networking.k8s.io/v1beta1/HTTPRoute": { + "description": "HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed.", "namespaced": true, "properties": { "apiVersion": { @@ -76909,10 +76355,10 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines the desired state of GRPCRoute.", + "description": "Spec defines the desired state of HTTPRoute.", "properties": { "hostnames": { - "description": "Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\nSupport: Core", + "description": "Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\nSupport: Core", "items": { "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", "maxLength": 253, @@ -76990,22 +76436,34 @@ ] }, "rules": { - "description": "Rules are a list of GRPC matchers, filters and actions.", + "default": [ + { + "matches": [ + { + "path": { + "type": "PathPrefix", + "value": "/" + } + } + ] + } + ], + "description": "Rules are a list of HTTP matchers, filters and actions.", "items": { - "description": "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", + "description": "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", "properties": { "backendRefs": { - "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\nSupport: Core for Kubernetes Service\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", + "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints,\nimplementations SHOULD return a 503 for requests to that backend instead.\nIf an implementation chooses to do this, all of the above rules for 500 responses\nMUST also apply for responses that return a 503.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", "items": { - "description": "GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", + "description": "HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", "properties": { "filters": { - "description": "Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)", + "description": "Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)", "items": { - "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", + "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "properties": { "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nSupport: Implementation-specific\n\nThis filter can be used multiple times within the same rule.", + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", "properties": { "group": { "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", @@ -77211,6 +76669,88 @@ } ] }, + "requestRedirect": { + "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "properties": { + "hostname": { + "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, + "type": "string" + }, + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] + }, + "port": { + "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "scheme": { + "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", + "enum": [ + "http", + "https" + ], + "type": "string" + }, + "statusCode": { + "default": 302, + "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", + "enum": [ + 301, + 302 + ], + "type": "integer" + } + }, + "type": "object" + }, "responseHeaderModifier": { "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", "properties": { @@ -77291,14 +76831,74 @@ "type": "object" }, "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.", + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", "enum": [ - "ResponseHeaderModifier", "RequestHeaderModifier", + "ResponseHeaderModifier", "RequestMirror", + "RequestRedirect", + "URLRewrite", "ExtensionRef" ], "type": "string" + }, + "urlRewrite": { + "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", + "properties": { + "hostname": { + "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines a path rewrite.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, + "type": "string" + }, + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] + } + }, + "type": "object" } }, "required": [ @@ -77330,6 +76930,22 @@ "message": "filter.requestMirror must be specified for RequestMirror filter.type", "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" }, + { + "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", + "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" + }, + { + "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", + "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" + }, + { + "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", + "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + }, + { + "message": "filter.urlRewrite must be specified for URLRewrite filter.type", + "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + }, { "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" @@ -77343,6 +76959,14 @@ "maxItems": 16, "type": "array", "x-kubernetes-validations": [ + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + }, + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + }, { "message": "RequestHeaderModifier filter cannot be repeated", "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" @@ -77350,6 +76974,14 @@ { "message": "ResponseHeaderModifier filter cannot be repeated", "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + }, + { + "message": "RequestRedirect filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" + }, + { + "message": "URLRewrite filter cannot be repeated", + "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" } ] }, @@ -77412,12 +77044,12 @@ "type": "array" }, "filters": { - "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nIf an implementation cannot support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", + "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that cannot be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation cannot support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", "items": { - "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", + "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "properties": { "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nSupport: Implementation-specific\n\nThis filter can be used multiple times within the same rule.", + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", "properties": { "group": { "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", @@ -77623,6 +77255,88 @@ } ] }, + "requestRedirect": { + "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "properties": { + "hostname": { + "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, + "type": "string" + }, + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] + }, + "port": { + "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "scheme": { + "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", + "enum": [ + "http", + "https" + ], + "type": "string" + }, + "statusCode": { + "default": 302, + "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", + "enum": [ + 301, + 302 + ], + "type": "integer" + } + }, + "type": "object" + }, "responseHeaderModifier": { "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", "properties": { @@ -77703,14 +77417,74 @@ "type": "object" }, "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.", + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", "enum": [ - "ResponseHeaderModifier", "RequestHeaderModifier", + "ResponseHeaderModifier", "RequestMirror", + "RequestRedirect", + "URLRewrite", "ExtensionRef" ], "type": "string" + }, + "urlRewrite": { + "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", + "properties": { + "hostname": { + "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "path": { + "description": "Path defines a path rewrite.\n\nSupport: Extended", + "properties": { + "replaceFullPath": { + "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", + "maxLength": 1024, + "type": "string" + }, + "replacePrefixMatch": { + "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", + "maxLength": 1024, + "type": "string" + }, + "type": { + "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", + "enum": [ + "ReplaceFullPath", + "ReplacePrefixMatch" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", + "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + }, + { + "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", + "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + }, + { + "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", + "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + }, + { + "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", + "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + } + ] + } + }, + "type": "object" } }, "required": [ @@ -77742,6 +77516,22 @@ "message": "filter.requestMirror must be specified for RequestMirror filter.type", "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" }, + { + "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", + "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" + }, + { + "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", + "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" + }, + { + "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", + "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" + }, + { + "message": "filter.urlRewrite must be specified for URLRewrite filter.type", + "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" + }, { "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" @@ -77755,6 +77545,10 @@ "maxItems": 16, "type": "array", "x-kubernetes-validations": [ + { + "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", + "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" + }, { "message": "RequestHeaderModifier filter cannot be repeated", "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" @@ -77762,21 +77556,37 @@ { "message": "ResponseHeaderModifier filter cannot be repeated", "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + }, + { + "message": "RequestRedirect filter cannot be repeated", + "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" + }, + { + "message": "URLRewrite filter cannot be repeated", + "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" } ] }, "matches": { - "description": "Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria.", - "items": { - "description": "GRPCRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a gRPC request only if its service\nis `foo` AND it contains the `version: v1` header:\n\n```\nmatches:\n - method:\n type: Exact\n service: \"foo\"\n headers:\n - name: \"version\"\n value \"v1\"\n\n```", - "properties": { - "headers": { - "description": "Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route.", - "items": { - "description": "GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request\nheaders.", + "default": [ + { + "path": { + "type": "PathPrefix", + "value": "/" + } + } + ], + "description": "Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned.", + "items": { + "description": "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n```\nmatch:\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n```", + "properties": { + "headers": { + "description": "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route.", + "items": { + "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", "properties": { "name": { - "description": "Name is the name of the gRPC Header to be matched.\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", @@ -77784,7 +77594,7 @@ }, "type": { "default": "Exact", - "description": "Type specifies how to match against the value of the header.", + "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", "enum": [ "Exact", "RegularExpression" @@ -77792,7 +77602,7 @@ "type": "string" }, "value": { - "description": "Value is the value of the gRPC Header to be matched.", + "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" @@ -77812,59 +77622,192 @@ "x-kubernetes-list-type": "map" }, "method": { - "description": "Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match.", + "description": "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\nSupport: Extended", + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH" + ], + "type": "string" + }, + "path": { + "default": { + "type": "PathPrefix", + "value": "/" + }, + "description": "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided.", "properties": { - "method": { - "description": "Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\nAt least one of Service and Method MUST be a non-empty string.", - "maxLength": 1024, - "type": "string" - }, - "service": { - "description": "Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\nAt least one of Service and Method MUST be a non-empty string.", - "maxLength": 1024, - "type": "string" - }, "type": { - "default": "Exact", - "description": "Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\nSupport: Implementation-specific (RegularExpression)", + "default": "PathPrefix", + "description": "Type specifies how to match against the path Value.\n\nSupport: Core (Exact, PathPrefix)\n\nSupport: Implementation-specific (RegularExpression)", "enum": [ "Exact", + "PathPrefix", "RegularExpression" ], "type": "string" + }, + "value": { + "default": "/", + "description": "Value of the HTTP path to match against.", + "maxLength": 1024, + "type": "string" } }, "type": "object", "x-kubernetes-validations": [ { - "message": "One or both of 'service' or 'method' must be specified", - "rule": "has(self.type) ? has(self.service) || has(self.method) : true" + "message": "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" }, { - "message": "service must only contain valid characters (matching ^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$)", - "rule": "(!has(self.type) || self.type == 'Exact') && has(self.service) ? self.service.matches(r\"\"\"^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$\"\"\"): true" + "message": "must not contain '//' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" }, { - "message": "method must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)", - "rule": "(!has(self.type) || self.type == 'Exact') && has(self.method) ? self.method.matches(r\"\"\"^[A-Za-z_][A-Za-z_0-9]*$\"\"\"): true" + "message": "must not contain '/./' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" + }, + { + "message": "must not contain '/../' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" + }, + { + "message": "must not contain '%2f' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" + }, + { + "message": "must not contain '%2F' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" + }, + { + "message": "must not contain '#' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" + }, + { + "message": "must not end with '/..' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + }, + { + "message": "must not end with '/.' when type one of ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + }, + { + "message": "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']", + "rule": "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + }, + { + "message": "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']", + "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" } ] + }, + "queryParams": { + "description": "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\nSupport: Extended", + "items": { + "description": "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters.", + "properties": { + "name": { + "description": "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "type": "string" + }, + "type": { + "default": "Exact", + "description": "Type specifies how to match against the value of the query parameter.\n\nSupport: Extended (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect.", + "enum": [ + "Exact", + "RegularExpression" + ], + "type": "string" + }, + "value": { + "description": "Value is the value of HTTP query param to be matched.", + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" }, - "maxItems": 8, + "maxItems": 64, "type": "array" + }, + "timeouts": { + "description": "Timeouts defines the timeouts that can be configured for an HTTP request.\n\nSupport: Extended", + "properties": { + "backendRequest": { + "description": "BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\nThe value of BackendRequest must be a Gateway API Duration string as defined by\nGEP-2257. When this field is unspecified, its behavior is implementation-specific;\nwhen specified, the value of BackendRequest must be no more than the value of the\nRequest timeout (since the Request timeout encompasses the BackendRequest timeout).\n\nSupport: Extended", + "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", + "type": "string" + }, + "request": { + "description": "Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\nThe value of Request is a Gateway API Duration string as defined by GEP-2257. When this\nfield is unspecified, request timeout behavior is implementation-specific.\n\nSupport: Extended", + "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "backendRequest timeout cannot be longer than request timeout", + "rule": "!(has(self.request) && has(self.backendRequest) && duration(self.request) != duration('0s') && duration(self.backendRequest) > duration(self.request))" + } + ] } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "RequestRedirect filter must not be used together with backendRefs", + "rule": "(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" + }, + { + "message": "When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + }, + { + "message": "Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", + "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" + } + ] }, "maxItems": 16, "type": "array", "x-kubernetes-validations": [ { "message": "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128", - "rule": "(self.size() > 0 ? (has(self[0].matches) ? self[0].matches.size() : 0) : 0) + (self.size() > 1 ? (has(self[1].matches) ? self[1].matches.size() : 0) : 0) + (self.size() > 2 ? (has(self[2].matches) ? self[2].matches.size() : 0) : 0) + (self.size() > 3 ? (has(self[3].matches) ? self[3].matches.size() : 0) : 0) + (self.size() > 4 ? (has(self[4].matches) ? self[4].matches.size() : 0) : 0) + (self.size() > 5 ? (has(self[5].matches) ? self[5].matches.size() : 0) : 0) + (self.size() > 6 ? (has(self[6].matches) ? self[6].matches.size() : 0) : 0) + (self.size() > 7 ? (has(self[7].matches) ? self[7].matches.size() : 0) : 0) + (self.size() > 8 ? (has(self[8].matches) ? self[8].matches.size() : 0) : 0) + (self.size() > 9 ? (has(self[9].matches) ? self[9].matches.size() : 0) : 0) + (self.size() > 10 ? (has(self[10].matches) ? self[10].matches.size() : 0) : 0) + (self.size() > 11 ? (has(self[11].matches) ? self[11].matches.size() : 0) : 0) + (self.size() > 12 ? (has(self[12].matches) ? self[12].matches.size() : 0) : 0) + (self.size() > 13 ? (has(self[13].matches) ? self[13].matches.size() : 0) : 0) + (self.size() > 14 ? (has(self[14].matches) ? self[14].matches.size() : 0) : 0) + (self.size() > 15 ? (has(self[15].matches) ? self[15].matches.size() : 0) : 0) <= 128" + "rule": "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" } ] } @@ -77872,7 +77815,7 @@ "type": "object" }, "status": { - "description": "Status defines the current state of GRPCRoute.", + "description": "Status defines the current state of HTTPRoute.", "properties": { "parents": { "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", @@ -78015,18 +77958,20 @@ "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { "group": "gateway.networking.k8s.io", - "kind": "GRPCRoute", - "version": "v1" + "kind": "HTTPRoute", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/GRPCRouteList": { - "description": "GRPCRouteList is a list of GRPCRoute", + "gateway.networking.k8s.io/v1beta1/HTTPRouteList": { + "description": "HTTPRouteList is a list of HTTPRoute", "namespaced": true, "properties": { "apiVersion": { @@ -78034,9 +77979,9 @@ "type": "string" }, "items": { - "description": "List of grpcroutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of httproutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.GRPCRoute" + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.HTTPRoute" }, "type": "array" }, @@ -78060,13 +78005,13 @@ "x-kubernetes-group-version-kind": [ { "group": "gateway.networking.k8s.io", - "kind": "GRPCRouteList", - "version": "v1" + "kind": "HTTPRouteList", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/Gateway": { - "description": "Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses.", + "gateway.networking.k8s.io/v1beta1/ReferenceGrant": { + "description": "ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\nGateway-route attachment) require a ReferenceGrant.\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed.", "namespaced": true, "properties": { "apiVersion": { @@ -78086,728 +78031,141 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines the desired state of Gateway.", + "description": "Spec defines the desired state of ReferenceGrant.", "properties": { - "addresses": { - "description": "Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\nSupport: Extended", + "from": { + "description": "From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\nSupport: Core", "items": { - "description": "GatewayAddress describes an address that can be bound to a Gateway.", - "oneOf": [ - { - "properties": { - "type": { - "enum": [ - "IPAddress" - ] - }, - "value": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ] - } - } - }, - { - "properties": { - "type": { - "not": { - "enum": [ - "IPAddress" - ] - } - } - } - } - ], + "description": "ReferenceGrantFrom describes trusted namespaces and kinds.", "properties": { - "type": { - "default": "IPAddress", - "description": "Type of the address.", - "maxLength": 253, - "minLength": 1, - "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string" - }, - "value": { - "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", + "group": { + "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\nSupport: Core", "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "value" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", - "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" - } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "IPAddress values must be unique", - "rule": "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - }, - { - "message": "Hostname values must be unique", - "rule": "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - } - ] - }, - "gatewayClassName": { - "description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "infrastructure": { - "description": "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\nSupport: Extended", - "properties": { - "annotations": { - "additionalProperties": { - "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", - "maxLength": 4096, - "minLength": 0, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "description": "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\nSupport: Extended", - "maxProperties": 8, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", - "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" - }, - { - "message": "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total.", - "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" - } - ] - }, - "labels": { - "additionalProperties": { - "description": "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\nValid values include:\n\n* MyValue\n* my.name\n* 123-my-value", + "kind": { + "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\nWhen used to permit a SecretObjectReference:\n\n* Gateway\n\nWhen used to permit a BackendObjectReference:\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute", "maxLength": 63, - "minLength": 0, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" - }, - "description": "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\nSupport: Extended", - "maxProperties": 8, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", - "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" - }, - { - "message": "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total.", - "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" - } - ] - }, - "parametersRef": { - "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the Gateway SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nSupport: Implementation-specific", - "properties": { - "group": { - "description": "Group is the group of the referent.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "group", - "kind", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "listeners": { - "description": "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n## Distinct Listeners\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on the objects\nthey support:\n\nHTTPRoute\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\nTLSRoute\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\"Distinct\" Listeners have the following property:\n\n**The implementation can match inbound requests to a single distinct\nListener**.\n\nWhen multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\nWhen multiple listeners have the same value for the Protocol field, then\neach of the Listeners with matching Protocol values MUST have different\nvalues for other fields.\n\nThe set of fields that MUST be different for a Listener differs per protocol.\nThe following rules define the rules for what fields MUST be considered for\nListeners to be distinct with each protocol currently defined in the\nGateway API spec.\n\nThe set of listeners that all share a protocol value MUST have _different_\nvalues for _at least one_ of these fields to be distinct:\n\n* **HTTP, HTTPS, TLS**: Port, Hostname\n* **TCP, UDP**: Port\n\nOne **very** important rule to call out involves what happens when an\nimplementation:\n\n* Supports TCP protocol Listeners, as well as HTTP, HTTPS, or TLS protocol\n Listeners, and\n* sees HTTP, HTTPS, or TLS protocols with the same `port` as one with TCP\n Protocol.\n\nIn this case all the Listeners that share a port with the\nTCP Listener are not distinct and so MUST NOT be accepted.\n\nIf an implementation does not support TCP Protocol Listeners, then the\nprevious rule does not apply, and the TCP Listeners SHOULD NOT be\naccepted.\n\nNote that the `tls` field is not used for determining if a listener is distinct, because\nListeners that _only_ differ on TLS config will still conflict in all cases.\n\n### Listeners that are distinct only by Hostname\n\nWhen the Listeners are distinct based only on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\nExact matches MUST be processed before wildcard matches, and wildcard\nmatches MUST be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\n\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n## Handling indistinct Listeners\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are _Conflicted_, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\nThe words \"indistinct\" and \"conflicted\" are considered equivalent for the\npurpose of this documentation.\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners.\n\nSpecifically, an implementation MAY accept a partial Listener set subject to\nthe following rules:\n\n* The implementation MUST NOT pick one conflicting Listener as the winner.\n ALL indistinct Listeners must not be accepted for processing.\n* At least one distinct Listener MUST be present, or else the Gateway effectively\n contains _no_ Listeners, and must be rejected from processing as a whole.\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n## General Listener behavior\n\nNote that, for all distinct Listeners, requests SHOULD match at most one Listener.\nFor example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\n\nThis concept is known as \"Listener Isolation\", and it is an Extended feature\nof Gateway API. Implementations that do not support Listener Isolation MUST\nclearly document this, and MUST NOT claim support for the\n`GatewayHTTPListenerIsolation` feature.\n\nImplementations that _do_ support Listener Isolation SHOULD claim support\nfor the Extended `GatewayHTTPListenerIsolation` feature and pass the associated\nconformance tests.\n\n## Compatible Listeners\n\nA Gateway's Listeners are considered _compatible_ if:\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\nIn a future release the MinItems=1 requirement MAY be dropped.\n\nSupport: Core", - "items": { - "description": "Listener embodies the concept of a logical endpoint where a Gateway accepts\nnetwork connections.", - "properties": { - "allowedRoutes": { - "default": { - "namespaces": { - "from": "Same" - } - }, - "description": "AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\nSupport: Core", - "properties": { - "kinds": { - "description": "Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\nSupport: Core", - "items": { - "description": "RouteGroupKind indicates the group and kind of a Route resource.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the Route.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is the kind of the Route.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array" - }, - "namespaces": { - "default": { - "from": "Same" - }, - "description": "Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\nSupport: Core", - "properties": { - "from": { - "default": "Same", - "description": "From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\nSupport: Core", - "enum": [ - "All", - "Selector", - "Same", - "None" - ], - "type": "string" - }, - "selector": { - "description": "Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hostname": { - "description": "Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match both the SNI and Host header.\n Note that this does not require the SNI and Host header to be the same.\n The semantics of this are described in more detail below.\n\nTo ensure security, Section 11.1 of RFC-6066 emphasizes that server\nimplementations that rely on SNI hostname matching MUST also verify\nhostnames within the application protocol.\n\nSection 9.1.2 of RFC-7540 provides a mechanism for servers to reject the\nreuse of a connection by responding with the HTTP 421 Misdirected Request\nstatus code. This indicates that the origin server has rejected the\nrequest because it appears to have been misdirected.\n\nTo detect misdirected requests, Gateways SHOULD match the authority of\nthe requests with all the SNI hostname(s) configured across all the\nGateway Listeners on the same port and protocol:\n\n* If another Listener has an exact match or more specific wildcard entry,\n the Gateway SHOULD return a 421.\n* If the current Listener (selected by SNI matching during ClientHello)\n does not match the Host:\n * If another Listener does match the Host the Gateway SHOULD return a\n 421.\n * If no other Listener matches the Host, the Gateway MUST return a\n 404.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "name": { - "description": "Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\nSupport: Core", - "maxLength": 253, "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, - "port": { - "description": "Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "description": "Protocol specifies the network protocol this listener expects to receive.\n\nSupport: Core", - "maxLength": 255, + "namespace": { + "description": "Namespace is the namespace of the referent.\n\nSupport: Core", + "maxLength": 63, "minLength": 1, - "pattern": "^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$", + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" - }, - "tls": { - "description": "TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\nSupport: Core", - "properties": { - "certificateRefs": { - "description": "CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\nSupport: Implementation-specific (More than one reference or other resource types)", - "items": { - "description": "SecretObjectReference identifies an API object including its namespace,\ndefaulting to Secret.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.", - "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Secret", - "description": "Kind is kind of the referent. For example \"Secret\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 64, - "type": "array" - }, - "mode": { - "default": "Terminate", - "description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core", - "enum": [ - "Terminate", - "Passthrough" - ], - "type": "string" - }, - "options": { - "additionalProperties": { - "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", - "maxLength": 4096, - "minLength": 0, - "type": "string" - }, - "description": "Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\nSupport: Implementation-specific", - "maxProperties": 16, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "certificateRefs or options must be specified when mode is Terminate", - "rule": "self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true" - } - ] } }, "required": [ - "name", - "port", - "protocol" + "group", + "kind", + "namespace" ], "type": "object" }, - "maxItems": 64, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']", - "rule": "self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" - }, - { - "message": "tls mode must be Terminate for protocol HTTPS", - "rule": "self.all(l, (l.protocol == 'HTTPS' && has(l.tls)) ? (l.tls.mode == '' || l.tls.mode == 'Terminate') : true)" - }, - { - "message": "hostname must not be specified for protocols ['TCP', 'UDP']", - "rule": "self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" - }, - { - "message": "Listener name must be unique within the Gateway", - "rule": "self.all(l1, self.exists_one(l2, l1.name == l2.name))" - }, - { - "message": "Combination of port, protocol and hostname must be unique for each listener", - "rule": "self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" - } - ] - } - }, - "required": [ - "gatewayClassName", - "listeners" - ], - "type": "object" - }, - "status": { - "default": { - "conditions": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - }, - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Programmed" - } - ] - }, - "description": "Status defines the current state of Gateway.", - "properties": { - "addresses": { - "description": "Addresses lists the network addresses that have been bound to the\nGateway.\n\nThis list may differ from the addresses provided in the spec under some\nconditions:\n\n * no addresses are specified, all addresses are dynamically assigned\n * a combination of specified and dynamic addresses are assigned\n * a specified address was unusable (e.g. already in use)", - "items": { - "description": "GatewayStatusAddress describes a network address that is bound to a Gateway.", - "oneOf": [ - { - "properties": { - "type": { - "enum": [ - "IPAddress" - ] - }, - "value": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ] - } - } - }, - { - "properties": { - "type": { - "not": { - "enum": [ - "IPAddress" - ] - } - } - } - } - ], - "properties": { - "type": { - "default": "IPAddress", - "description": "Type of the address.", - "maxLength": 253, - "minLength": 1, - "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string" - }, - "value": { - "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "value" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", - "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" - } - ] - }, "maxItems": 16, + "minItems": 1, "type": "array" }, - "conditions": { - "default": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - }, - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Programmed" - } - ], - "description": "Conditions describe the current conditions of the Gateway.\n\nImplementations should prefer to express Gateway conditions\nusing the `GatewayConditionType` and `GatewayConditionReason`\nconstants so that operators and tools can converge on a common\nvocabulary to describe Gateway state.\n\nKnown condition types are:\n\n* \"Accepted\"\n* \"Programmed\"\n* \"Ready\"", + "to": { + "description": "To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\nSupport: Core", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "ReferenceGrantTo describes what Kinds are allowed as targets of the\nreferences.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, + "group": { + "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\nSupport: Core", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, + "kind": { + "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference", + "maxLength": 63, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "listeners": { - "description": "Listeners provide status for each unique listener port defined in the Spec.", - "items": { - "description": "ListenerStatus is the status associated with a Listener.", - "properties": { - "attachedRoutes": { - "description": "AttachedRoutes represents the total number of Routes that have been\nsuccessfully attached to this Listener.\n\nSuccessful attachment of a Route to a Listener is based solely on the\ncombination of the AllowedRoutes field on the corresponding Listener\nand the Route's ParentRefs field. A Route is successfully attached to\na Listener when it is selected by the Listener's AllowedRoutes field\nAND the Route has a valid ParentRef selecting the whole Gateway\nresource or a specific Listener as a parent resource (more detail on\nattachment semantics can be found in the documentation on the various\nRoute kinds ParentRefs fields). Listener or Route status does not impact\nsuccessful attachment, i.e. the AttachedRoutes field count MUST be set\nfor Listeners with condition Accepted: false and MUST count successfully\nattached Routes that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting Route attachment and\nmeasuring blast radius/impact of changes to a Listener.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "Conditions describe the current condition of this listener.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" }, "name": { - "description": "Name is the name of the Listener that this status corresponds to.", + "description": "Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace.", "maxLength": 253, "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" - }, - "supportedKinds": { - "description": "SupportedKinds is the list indicating the Kinds supported by this\nlistener. This MUST represent the kinds an implementation supports for\nthat Listener configuration.\n\nIf kinds are specified in Spec that are not supported, they MUST NOT\nappear in this list and an implementation MUST set the \"ResolvedRefs\"\ncondition to \"False\" with the \"InvalidRouteKinds\" reason. If both valid\nand invalid Route kinds are specified, the implementation MUST\nreference the valid Route kinds that have been specified.", - "items": { - "description": "RouteGroupKind indicates the group and kind of a Route resource.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the Route.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is the kind of the Route.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array" } }, "required": [ - "attachedRoutes", - "conditions", - "name", - "supportedKinds" + "group", + "kind" ], "type": "object" }, - "maxItems": 64, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "maxItems": 16, + "minItems": 1, + "type": "array" } }, + "required": [ + "from", + "to" + ], "type": "object" } }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "gateway.networking.k8s.io", + "kind": "ReferenceGrant", + "version": "v1beta1" + } + ] + }, + "gateway.networking.k8s.io/v1beta1/ReferenceGrantList": { + "description": "ReferenceGrantList is a list of ReferenceGrant", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of referencegrants. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.ReferenceGrant" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, "required": [ - "spec" + "items" ], "type": "object", "x-kubernetes-group-version-kind": [ { "group": "gateway.networking.k8s.io", - "kind": "Gateway", - "version": "v1" + "kind": "ReferenceGrantList", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/GatewayClass": { - "description": "GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\nGatewayClass is a Cluster level resource.", - "namespaced": false, + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshot": { + "description": "VolumeGroupSnapshot is a user's request for creating either a point-in-time\ngroup snapshot or binding to a pre-existing group snapshot.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -78826,151 +78184,446 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines the desired state of GatewayClass.", + "description": "Spec defines the desired characteristics of a group snapshot requested by a user.\nRequired.", "properties": { - "controllerName": { - "description": "ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\nExample: \"example.net/gateway-controller\".\n\nThis field is not mutable and cannot be empty.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Value is immutable", - "rule": "self == oldSelf" - } - ] - }, - "description": { - "description": "Description helps describe a GatewayClass with more details.", - "maxLength": 64, - "type": "string" - }, - "parametersRef": { - "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the GatewayClass SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nSupport: Implementation-specific", + "source": { + "description": "Source specifies where a group snapshot will be created from.\nThis field is immutable after creation.\nRequired.", "properties": { - "group": { - "description": "Group is the group of the referent.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" + "selector": { + "description": "Selector is a label query over persistent volume claims that are to be\ngrouped together for snapshotting.\nThis labelSelector will be used to match the label added to a PVC.\nIf the label is added or removed to a volume after a group snapshot\nis created, the existing group snapshots won't be modified.\nOnce a VolumeGroupSnapshotContent is created and the sidecar starts to process\nit, the volume list will not change with retries.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "selector is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeGroupSnapshotContentName": { + "description": "VolumeGroupSnapshotContentName specifies the name of a pre-existing VolumeGroupSnapshotContent\nobject representing an existing volume group snapshot.\nThis field should be set if the volume group snapshot already exists and\nonly needs a representation in Kubernetes.\nThis field is immutable.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeGroupSnapshotContentName is immutable", + "rule": "self == oldSelf" + } + ] } }, - "required": [ - "group", - "kind", - "name" - ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "selector is required once set", + "rule": "!has(oldSelf.selector) || has(self.selector)" + }, + { + "message": "volumeGroupSnapshotContentName is required once set", + "rule": "!has(oldSelf.volumeGroupSnapshotContentName) || has(self.volumeGroupSnapshotContentName)" + }, + { + "message": "exactly one of selector and volumeGroupSnapshotContentName must be set", + "rule": "(has(self.selector) && !has(self.volumeGroupSnapshotContentName)) || (!has(self.selector) && has(self.volumeGroupSnapshotContentName))" + } + ] + }, + "volumeGroupSnapshotClassName": { + "description": "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass\nrequested by the VolumeGroupSnapshot.\nVolumeGroupSnapshotClassName may be left nil to indicate that the default\nclass will be used.\nEmpty string is not allowed for this field.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeGroupSnapshotClassName must not be the empty string when set", + "rule": "size(self) > 0" + } + ] } }, "required": [ - "controllerName" + "source" ], "type": "object" }, "status": { - "default": { - "conditions": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - } - ] - }, - "description": "Status defines the current state of GatewayClass.\n\nImplementations MUST populate status on all GatewayClass resources which\nspecify their controller name.", + "description": "Status represents the current information of a group snapshot.\nConsumers must verify binding between VolumeGroupSnapshot and\nVolumeGroupSnapshotContent objects is successful (by validating that both\nVolumeGroupSnapshot and VolumeGroupSnapshotContent point to each other) before\nusing this object.", "properties": { - "conditions": { - "default": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" + "boundVolumeGroupSnapshotContentName": { + "description": "BoundVolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent\nobject to which this VolumeGroupSnapshot object intends to bind to.\nIf not specified, it indicates that the VolumeGroupSnapshot object has not\nbeen successfully bound to a VolumeGroupSnapshotContent object yet.\nNOTE: To avoid possible security issues, consumers must verify binding between\nVolumeGroupSnapshot and VolumeGroupSnapshotContent objects is successful\n(by validating that both VolumeGroupSnapshot and VolumeGroupSnapshotContent\npoint at each other) before using this object.", + "type": "string" + }, + "creationTime": { + "description": "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it may indicate that the creation time of the group snapshot\nis unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is updated based on the CreationTime field in VolumeGroupSnapshotContentStatus", + "format": "date-time", + "type": "string" + }, + "error": { + "description": "Error is the last observed error during group snapshot creation, if any.\nThis field could be helpful to upper level controllers (i.e., application\ncontroller) to decide whether they should continue on waiting for the group\nsnapshot to be created based on the type of error reported.\nThe snapshot controller will keep retrying when an error occurs during the\ngroup snapshot creation. Upon success, this error field will be cleared.", + "properties": { + "message": { + "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", + "type": "string" + }, + "time": { + "description": "time is the timestamp when the error was encountered.", + "format": "date-time", + "type": "string" } + }, + "type": "object" + }, + "readyToUse": { + "description": "ReadyToUse indicates if all the individual snapshots in the group are ready\nto be used to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.\nIf not specified, it means the readiness of a group snapshot is unknown.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshot", + "version": "v1beta1" + } + ] + }, + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotClass": { + "description": "VolumeGroupSnapshotClass specifies parameters that a underlying storage system\nuses when creating a volume group snapshot. A specific VolumeGroupSnapshotClass\nis used by specifying its name in a VolumeGroupSnapshot object.\nVolumeGroupSnapshotClasses are non-namespaced.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "deletionPolicy": { + "description": "DeletionPolicy determines whether a VolumeGroupSnapshotContent created\nthrough the VolumeGroupSnapshotClass should be deleted when its bound\nVolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nRequired.", + "enum": [ + "Delete", + "Retain" + ], + "type": "string" + }, + "driver": { + "description": "Driver is the name of the storage driver expected to handle this VolumeGroupSnapshotClass.\nRequired.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a key-value map with storage driver specific parameters for\ncreating group snapshots.\nThese values are opaque to Kubernetes and are passed directly to the driver.", + "type": "object" + } + }, + "required": [ + "deletionPolicy", + "driver" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshotClass", + "version": "v1beta1" + } + ] + }, + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotClassList": { + "description": "VolumeGroupSnapshotClassList is a list of VolumeGroupSnapshotClass", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of volumegroupsnapshotclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshotClass" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshotClassList", + "version": "v1beta1" + } + ] + }, + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotContent": { + "description": "VolumeGroupSnapshotContent represents the actual \"on-disk\" group snapshot object\nin the underlying storage system", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Spec defines properties of a VolumeGroupSnapshotContent created by the underlying storage system.\nRequired.", + "properties": { + "deletionPolicy": { + "description": "DeletionPolicy determines whether this VolumeGroupSnapshotContent and the\nphysical group snapshot on the underlying storage system should be deleted\nwhen the bound VolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nFor dynamically provisioned group snapshots, this field will automatically\nbe filled in by the CSI snapshotter sidecar with the \"DeletionPolicy\" field\ndefined in the corresponding VolumeGroupSnapshotClass.\nFor pre-existing snapshots, users MUST specify this field when creating the\nVolumeGroupSnapshotContent object.\nRequired.", + "enum": [ + "Delete", + "Retain" ], - "description": "Conditions is the current status from the controller for\nthis GatewayClass.\n\nControllers should prefer to publish conditions using values\nof GatewayClassConditionType for the type of each Condition.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" + "type": "string" + }, + "driver": { + "description": "Driver is the name of the CSI driver used to create the physical group snapshot on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", + "type": "string" + }, + "source": { + "description": "Source specifies whether the snapshot is (or should be) dynamically provisioned\nor already exists, and just requires a Kubernetes object representation.\nThis field is immutable after creation.\nRequired.", + "properties": { + "groupSnapshotHandles": { + "description": "GroupSnapshotHandles specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot and a list of CSI \"snapshot_id\" of pre-existing snapshots\non the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable.", + "properties": { + "volumeGroupSnapshotHandle": { + "description": "VolumeGroupSnapshotHandle specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot on the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable.\nRequired.", + "type": "string" + }, + "volumeSnapshotHandles": { + "description": "VolumeSnapshotHandles is a list of CSI \"snapshot_id\" of pre-existing\nsnapshots on the underlying storage system for which Kubernetes objects\nrepresentation were (or should be) created.\nThis field is immutable.\nRequired.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "required": [ + "volumeGroupSnapshotHandle", + "volumeSnapshotHandles" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "groupSnapshotHandles is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeHandles": { + "description": "VolumeHandles is a list of volume handles on the backend to be snapshotted\ntogether. It is specified for dynamic provisioning of the VolumeGroupSnapshot.\nThis field is immutable.", + "items": { "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], + "type": "array", + "x-kubernetes-validations": [ + { + "message": "volumeHandles is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "volumeHandles is required once set", + "rule": "!has(oldSelf.volumeHandles) || has(self.volumeHandles)" + }, + { + "message": "groupSnapshotHandles is required once set", + "rule": "!has(oldSelf.groupSnapshotHandles) || has(self.groupSnapshotHandles)" + }, + { + "message": "exactly one of volumeHandles and groupSnapshotHandles must be set", + "rule": "(has(self.volumeHandles) && !has(self.groupSnapshotHandles)) || (!has(self.volumeHandles) && has(self.groupSnapshotHandles))" + } + ] + }, + "volumeGroupSnapshotClassName": { + "description": "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass from\nwhich this group snapshot was (or will be) created.\nNote that after provisioning, the VolumeGroupSnapshotClass may be deleted or\nrecreated with different set of values, and as such, should not be referenced\npost-snapshot creation.\nFor dynamic provisioning, this field must be set.\nThis field may be unset for pre-provisioned snapshots.", + "type": "string" + }, + "volumeGroupSnapshotRef": { + "description": "VolumeGroupSnapshotRef specifies the VolumeGroupSnapshot object to which this\nVolumeGroupSnapshotContent object is bound.\nVolumeGroupSnapshot.Spec.VolumeGroupSnapshotContentName field must reference to\nthis VolumeGroupSnapshotContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeGroupSnapshotContent object, name and namespace of the\nVolumeGroupSnapshot object MUST be provided for binding to happen.\nThis field is immutable after creation.\nRequired.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "both volumeGroupSnapshotRef.name and volumeGroupSnapshotRef.namespace must be set", + "rule": "has(self.name) && has(self.__namespace__)" + } + ] + } + }, + "required": [ + "deletionPolicy", + "driver", + "source", + "volumeGroupSnapshotRef" + ], + "type": "object" + }, + "status": { + "description": "status represents the current information of a group snapshot.", + "properties": { + "creationTime": { + "description": "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it indicates the creation time is unknown.\nIf not specified, it means the readiness of a group snapshot is unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is the source for the CreationTime field in VolumeGroupSnapshotStatus", + "format": "date-time", + "type": "string" + }, + "error": { + "description": "Error is the last observed error during group snapshot creation, if any.\nUpon success after retry, this error field will be cleared.", + "properties": { + "message": { + "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", + "type": "string" + }, + "time": { + "description": "time is the timestamp when the error was encountered.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "readyToUse": { + "description": "ReadyToUse indicates if all the individual snapshots in the group are ready to be\nused to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.", + "type": "boolean" + }, + "volumeGroupSnapshotHandle": { + "description": "VolumeGroupSnapshotHandle is a unique id returned by the CSI driver\nto identify the VolumeGroupSnapshot on the storage system.\nIf a storage system does not provide such an id, the\nCSI driver can choose to return the VolumeGroupSnapshot name.", + "type": "string" + }, + "volumeSnapshotHandlePairList": { + "description": "VolumeSnapshotHandlePairList is a list of CSI \"volume_id\" and \"snapshot_id\"\npair returned by the CSI driver to identify snapshots and their source volumes\non the storage system.", + "items": { + "description": "VolumeSnapshotHandlePair defines a pair of a source volume handle and a snapshot handle", + "properties": { + "snapshotHandle": { + "description": "SnapshotHandle is a unique id returned by the CSI driver to identify a volume\nsnapshot on the storage system\nRequired.", "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "volumeHandle": { + "description": "VolumeHandle is a unique id returned by the CSI driver to identify a volume\non the storage system\nRequired.", "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "snapshotHandle", + "volumeHandle" ], "type": "object" }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "array" } }, "type": "object" @@ -78982,14 +78635,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "gateway.networking.k8s.io", - "kind": "GatewayClass", - "version": "v1" + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshotContent", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/GatewayClassList": { - "description": "GatewayClassList is a list of GatewayClass", + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotContentList": { + "description": "VolumeGroupSnapshotContentList is a list of VolumeGroupSnapshotContent", "namespaced": true, "properties": { "apiVersion": { @@ -78997,9 +78650,9 @@ "type": "string" }, "items": { - "description": "List of gatewayclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of volumegroupsnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.GatewayClass" + "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshotContent" }, "type": "array" }, @@ -79022,14 +78675,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "gateway.networking.k8s.io", - "kind": "GatewayClassList", - "version": "v1" + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshotContentList", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/GatewayList": { - "description": "GatewayList is a list of Gateway", + "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotList": { + "description": "VolumeGroupSnapshotList is a list of VolumeGroupSnapshot", "namespaced": true, "properties": { "apiVersion": { @@ -79037,9 +78690,9 @@ "type": "string" }, "items": { - "description": "List of gateways. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of volumegroupsnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.Gateway" + "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshot" }, "type": "array" }, @@ -79062,14 +78715,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "gateway.networking.k8s.io", - "kind": "GatewayList", - "version": "v1" + "group": "groupsnapshot.storage.openshift.io", + "kind": "VolumeGroupSnapshotList", + "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1/HTTPRoute": { - "description": "HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed.", + "hco.kubevirt.io/v1beta1/HyperConverged": { + "description": "HyperConverged is the Schema for the hyperconvergeds API", "namespaced": true, "properties": { "apiVersion": { @@ -79089,4440 +78742,4533 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines the desired state of HTTPRoute.", + "default": { + "certConfig": { + "ca": { + "duration": "48h0m0s", + "renewBefore": "24h0m0s" + }, + "server": { + "duration": "24h0m0s", + "renewBefore": "12h0m0s" + } + }, + "deployVmConsoleProxy": false, + "enableApplicationAwareQuota": false, + "enableCommonBootImageImport": true, + "featureGates": { + "decentralizedLiveMigration": false, + "declarativeHotplugVolumes": false, + "deployKubeSecondaryDNS": false, + "disableMDevConfiguration": false, + "downwardMetrics": false, + "enableMultiArchBootImageImport": false, + "persistentReservation": false + }, + "liveMigrationConfig": { + "allowAutoConverge": false, + "allowPostCopy": false, + "completionTimeoutPerGiB": 150, + "parallelMigrationsPerCluster": 5, + "parallelOutboundMigrationsPerNode": 2, + "progressTimeout": 150 + }, + "resourceRequirements": { + "vmiCPUAllocationRatio": 10 + }, + "uninstallStrategy": "BlockUninstallIfWorkloadsExist", + "virtualMachineOptions": { + "disableFreePageReporting": false, + "disableSerialConsoleLog": false + } + }, + "description": "HyperConvergedSpec defines the desired state of HyperConverged", "properties": { - "hostnames": { - "description": "Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\nSupport: Core", - "items": { - "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", - "maxLength": 253, - "minLength": 1, - "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "CommonInstancetypesDeployment": { + "description": "CommonInstancetypesDeployment holds the configuration of common-instancetypes deployment within KubeVirt.", + "properties": { + "enabled": { + "description": "Enabled controls the deployment of common-instancetypes resources, defaults to True.", + "nullable": true, + "type": "boolean" + } }, - "maxItems": 16, - "type": "array" + "type": "object" }, - "parentRefs": { - "description": "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nParentRefs must be _distinct_. This means either that:\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\nSome examples:\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.", - "items": { - "description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Gateway", - "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" + "applicationAwareConfig": { + "description": "ApplicationAwareConfig set the AAQ configurations", + "properties": { + "allowApplicationAwareClusterResourceQuota": { + "default": false, + "description": "AllowApplicationAwareClusterResourceQuota if set to true, allows creation and management of ClusterAppsResourceQuota", + "type": "boolean" + }, + "namespaceSelector": { + "description": "NamespaceSelector determines in which namespaces scheduling gate will be added to pods..", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "name" - ], - "type": "object" + "vmiCalcConfigName": { + "default": "DedicatedVirtualResources", + "description": "VmiCalcConfigName determine how resource allocation will be done with ApplicationsResourceQuota.\nallowed values are: VmiPodUsage, VirtualResources, DedicatedVirtualResources, IgnoreVmiCalculator or GuestEffectiveResources", + "enum": [ + "VmiPodUsage", + "VirtualResources", + "DedicatedVirtualResources", + "IgnoreVmiCalculator", + "GuestEffectiveResources" + ], + "type": "string" + } }, - "maxItems": 32, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "sectionName must be specified when parentRefs includes 2 or more references to the same parent", - "rule": "self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))" + "type": "object" + }, + "certConfig": { + "default": { + "ca": { + "duration": "48h0m0s", + "renewBefore": "24h0m0s" }, - { - "message": "sectionName must be unique when parentRefs includes 2 or more references to the same parent", - "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))" + "server": { + "duration": "24h0m0s", + "renewBefore": "12h0m0s" } - ] - }, - "rules": { - "default": [ - { - "matches": [ - { - "path": { - "type": "PathPrefix", - "value": "/" - } + }, + "description": "certConfig holds the rotation policy for internal, self-signed certificates", + "properties": { + "ca": { + "default": { + "duration": "48h0m0s", + "renewBefore": "24h0m0s" + }, + "description": "CA configuration -\nCA certs are kept in the CA bundle as long as they are valid", + "properties": { + "duration": { + "default": "48h0m0s", + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", + "type": "string" + }, + "renewBefore": { + "default": "24h0m0s", + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", + "type": "string" } - ] + }, + "type": "object" + }, + "server": { + "default": { + "duration": "24h0m0s", + "renewBefore": "12h0m0s" + }, + "description": "Server configuration -\nCerts are rotated and discarded", + "properties": { + "duration": { + "default": "24h0m0s", + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", + "type": "string" + }, + "renewBefore": { + "default": "12h0m0s", + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", + "type": "string" + } + }, + "type": "object" } - ], - "description": "Rules are a list of HTTP matchers, filters and actions.", + }, + "type": "object" + }, + "commonBootImageNamespace": { + "description": "CommonBootImageNamespace override the default namespace of the common boot images, in order to hide them.\n\nIf not set, HCO won't set any namespace, letting SSP to use the default. If set, use the namespace to create the\nDataImportCronTemplates and the common image streams, with this namespace. This field is not set by default.", + "type": "string" + }, + "commonTemplatesNamespace": { + "description": "CommonTemplatesNamespace defines namespace in which common templates will\nbe deployed. It overrides the default openshift namespace.", + "type": "string" + }, + "dataImportCronTemplates": { + "description": "DataImportCronTemplates holds list of data import cron templates (golden images)", "items": { - "description": "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", + "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", "properties": { - "backendRefs": { - "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints,\nimplementations SHOULD return a 503 for requests to that backend instead.\nIf an implementation chooses to do this, all of the above rules for 500 responses\nMUST also apply for responses that return a 503.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", - "items": { - "description": "HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", - "properties": { - "filters": { - "description": "Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)", - "items": { - "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "DataImportCronSpec defines specification for DataImportCron", + "properties": { + "garbageCollect": { + "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", + "type": "string" + }, + "importsToKeep": { + "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", + "format": "int32", + "type": "integer" + }, + "managedDataSource": { + "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", + "type": "string" + }, + "retentionPolicy": { + "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", + "type": "string" + }, + "schedule": { + "description": "Schedule specifies in cron format when and how often to look for new imports", + "type": "string" + }, + "template": { + "description": "Template specifies template for the DVs to be created", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "properties": { - "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", - "properties": { - "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } + "annotations": { + "additionalProperties": { + "type": "string" }, - "required": [ - "group", - "kind", - "name" - ], "type": "object" }, - "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ + "required": [ + "kind", "name" ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", - "properties": { - "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" - }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" } }, "required": [ + "kind", "name" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } - ] + }, + "type": "object" }, - "fraction": { - "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { - "denominator": { - "default": 100, - "format": "int32", - "minimum": 1, - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "numerator": { - "format": "int32", - "minimum": 0, - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "numerator" - ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "numerator must be less than or equal to denominator", - "rule": "self.numerator <= self.denominator" - } - ] + "x-kubernetes-map-type": "atomic" }, - "percent": { - "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "format": "int32", - "maximum": 100, - "minimum": 0, - "type": "integer" + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" } }, - "required": [ - "backendRef" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", - "rule": "!(has(self.percent) && has(self.fraction))" - } - ] + "type": "object" }, - "requestRedirect": { - "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "source": { + "description": "Source is the src of the data for the requested DataVolume", "properties": { - "hostname": { - "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" }, - "path": { - "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", "type": "string" }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], + "url": { + "description": "URL is the url of the GCS source", "type": "string" } }, "required": [ - "type" + "url" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" } - ] - }, - "port": { - "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "scheme": { - "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", - "enum": [ - "http", - "https" + }, + "required": [ + "url" ], - "type": "string" + "type": "object" }, - "statusCode": { - "default": 302, - "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", - "enum": [ - 301, - 302 - ], - "type": "integer" - } - }, - "type": "object" - }, - "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "diskId", + "url" ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { - "type": "string" + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-type": "set" + "required": [ + "name", + "namespace" + ], + "type": "object" }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "RequestHeaderModifier", - "ResponseHeaderModifier", - "RequestMirror", - "RequestRedirect", - "URLRewrite", - "ExtensionRef" - ], - "type": "string" - }, - "urlRewrite": { - "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", - "properties": { - "hostname": { - "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "type": "object" }, - "path": { - "description": "Path defines a path rewrite.\n\nSupport: Extended", + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", "type": "string" }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", "type": "string" }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], + "url": { + "description": "URL is the url of the S3 source", "type": "string" } }, "required": [ - "type" + "url" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" } - ] + }, + "type": "object" } }, "type": "object" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", - "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" - }, - { - "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", - "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", - "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", - "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" - }, - { - "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", - "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" - }, - { - "message": "filter.requestMirror must be specified for RequestMirror filter.type", - "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" - }, - { - "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", - "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" - }, - { - "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", - "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" - }, - { - "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", - "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" - }, - { - "message": "filter.urlRewrite must be specified for URLRewrite filter.type", - "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" - }, - { - "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", - "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" }, - { - "message": "filter.extensionRef must be specified for ExtensionRef filter.type", - "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" - } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "RequestHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" - }, - { - "message": "ResponseHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" - }, - { - "message": "RequestRedirect filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" - }, - { - "message": "URLRewrite filter cannot be repeated", - "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" - } - ] - }, - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "weight": { - "default": 1, - "description": "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\nSupport for this field varies based on the context where used.", - "format": "int32", - "maximum": 1000000, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" - } - ] - }, - "maxItems": 16, - "type": "array" - }, - "filters": { - "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that cannot be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation cannot support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", - "items": { - "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", - "properties": { - "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", - "properties": { - "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "group", - "kind", - "name" - ], - "type": "object" - }, - "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "description": "The name of the source reference", "type": "string" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", "type": "string" } }, "required": [ - "name", - "value" + "kind", + "name" ], "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "storage": { + "description": "Storage is the requested storage specification", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "name", - "value" - ], "type": "object" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } + } + }, + "type": "object" }, - "type": "object" - }, - "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", - "properties": { - "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", - "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } + "status": { + "description": "DataVolumeStatus contains the current status of the DataVolume", + "properties": { + "claimName": { + "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" - } - ] - }, - "fraction": { - "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "properties": { - "denominator": { - "default": 100, - "format": "int32", - "minimum": 1, - "type": "integer" - }, - "numerator": { - "format": "int32", - "minimum": 0, - "type": "integer" - } + "conditions": { + "items": { + "description": "DataVolumeCondition represents the state of a data volume condition.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataVolumeConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" }, - "required": [ - "numerator" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "numerator must be less than or equal to denominator", - "rule": "self.numerator <= self.denominator" - } - ] + "phase": { + "description": "Phase is the current phase of the data volume", + "type": "string" + }, + "progress": { + "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", + "type": "string" + }, + "restartCount": { + "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", + "format": "int32", + "type": "integer" + } }, - "percent": { - "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "format": "int32", - "maximum": 100, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "backendRef" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", - "rule": "!(has(self.percent) && has(self.fraction))" - } - ] + "type": "object" + } }, - "requestRedirect": { - "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "required": [ + "spec" + ], + "type": "object" + } + }, + "required": [ + "managedDataSource", + "schedule", + "template" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "defaultCPUModel": { + "description": "DefaultCPUModel defines a cluster default for CPU model: default CPU model is set when VMI doesn't have any CPU model.\nWhen VMI has CPU model set, then VMI's CPU model is preferred.\nWhen default CPU model is not set and VMI's CPU model is not set too, host-model will be set.\nDefault CPU model can be changed when kubevirt is running.", + "type": "string" + }, + "defaultRuntimeClass": { + "description": "DefaultRuntimeClass defines a cluster default for the RuntimeClass to be used for VMIs pods if not set there.\nDefault RuntimeClass can be changed when kubevirt is running, existing VMIs are not impacted till\nthe next restart/live-migration when they are eventually going to consume the new default RuntimeClass.", + "type": "string" + }, + "deployVmConsoleProxy": { + "default": false, + "description": "deploy VM console proxy resources in SSP operator", + "type": "boolean" + }, + "enableApplicationAwareQuota": { + "default": false, + "description": "EnableApplicationAwareQuota if true, enables the Application Aware Quota feature", + "type": "boolean" + }, + "enableCommonBootImageImport": { + "default": true, + "description": "Opt-in to automatic delivery/updates of the common data import cron templates.\nThere are two sources for the data import cron templates: hard coded list of common templates, and custom (user\ndefined) templates that can be added to the dataImportCronTemplates field. This field only controls the common\ntemplates. It is possible to use custom templates by adding them to the dataImportCronTemplates field.", + "type": "boolean" + }, + "evictionStrategy": { + "description": "EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be\nmigrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific\nfield is set it overrides the cluster level one.\nAllowed values:\n- `None` no eviction strategy at cluster level.\n- `LiveMigrate` migrate the VM on eviction; a not live migratable VM with no specific strategy will block the drain of the node util manually evicted.\n- `LiveMigrateIfPossible` migrate the VM on eviction if live migration is possible, otherwise directly evict.\n- `External` block the drain, track eviction and notify an external controller.\nDefaults to LiveMigrate with multiple worker nodes, None on single worker clusters.", + "enum": [ + "None", + "LiveMigrate", + "LiveMigrateIfPossible", + "External" + ], + "type": "string" + }, + "featureGates": { + "default": { + "decentralizedLiveMigration": false, + "declarativeHotplugVolumes": false, + "deployKubeSecondaryDNS": false, + "disableMDevConfiguration": false, + "downwardMetrics": false, + "enableMultiArchBootImageImport": false, + "persistentReservation": false + }, + "description": "featureGates is a map of feature gate flags. Setting a flag to `true` will enable\nthe feature. Setting `false` or removing the feature gate, disables the feature.", + "properties": { + "alignCPUs": { + "default": false, + "description": "Enable KubeVirt to request up to two additional dedicated CPUs\nin order to complete the total CPU count to an even parity when using emulator thread isolation.\nNote: this feature is in Developer Preview.", + "type": "boolean" + }, + "autoResourceLimits": { + "description": "Deprecated: this field is ignored and will be removed in the next version of the API.", + "type": "boolean" + }, + "decentralizedLiveMigration": { + "default": false, + "description": "DecentralizedLiveMigration enables the decentralized live migration (cross-cluster migration) feature.\nThis feature allows live migration of VirtualMachineInstances between different clusters.\nThis feature is in Developer Preview.", + "type": "boolean" + }, + "declarativeHotplugVolumes": { + "default": false, + "description": "DeclarativeHotplugVolumes enables the use of the declarative volume hotplug feature in KubeVirt.\nWhen set to true, the \"DeclarativeHotplugVolumes\" feature gate is enabled instead of \"HotplugVolumes\".\nWhen set to false or nil, the \"HotplugVolumes\" feature gate is enabled (default behavior).\nThis feature is in Developer Preview.", + "type": "boolean" + }, + "deployKubeSecondaryDNS": { + "default": false, + "description": "Deploy KubeSecondaryDNS by CNAO", + "type": "boolean" + }, + "deployKubevirtIpamController": { + "description": "Deprecated: this field is ignored and will be removed in the next version of the API.", + "type": "boolean" + }, + "deployTektonTaskResources": { + "description": "Deprecated: This field is ignored and will be removed on the next version of the API.", + "type": "boolean" + }, + "deployVmConsoleProxy": { + "description": "Deprecated: This field is ignored and will be removed on the next version of the API.\nUse spec.deployVmConsoleProxy instead", + "type": "boolean" + }, + "disableMDevConfiguration": { + "default": false, + "description": "Disable mediated devices handling on KubeVirt", + "type": "boolean" + }, + "downwardMetrics": { + "default": false, + "description": "Allow to expose a limited set of host metrics to guests.", + "type": "boolean" + }, + "enableApplicationAwareQuota": { + "description": "Deprecated: This field is ignored and will be removed on the next version of the API.\nUse spec.enableApplicationAwareQuota instead", + "type": "boolean" + }, + "enableCommonBootImageImport": { + "description": "Deprecated: This field is ignored. Use spec.enableCommonBootImageImport instead", + "type": "boolean" + }, + "enableManagedTenantQuota": { + "description": "Deprecated: This field is ignored and will be removed on the next version of the API.", + "type": "boolean" + }, + "enableMultiArchBootImageImport": { + "default": false, + "description": "EnableMultiArchBootImageImport allows the HCO to run on heterogeneous clusters with different CPU architectures.\nSetting this field to true will allow the HCO to create Golden Images for different CPU architectures.\n\nThis feature is in Developer Preview.", + "type": "boolean" + }, + "nonRoot": { + "description": "Deprecated: // Deprecated: This field is ignored and will be removed on the next version of the API.", + "type": "boolean" + }, + "persistentReservation": { + "default": false, + "description": "Enable persistent reservation of a LUN through the SCSI Persistent Reserve commands on Kubevirt.\nIn order to issue privileged SCSI ioctls, the VM requires activation of the persistent reservation flag.\nOnce this feature gate is enabled, then the additional container with the qemu-pr-helper is deployed inside the virt-handler pod.\nEnabling (or removing) the feature gate causes the redeployment of the virt-handler pod.", + "type": "boolean" + }, + "primaryUserDefinedNetworkBinding": { + "description": "primaryUserDefinedNetworkBinding deploys the needed configurations for kubevirt users to\nbe able to bind their VM to a UDN network on the VM's primary interface.\nDeprecated: this field is ignored and will be removed in the next version of the API.", + "type": "boolean" + }, + "withHostPassthroughCPU": { + "description": "Deprecated: there is no such FG in KubeVirt. This field is ignored", + "type": "boolean" + } + }, + "type": "object" + }, + "filesystemOverhead": { + "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes.\nA value is between 0 and 1, if not defined it is 0.055 (5.5 percent overhead)", + "properties": { + "global": { + "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "storageClass": { + "additionalProperties": { + "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", + "type": "object" + } + }, + "type": "object" + }, + "higherWorkloadDensity": { + "default": { + "memoryOvercommitPercentage": 100 + }, + "description": "HigherWorkloadDensity holds configuration aimed to increase virtual machine density", + "properties": { + "memoryOvercommitPercentage": { + "default": 100, + "description": "MemoryOvercommitPercentage is the percentage of memory we want to give VMIs compared to the amount\ngiven to its parent pod (virt-launcher). For example, a value of 102 means the VMI will\n\"see\" 2% more memory than its parent pod. Values under 100 are effectively \"undercommits\".\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.", + "minimum": 10, + "type": "integer" + } + }, + "type": "object" + }, + "infra": { + "description": "infra HyperConvergedConfig influences the pod configuration (currently only placement)\nfor all the infra components needed on the virtualization enabled cluster\nbut not necessarily directly on each node running VMs/VMIs.", + "properties": { + "nodePlacement": { + "description": "NodePlacement describes node scheduling configuration.", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "hostname": { - "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, - "type": "string" - }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "type" + "nodeSelectorTerms" ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" - }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" - }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] - }, - "port": { - "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "scheme": { - "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", - "enum": [ - "http", - "https" - ], - "type": "string" - }, - "statusCode": { - "default": 302, - "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", - "enum": [ - 301, - 302 - ], - "type": "integer" + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name", - "value" + "podAffinityTerm", + "weight" ], "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { - "type": "string" - }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "name", - "value" + "topologyKey" ], "type": "object" }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "RequestHeaderModifier", - "ResponseHeaderModifier", - "RequestMirror", - "RequestRedirect", - "URLRewrite", - "ExtensionRef" - ], - "type": "string" - }, - "urlRewrite": { - "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "hostname": { - "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "path": { - "description": "Path defines a path rewrite.\n\nSupport: Extended", - "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, - "type": "string" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" - } + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" - }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" - }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] - } - }, - "type": "object" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", - "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" - }, - { - "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", - "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", - "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", - "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" - }, - { - "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", - "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" - }, - { - "message": "filter.requestMirror must be specified for RequestMirror filter.type", - "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" - }, - { - "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", - "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" - }, - { - "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", - "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" - }, - { - "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", - "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" - }, - { - "message": "filter.urlRewrite must be specified for URLRewrite filter.type", - "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" - }, - { - "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", - "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" - }, - { - "message": "filter.extensionRef must be specified for ExtensionRef filter.type", - "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "RequestHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" }, - { - "message": "ResponseHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" }, - { - "message": "RequestRedirect filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" }, - { - "message": "URLRewrite filter cannot be repeated", - "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" - } - ] + "type": "array" + } }, - "matches": { - "default": [ - { - "path": { - "type": "PathPrefix", - "value": "/" - } - } - ], - "description": "Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned.", - "items": { - "description": "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n```\nmatch:\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n```", - "properties": { - "headers": { - "description": "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route.", - "items": { - "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "type": { - "default": "Exact", - "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", - "enum": [ - "Exact", - "RegularExpression" - ], - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "object" + } + }, + "type": "object" + }, + "instancetypeConfig": { + "description": "InstancetypeConfig holds the configuration of instance type related functionality within KubeVirt.", + "properties": { + "referencePolicy": { + "description": "ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:\nreference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.\nexpand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.\nexpandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.", + "enum": [ + "reference", + "expand", + "expandAll" + ], + "nullable": true, + "type": "string" + } + }, + "type": "object" + }, + "ksmConfiguration": { + "description": "KSMConfiguration holds the information regarding\nthe enabling the KSM in the nodes (if available).", + "properties": { + "nodeLabelSelector": { + "description": "NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled.\nEmpty NodeLabelSelector will enable ksm for every node.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "method": { - "description": "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\nSupport: Extended", - "enum": [ - "GET", - "HEAD", - "POST", - "PUT", - "DELETE", - "CONNECT", - "OPTIONS", - "TRACE", - "PATCH" - ], - "type": "string" - }, - "path": { - "default": { - "type": "PathPrefix", - "value": "/" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "description": "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided.", - "properties": { - "type": { - "default": "PathPrefix", - "description": "Type specifies how to match against the path Value.\n\nSupport: Core (Exact, PathPrefix)\n\nSupport: Implementation-specific (RegularExpression)", - "enum": [ - "Exact", - "PathPrefix", - "RegularExpression" - ], - "type": "string" - }, - "value": { - "default": "/", - "description": "Value of the HTTP path to match against.", - "maxLength": 1024, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" - }, - { - "message": "must not contain '//' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" - }, - { - "message": "must not contain '/./' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" - }, - { - "message": "must not contain '/../' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" - }, - { - "message": "must not contain '%2f' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" - }, - { - "message": "must not contain '%2F' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" - }, - { - "message": "must not contain '#' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" - }, - { - "message": "must not end with '/..' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" - }, - { - "message": "must not end with '/.' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" - }, - { - "message": "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']", - "rule": "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" }, - { - "message": "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" - } - ] + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "queryParams": { - "description": "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\nSupport: Extended", - "items": { - "description": "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters.", - "properties": { - "name": { - "description": "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "type": { - "default": "Exact", - "description": "Type specifies how to match against the value of the query parameter.\n\nSupport: Extended (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect.", - "enum": [ - "Exact", - "RegularExpression" - ], - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP query param to be matched.", - "maxLength": 1024, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "kubeSecondaryDNSNameServerIP": { + "description": "KubeSecondaryDNSNameServerIP defines name server IP used by KubeSecondaryDNS", + "type": "string" + }, + "liveMigrationConfig": { + "default": { + "allowAutoConverge": false, + "allowPostCopy": false, + "completionTimeoutPerGiB": 150, + "parallelMigrationsPerCluster": 5, + "parallelOutboundMigrationsPerNode": 2, + "progressTimeout": 150 + }, + "description": "Live migration limits and timeouts are applied so that migration processes do not\noverwhelm the cluster.", + "properties": { + "allowAutoConverge": { + "default": false, + "description": "AllowAutoConverge allows the platform to compromise performance/availability of VMIs to\nguarantee successful VMI live migrations. Defaults to false", + "type": "boolean" + }, + "allowPostCopy": { + "default": false, + "description": "When enabled, KubeVirt attempts to use post-copy live-migration in case it\nreaches its completion timeout while attempting pre-copy live-migration.\nPost-copy migrations allow even the busiest VMs to successfully live-migrate.\nHowever, events like a network failure or a failure in any of the source or\ndestination nodes can cause the migrated VM to crash or reach inconsistency.\nEnable this option when evicting nodes is more important than keeping VMs\nalive.\nDefaults to false.", + "type": "boolean" + }, + "bandwidthPerMigration": { + "description": "Bandwidth limit of each migration, the value is quantity of bytes per second (e.g. 2048Mi = 2048MiB/sec)", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "type": "string" + }, + "completionTimeoutPerGiB": { + "default": 150, + "description": "If a migrating VM is big and busy, while the connection to the destination node\nis slow, migration may never converge. The completion timeout is calculated\nbased on completionTimeoutPerGiB times the size of the guest (both RAM and\nmigrated disks, if any). For example, with completionTimeoutPerGiB set to 800,\na virtual machine instance with 6GiB memory will timeout if it has not\ncompleted migration in 1h20m. Use a lower completionTimeoutPerGiB to induce\nquicker failure, so that another destination or post-copy is attempted. Use a\nhigher completionTimeoutPerGiB to let workload with spikes in its memory dirty\nrate to converge.\nThe format is a number.", + "format": "int64", + "type": "integer" + }, + "network": { + "description": "The migrations will be performed over a dedicated multus network to minimize disruption to tenant workloads due to network saturation when VM live migrations are triggered.", + "type": "string" + }, + "parallelMigrationsPerCluster": { + "default": 5, + "description": "Number of migrations running in parallel in the cluster.", + "format": "int32", + "type": "integer" + }, + "parallelOutboundMigrationsPerNode": { + "default": 2, + "description": "Maximum number of outbound migrations per node.", + "format": "int32", + "type": "integer" + }, + "progressTimeout": { + "default": 150, + "description": "The migration will be canceled if memory copy fails to make progress in this time, in seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "liveUpdateConfiguration": { + "description": "LiveUpdateConfiguration holds the cluster configuration for live update of virtual machines - max cpu sockets,\nmax guest memory and max hotplug ratio. This setting can affect VM CPU and memory settings.", + "properties": { + "maxCpuSockets": { + "description": "MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.\nFor VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.", + "format": "int32", + "type": "integer" + }, + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxGuest defines the maximum amount memory that can be allocated\nto the guest using hotplug.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "maxHotplugRatio": { + "description": "MaxHotplugRatio is the ratio used to define the max amount\nof a hotplug resource that can be made available to a VM\nwhen the specific Max* setting is not defined (MaxCpuSockets, MaxGuest)\nExample: VM is configured with 512Mi of guest memory, if MaxGuest is not\ndefined and MaxHotplugRatio is 2 then MaxGuest = 1Gi\ndefaults to 4", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "localStorageClassName": { + "description": "Deprecated: LocalStorageClassName the name of the local storage class.", + "type": "string" + }, + "logVerbosityConfig": { + "description": "LogVerbosityConfig configures the verbosity level of Kubevirt's different components. The higher\nthe value - the higher the log verbosity.", + "properties": { + "cdi": { + "description": "CDI indicates the log verbosity level that controls the amount of information logged for CDI components.", + "format": "int32", + "type": "integer" + }, + "kubevirt": { + "description": "Kubevirt is a struct that allows specifying the log verbosity level that controls the amount of information\nlogged for each Kubevirt component.", + "properties": { + "nodeVerbosity": { + "additionalProperties": { + "type": "integer" }, + "description": "NodeVerbosity represents a map of nodes with a specific verbosity level", "type": "object" }, - "maxItems": 64, - "type": "array" + "virtAPI": { + "type": "integer" + }, + "virtController": { + "type": "integer" + }, + "virtHandler": { + "type": "integer" + }, + "virtLauncher": { + "type": "integer" + }, + "virtOperator": { + "type": "integer" + }, + "virtSynchronizationController": { + "type": "integer" + } }, - "timeouts": { - "description": "Timeouts defines the timeouts that can be configured for an HTTP request.\n\nSupport: Extended", + "type": "object" + } + }, + "type": "object" + }, + "mediatedDevicesConfiguration": { + "description": "MediatedDevicesConfiguration holds information about MDEV types to be defined on nodes, if available", + "properties": { + "mediatedDeviceTypes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mediatedDevicesTypes": { + "description": "Deprecated: please use mediatedDeviceTypes instead.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nodeMediatedDeviceTypes": { + "items": { + "description": "NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specific node that matches the NodeSelector field.", "properties": { - "backendRequest": { - "description": "BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\nThe value of BackendRequest must be a Gateway API Duration string as defined by\nGEP-2257. When this field is unspecified, its behavior is implementation-specific;\nwhen specified, the value of BackendRequest must be no more than the value of the\nRequest timeout (since the Request timeout encompasses the BackendRequest timeout).\n\nSupport: Extended", - "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", - "type": "string" + "mediatedDeviceTypes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "request": { - "description": "Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\nThe value of Request is a Gateway API Duration string as defined by GEP-2257. When this\nfield is unspecified, request timeout behavior is implementation-specific.\n\nSupport: Extended", - "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", - "type": "string" + "mediatedDevicesTypes": { + "description": "Deprecated: please use mediatedDeviceTypes instead.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" } }, + "required": [ + "nodeSelector" + ], "type": "object", "x-kubernetes-validations": [ { - "message": "backendRequest timeout cannot be longer than request timeout", - "rule": "!(has(self.request) && has(self.backendRequest) && duration(self.request) != duration('0s') && duration(self.backendRequest) > duration(self.request))" + "message": "for nodeMediatedDeviceTypes a non-empty mediatedDeviceTypes or mediatedDevicesTypes(deprecated) is required", + "rule": "(has(self.mediatedDeviceTypes) && size(self.mediatedDeviceTypes)>0) || (has(self.mediatedDevicesTypes) && size(self.mediatedDevicesTypes)>0)" } ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "RequestRedirect filter must not be used together with backendRefs", - "rule": "(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" - }, - { - "message": "When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - }, - { - "message": "When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - }, - { - "message": "Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" }, - { - "message": "Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - } - ] + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "maxItems": 16, - "type": "array", + "type": "object", "x-kubernetes-validations": [ { - "message": "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128", - "rule": "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" + "message": "for mediatedDevicesConfiguration a non-empty mediatedDeviceTypes or mediatedDevicesTypes(deprecated) is required", + "rule": "(has(self.mediatedDeviceTypes) && size(self.mediatedDeviceTypes)>0) || (has(self.mediatedDevicesTypes) && size(self.mediatedDevicesTypes)>0)" } ] - } - }, - "type": "object" - }, - "status": { - "description": "Status defines the current state of HTTPRoute.", - "properties": { - "parents": { - "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", - "items": { - "description": "RouteParentStatus describes the status of a route with respect to an\nassociated Parent.", + }, + "networkBinding": { + "additionalProperties": { "properties": { - "conditions": { - "description": "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n* The Route refers to a nonexistent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "computeResourceOverhead": { + "description": "ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.\nversion: v1alphav1", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } ], - "type": "string" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - "maxItems": 8, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "controllerName": { - "description": "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary.", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "domainAttachmentType": { + "description": "DomainAttachmentType is a standard domain network attachment method kubevirt supports.\nSupported values: \"tap\", \"managedTap\" (since v1.4).\nThe standard domain attachment can be used instead or in addition to the sidecarImage.\nversion: 1alphav1", "type": "string" }, - "parentRef": { - "description": "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of.", + "downwardAPI": { + "description": "DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar.\nSupported values: \"device-info\"\nversion: v1alphav1", + "type": "string" + }, + "migration": { + "description": "Migration means the VM using the plugin can be safely migrated\nversion: 1alphav1", "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "method": { + "description": "Method defines a pre-defined migration methodology\nversion: 1alphav1", "type": "string" + } + }, + "type": "object" + }, + "networkAttachmentDefinition": { + "description": "NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object.\nFormat: , /.\nIf namespace is not specified, VMI namespace is assumed.\nversion: 1alphav1", + "type": "string" + }, + "sidecarImage": { + "description": "SidecarImage references a container image that runs in the virt-launcher pod.\nThe sidecar handles (libvirt) domain configuration and optional services.\nversion: 1alphav1", + "type": "string" + } + }, + "type": "object" + }, + "description": "NetworkBinding defines the network binding plugins.\nThose bindings can be used when defining virtual machine interfaces.", + "type": "object" + }, + "obsoleteCPUs": { + "description": "ObsoleteCPUs allows avoiding scheduling of VMs for obsolete CPU models", + "properties": { + "cpuModels": { + "description": "CPUModels is a list of obsolete CPU models. When the node-labeller obtains the list of obsolete CPU models, it\neliminates those CPU models and creates labels for valid CPU models.\nThe default values for this field is nil, however, HCO uses opinionated values, and adding values to this list\nwill add them to the opinionated values.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "minCPUModel": { + "description": "MinCPUModel is the Minimum CPU model that is used for basic CPU features; e.g. Penryn or Haswell.\nThe default value for this field is nil, but in KubeVirt, the default value is \"Penryn\", if nothing else is set.\nUse this field to override KubeVirt default value.", + "type": "string" + } + }, + "type": "object" + }, + "permittedHostDevices": { + "description": "PermittedHostDevices holds information about devices allowed for passthrough", + "properties": { + "mediatedDevices": { + "items": { + "description": "MediatedHostDevice represents a host mediated device allowed for passthrough", + "properties": { + "disabled": { + "description": "HCO enforces the existence of several MediatedHostDevice objects. Set disabled field to true instead of remove\nthese objects.", + "type": "boolean" }, - "kind": { - "default": "Gateway", - "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" + "externalResourceProvider": { + "description": "indicates that this resource is being provided by an external device plugin", + "type": "boolean" }, - "name": { - "description": "Name is the name of the referent.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, + "mdevNameSelector": { + "description": "name of a mediated device type required to identify a mediated device on a host", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "resourceName": { + "description": "name by which a device is advertised and being requested", "type": "string" + } + }, + "required": [ + "mdevNameSelector", + "resourceName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mdevNameSelector" + ], + "x-kubernetes-list-type": "map" + }, + "pciHostDevices": { + "items": { + "description": "PciHostDevice represents a host PCI device allowed for passthrough", + "properties": { + "disabled": { + "description": "HCO enforces the existence of several PciHostDevice objects. Set disabled field to true instead of remove\nthese objects.", + "type": "boolean" }, - "port": { - "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" + "externalResourceProvider": { + "description": "indicates that this resource is being provided by an external device plugin", + "type": "boolean" }, - "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "pciDeviceSelector": { + "description": "a combination of a vendor_id:product_id required to identify a PCI device on a host.", + "type": "string" + }, + "resourceName": { + "description": "name by which a device is advertised and being requested", "type": "string" } }, "required": [ - "name" + "pciDeviceSelector", + "resourceName" ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "pciDeviceSelector" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "controllerName", - "parentRef" - ], - "type": "object" + "usbHostDevices": { + "items": { + "description": "USBHostDevice represents a host USB device allowed for passthrough", + "properties": { + "disabled": { + "description": "HCO enforces the existence of several USBHostDevice objects. Set disabled field to true instead of remove\nthese objects.", + "type": "boolean" + }, + "externalResourceProvider": { + "description": "If true, KubeVirt will leave the allocation and monitoring to an\nexternal device plugin", + "type": "boolean" + }, + "resourceName": { + "description": "Identifies the list of USB host devices.\ne.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc", + "type": "string" + }, + "selectors": { + "items": { + "description": "USBSelector represents a selector for a USB device allowed for passthrough", + "properties": { + "product": { + "type": "string" + }, + "vendor": { + "type": "string" + } + }, + "required": [ + "product", + "vendor" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "resourceName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "resourceName" + ], + "x-kubernetes-list-type": "map" + } }, - "maxItems": 32, - "type": "array" - } - }, - "required": [ - "parents" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "HTTPRoute", - "version": "v1" - } - ] - }, - "gateway.networking.k8s.io/v1/HTTPRouteList": { - "description": "HTTPRouteList is a list of HTTPRoute", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of httproutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1.HTTPRoute" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "HTTPRouteList", - "version": "v1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/Gateway": { - "description": "Gateway represents an instance of a service-traffic handling infrastructure\nby binding Listeners to a set of IP addresses.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Spec defines the desired state of Gateway.", - "properties": { - "addresses": { - "description": "Addresses requested for this Gateway. This is optional and behavior can\ndepend on the implementation. If a value is set in the spec and the\nrequested address is invalid or unavailable, the implementation MUST\nindicate this in the associated entry in GatewayStatus.Addresses.\n\nThe Addresses field represents a request for the address(es) on the\n\"outside of the Gateway\", that traffic bound for this Gateway will use.\nThis could be the IP address or hostname of an external load balancer or\nother networking infrastructure, or some other address that traffic will\nbe sent to.\n\nIf no Addresses are specified, the implementation MAY schedule the\nGateway in an implementation-specific manner, assigning an appropriate\nset of Addresses.\n\nThe implementation MUST bind all Listeners to every GatewayAddress that\nit assigns to the Gateway and add a corresponding entry in\nGatewayStatus.Addresses.\n\nSupport: Extended", - "items": { - "description": "GatewayAddress describes an address that can be bound to a Gateway.", - "oneOf": [ - { - "properties": { - "type": { - "enum": [ - "IPAddress" - ] - }, - "value": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ] - } - } - }, - { - "properties": { - "type": { - "not": { - "enum": [ - "IPAddress" - ] - } - } - } - } - ], - "properties": { - "type": { - "default": "IPAddress", - "description": "Type of the address.", - "maxLength": 253, - "minLength": 1, - "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string" - }, - "value": { - "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "value" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", - "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" - } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "IPAddress values must be unique", - "rule": "self.all(a1, a1.type == 'IPAddress' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - }, - { - "message": "Hostname values must be unique", - "rule": "self.all(a1, a1.type == 'Hostname' ? self.exists_one(a2, a2.type == a1.type && a2.value == a1.value) : true )" - } - ] - }, - "gatewayClassName": { - "description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.", - "maxLength": 253, - "minLength": 1, - "type": "string" + "type": "object" }, - "infrastructure": { - "description": "Infrastructure defines infrastructure level attributes about this Gateway instance.\n\nSupport: Extended", + "resourceRequirements": { + "default": { + "vmiCPUAllocationRatio": 10 + }, + "description": "ResourceRequirements describes the resource requirements for the operand workloads.", "properties": { - "annotations": { - "additionalProperties": { - "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", - "maxLength": 4096, - "minLength": 0, - "type": "string" - }, - "description": "Annotations that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"annotations\" concepts.\n\nAn implementation may chose to add additional implementation-specific annotations as they see fit.\n\nSupport: Extended", - "maxProperties": 8, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Annotation keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", - "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" + "autoCPULimitNamespaceLabelSelector": { + "description": "When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside\nnamespaces that match the label selector.\nThe CPU limit will equal the number of requested vCPUs.\nThis setting does not apply to VMIs with dedicated CPUs.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "message": "If specified, the annotation key's prefix must be a DNS subdomain not longer than 253 characters in total.", - "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ] - }, - "labels": { - "additionalProperties": { - "description": "LabelValue is the value of a label in the Gateway API. This is used for validation\nof maps such as Gateway infrastructure labels. This matches the Kubernetes\nlabel validation rules:\n* must be 63 characters or less (can be empty),\n* unless empty, must begin and end with an alphanumeric character ([a-z0-9A-Z]),\n* could contain dashes (-), underscores (_), dots (.), and alphanumerics between.\n\nValid values include:\n\n* MyValue\n* my.name\n* 123-my-value", - "maxLength": 63, - "minLength": 0, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" }, - "description": "Labels that SHOULD be applied to any resources created in response to this Gateway.\n\nFor implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.\nFor other implementations, this refers to any relevant (implementation specific) \"labels\" concepts.\n\nAn implementation may chose to add additional implementation-specific labels as they see fit.\n\nIf an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels\nchange, it SHOULD clearly warn about this behavior in documentation.\n\nSupport: Extended", - "maxProperties": 8, "type": "object", - "x-kubernetes-validations": [ - { - "message": "Label keys must be in the form of an optional DNS subdomain prefix followed by a required name segment of up to 63 characters.", - "rule": "self.all(key, key.matches(r\"\"\"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9]$\"\"\"))" - }, - { - "message": "If specified, the label key's prefix must be a DNS subdomain not longer than 253 characters in total.", - "rule": "self.all(key, key.split(\"/\")[0].size() < 253)" - } - ] + "x-kubernetes-map-type": "atomic" }, - "parametersRef": { - "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the Gateway. This is optional if the\ncontroller does not require any additional configuration.\n\nThis follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis\n\nThe Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the Gateway SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nSupport: Implementation-specific", + "storageWorkloads": { + "description": "StorageWorkloads defines the resources requirements for storage workloads. It will propagate to the CDI custom\nresource", "properties": { - "group": { - "description": "Group is the group of the referent.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "group", - "kind", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "listeners": { - "description": "Listeners associated with this Gateway. Listeners define\nlogical endpoints that are bound on this Gateway's addresses.\nAt least one Listener MUST be specified.\n\n## Distinct Listeners\n\nEach Listener in a set of Listeners (for example, in a single Gateway)\nMUST be _distinct_, in that a traffic flow MUST be able to be assigned to\nexactly one listener. (This section uses \"set of Listeners\" rather than\n\"Listeners in a single Gateway\" because implementations MAY merge configuration\nfrom multiple Gateways onto a single data plane, and these rules _also_\napply in that case).\n\nPractically, this means that each listener in a set MUST have a unique\ncombination of Port, Protocol, and, if supported by the protocol, Hostname.\n\nSome combinations of port, protocol, and TLS settings are considered\nCore support and MUST be supported by implementations based on the objects\nthey support:\n\nHTTPRoute\n\n1. HTTPRoute, Port: 80, Protocol: HTTP\n2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided\n\nTLSRoute\n\n1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough\n\n\"Distinct\" Listeners have the following property:\n\n**The implementation can match inbound requests to a single distinct\nListener**.\n\nWhen multiple Listeners share values for fields (for\nexample, two Listeners with the same Port value), the implementation\ncan match requests to only one of the Listeners using other\nListener fields.\n\nWhen multiple listeners have the same value for the Protocol field, then\neach of the Listeners with matching Protocol values MUST have different\nvalues for other fields.\n\nThe set of fields that MUST be different for a Listener differs per protocol.\nThe following rules define the rules for what fields MUST be considered for\nListeners to be distinct with each protocol currently defined in the\nGateway API spec.\n\nThe set of listeners that all share a protocol value MUST have _different_\nvalues for _at least one_ of these fields to be distinct:\n\n* **HTTP, HTTPS, TLS**: Port, Hostname\n* **TCP, UDP**: Port\n\nOne **very** important rule to call out involves what happens when an\nimplementation:\n\n* Supports TCP protocol Listeners, as well as HTTP, HTTPS, or TLS protocol\n Listeners, and\n* sees HTTP, HTTPS, or TLS protocols with the same `port` as one with TCP\n Protocol.\n\nIn this case all the Listeners that share a port with the\nTCP Listener are not distinct and so MUST NOT be accepted.\n\nIf an implementation does not support TCP Protocol Listeners, then the\nprevious rule does not apply, and the TCP Listeners SHOULD NOT be\naccepted.\n\nNote that the `tls` field is not used for determining if a listener is distinct, because\nListeners that _only_ differ on TLS config will still conflict in all cases.\n\n### Listeners that are distinct only by Hostname\n\nWhen the Listeners are distinct based only on Hostname, inbound request\nhostnames MUST match from the most specific to least specific Hostname\nvalues to choose the correct Listener and its associated set of Routes.\n\nExact matches MUST be processed before wildcard matches, and wildcard\nmatches MUST be processed before fallback (empty Hostname value)\nmatches. For example, `\"foo.example.com\"` takes precedence over\n`\"*.example.com\"`, and `\"*.example.com\"` takes precedence over `\"\"`.\n\nAdditionally, if there are multiple wildcard entries, more specific\nwildcard entries must be processed before less specific wildcard entries.\nFor example, `\"*.foo.example.com\"` takes precedence over `\"*.example.com\"`.\n\nThe precise definition here is that the higher the number of dots in the\nhostname to the right of the wildcard character, the higher the precedence.\n\nThe wildcard character will match any number of characters _and dots_ to\nthe left, however, so `\"*.example.com\"` will match both\n`\"foo.bar.example.com\"` _and_ `\"bar.example.com\"`.\n\n## Handling indistinct Listeners\n\nIf a set of Listeners contains Listeners that are not distinct, then those\nListeners are _Conflicted_, and the implementation MUST set the \"Conflicted\"\ncondition in the Listener Status to \"True\".\n\nThe words \"indistinct\" and \"conflicted\" are considered equivalent for the\npurpose of this documentation.\n\nImplementations MAY choose to accept a Gateway with some Conflicted\nListeners only if they only accept the partial Listener set that contains\nno Conflicted Listeners.\n\nSpecifically, an implementation MAY accept a partial Listener set subject to\nthe following rules:\n\n* The implementation MUST NOT pick one conflicting Listener as the winner.\n ALL indistinct Listeners must not be accepted for processing.\n* At least one distinct Listener MUST be present, or else the Gateway effectively\n contains _no_ Listeners, and must be rejected from processing as a whole.\n\nThe implementation MUST set a \"ListenersNotValid\" condition on the\nGateway Status when the Gateway contains Conflicted Listeners whether or\nnot they accept the Gateway. That Condition SHOULD clearly\nindicate in the Message which Listeners are conflicted, and which are\nAccepted. Additionally, the Listener status for those listeners SHOULD\nindicate which Listeners are conflicted and not Accepted.\n\n## General Listener behavior\n\nNote that, for all distinct Listeners, requests SHOULD match at most one Listener.\nFor example, if Listeners are defined for \"foo.example.com\" and \"*.example.com\", a\nrequest to \"foo.example.com\" SHOULD only be routed using routes attached\nto the \"foo.example.com\" Listener (and not the \"*.example.com\" Listener).\n\nThis concept is known as \"Listener Isolation\", and it is an Extended feature\nof Gateway API. Implementations that do not support Listener Isolation MUST\nclearly document this, and MUST NOT claim support for the\n`GatewayHTTPListenerIsolation` feature.\n\nImplementations that _do_ support Listener Isolation SHOULD claim support\nfor the Extended `GatewayHTTPListenerIsolation` feature and pass the associated\nconformance tests.\n\n## Compatible Listeners\n\nA Gateway's Listeners are considered _compatible_ if:\n\n1. They are distinct.\n2. The implementation can serve them in compliance with the Addresses\n requirement that all Listeners are available on all assigned\n addresses.\n\nCompatible combinations in Extended support are expected to vary across\nimplementations. A combination that is compatible for one implementation\nmay not be compatible for another.\n\nFor example, an implementation that cannot serve both TCP and UDP listeners\non the same address, or cannot mix HTTPS and generic TLS listens on the same port\nwould not consider those cases compatible, even though they are distinct.\n\nImplementations MAY merge separate Gateways onto a single set of\nAddresses if all Listeners across all Gateways are compatible.\n\nIn a future release the MinItems=1 requirement MAY be dropped.\n\nSupport: Core", - "items": { - "description": "Listener embodies the concept of a logical endpoint where a Gateway accepts\nnetwork connections.", - "properties": { - "allowedRoutes": { - "default": { - "namespaces": { - "from": "Same" - } - }, - "description": "AllowedRoutes defines the types of routes that MAY be attached to a\nListener and the trusted namespaces where those Route resources MAY be\npresent.\n\nAlthough a client request may match multiple route rules, only one rule\nmay ultimately receive the request. Matching precedence MUST be\ndetermined in order of the following criteria:\n\n* The most specific match as defined by the Route type.\n* The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be\nimplemented. Invalid Route rules can be ignored (sometimes that will mean\nthe full Route). If a Route rule transitions from valid to invalid,\nsupport for that Route rule should be dropped to ensure consistency. For\nexample, even if a filter specified by a Route rule is invalid, the rest\nof the rules within that Route should still be supported.\n\nSupport: Core", - "properties": { - "kinds": { - "description": "Kinds specifies the groups and kinds of Routes that are allowed to bind\nto this Gateway Listener. When unspecified or empty, the kinds of Routes\nselected are determined using the Listener protocol.\n\nA RouteGroupKind MUST correspond to kinds of Routes that are compatible\nwith the application protocol specified in the Listener's Protocol field.\nIf an implementation does not support or recognize this resource type, it\nMUST set the \"ResolvedRefs\" condition to False for this Listener with the\n\"InvalidRouteKinds\" reason.\n\nSupport: Core", - "items": { - "description": "RouteGroupKind indicates the group and kind of a Route resource.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the Route.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is the kind of the Route.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array" - }, - "namespaces": { - "default": { - "from": "Same" - }, - "description": "Namespaces indicates namespaces from which Routes may be attached to this\nListener. This is restricted to the namespace of this Gateway by default.\n\nSupport: Core", + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { - "from": { - "default": "Same", - "description": "From indicates where Routes will be selected for this Gateway. Possible\nvalues are:\n\n* All: Routes in all namespaces may be used by this Gateway.\n* Selector: Routes in namespaces selected by the selector may be used by\n this Gateway.\n* Same: Only Routes in the same namespace may be used by this Gateway.\n\nSupport: Core", - "enum": [ - "All", - "Selector", - "Same", - "None" - ], + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, - "selector": { - "description": "Selector must be specified when From is set to \"Selector\". In that case,\nonly Routes in Namespaces matching this Selector will be selected by this\nGateway. This field is ignored for other values of \"From\".\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, + "required": [ + "name" + ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "type": "object" - }, - "hostname": { - "description": "Hostname specifies the virtual hostname to match for protocol types that\ndefine this concept. When unspecified, all hostnames are matched. This\nfield is ignored for protocols that don't require hostname based\nmatching.\n\nImplementations MUST apply Hostname matching appropriately for each of\nthe following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI.\n* HTTP: The Listener Hostname MUST match the Host header of the request.\n* HTTPS: The Listener Hostname SHOULD match both the SNI and Host header.\n Note that this does not require the SNI and Host header to be the same.\n The semantics of this are described in more detail below.\n\nTo ensure security, Section 11.1 of RFC-6066 emphasizes that server\nimplementations that rely on SNI hostname matching MUST also verify\nhostnames within the application protocol.\n\nSection 9.1.2 of RFC-7540 provides a mechanism for servers to reject the\nreuse of a connection by responding with the HTTP 421 Misdirected Request\nstatus code. This indicates that the origin server has rejected the\nrequest because it appears to have been misdirected.\n\nTo detect misdirected requests, Gateways SHOULD match the authority of\nthe requests with all the SNI hostname(s) configured across all the\nGateway Listeners on the same port and protocol:\n\n* If another Listener has an exact match or more specific wildcard entry,\n the Gateway SHOULD return a 421.\n* If the current Listener (selected by SNI matching during ClientHello)\n does not match the Host:\n * If another Listener does match the Host the Gateway SHOULD return a\n 421.\n * If no other Listener matches the Host, the Gateway MUST return a\n 404.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the\n`spec.hostnames` array. When both listener and route specify hostnames,\nthere MUST be an intersection between the values for a Route to be\naccepted. For more information, refer to the Route specific Hostnames\ndocumentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "name": { - "description": "Name is the name of the Listener. This name MUST be unique within a\nGateway.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "port": { - "description": "Port is the network port. Multiple listeners may use the\nsame port, subject to the Listener compatibility rules.\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "description": "Protocol specifies the network protocol this listener expects to receive.\n\nSupport: Core", - "maxLength": 255, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9]+$", - "type": "string" - }, - "tls": { - "description": "TLS is the TLS configuration for the Listener. This field is required if\nthe Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field\nif the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is\ndefined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all\navailable certificates for any TLS handshake.\n\nSupport: Core", - "properties": { - "certificateRefs": { - "description": "CertificateRefs contains a series of references to Kubernetes objects that\ncontains TLS certificates and private keys. These certificates are used to\nestablish a TLS handshake for requests that match the hostname of the\nassociated listener.\n\nA single CertificateRef to a Kubernetes Secret has \"Core\" support.\nImplementations MAY choose to support attaching multiple certificates to\na Listener, but this behavior is implementation-specific.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nThis field is required to have at least one element when the mode is set\nto \"Terminate\" (default) and is optional otherwise.\n\nCertificateRefs can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nSupport: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls\n\nSupport: Implementation-specific (More than one reference or other resource types)", - "items": { - "description": "SecretObjectReference identifies an API object including its namespace,\ndefaulting to Secret.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.", - "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Secret", - "description": "Kind is kind of the referent. For example \"Secret\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - } + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 64, - "type": "array" - }, - "mode": { - "default": "Terminate", - "description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core", - "enum": [ - "Terminate", - "Passthrough" + { + "type": "string" + } ], - "type": "string" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "options": { - "additionalProperties": { - "description": "AnnotationValue is the value of an annotation in Gateway API. This is used\nfor validation of maps such as TLS options. This roughly matches Kubernetes\nannotation validation, although the length validation in that case is based\non the entire size of the annotations struct.", - "maxLength": 4096, - "minLength": 0, - "type": "string" - }, - "description": "Options are a list of key/value pairs to enable extended TLS\nconfiguration for each implementation. For example, configuring the\nminimum TLS version or supported cipher suites.\n\nA set of common keys MAY be defined by the API in the future. To avoid\nany ambiguity, implementation-specific definitions MUST use\ndomain-prefixed names, such as `example.com/my-custom-option`.\nUn-prefixed names are reserved for key names defined by Gateway API.\n\nSupport: Implementation-specific", - "maxProperties": 16, - "type": "object" - } + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "certificateRefs or options must be specified when mode is Terminate", - "rule": "self.mode == 'Terminate' ? size(self.certificateRefs) > 0 || size(self.options) > 0 : true" - } - ] - } - }, - "required": [ - "name", - "port", - "protocol" - ], - "type": "object" - }, - "maxItems": 64, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "tls must not be specified for protocols ['HTTP', 'TCP', 'UDP']", - "rule": "self.all(l, l.protocol in ['HTTP', 'TCP', 'UDP'] ? !has(l.tls) : true)" - }, - { - "message": "tls mode must be Terminate for protocol HTTPS", - "rule": "self.all(l, (l.protocol == 'HTTPS' && has(l.tls)) ? (l.tls.mode == '' || l.tls.mode == 'Terminate') : true)" - }, - { - "message": "hostname must not be specified for protocols ['TCP', 'UDP']", - "rule": "self.all(l, l.protocol in ['TCP', 'UDP'] ? (!has(l.hostname) || l.hostname == '') : true)" - }, - { - "message": "Listener name must be unique within the Gateway", - "rule": "self.all(l1, self.exists_one(l2, l1.name == l2.name))" - }, - { - "message": "Combination of port, protocol and hostname must be unique for each listener", - "rule": "self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))" - } - ] - } - }, - "required": [ - "gatewayClassName", - "listeners" - ], - "type": "object" - }, - "status": { - "default": { - "conditions": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - }, - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Programmed" - } - ] - }, - "description": "Status defines the current state of Gateway.", - "properties": { - "addresses": { - "description": "Addresses lists the network addresses that have been bound to the\nGateway.\n\nThis list may differ from the addresses provided in the spec under some\nconditions:\n\n * no addresses are specified, all addresses are dynamically assigned\n * a combination of specified and dynamic addresses are assigned\n * a specified address was unusable (e.g. already in use)", - "items": { - "description": "GatewayStatusAddress describes a network address that is bound to a Gateway.", - "oneOf": [ - { - "properties": { - "type": { - "enum": [ - "IPAddress" - ] - }, - "value": { + "requests": { + "additionalProperties": { "anyOf": [ { - "format": "ipv4" + "type": "integer" }, { - "format": "ipv6" + "type": "string" } - ] - } - } - }, - { - "properties": { - "type": { - "not": { - "enum": [ - "IPAddress" - ] - } - } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } - } - ], - "properties": { - "type": { - "default": "IPAddress", - "description": "Type of the address.", - "maxLength": 253, - "minLength": 1, - "pattern": "^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string" }, - "value": { - "description": "Value of the address. The validity of the values will depend\non the type and support by the controller.\n\nExamples: `1.2.3.4`, `128::1`, `my-ip-address`.", - "maxLength": 253, - "minLength": 1, - "type": "string" - } + "type": "object" }, - "required": [ - "value" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Hostname value must only contain valid characters (matching ^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)", - "rule": "self.type == 'Hostname' ? self.value.matches(r\"\"\"^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\"\"\"): true" - } - ] + "vmiCPUAllocationRatio": { + "default": 10, + "description": "VmiCPUAllocationRatio defines, for each requested virtual CPU,\nhow much physical CPU to request per VMI from the\nhosting node. The value is in fraction of a CPU thread (or\ncore on non-hyperthreaded nodes).\nVMI POD CPU request = number of vCPUs * 1/vmiCPUAllocationRatio\nFor example, a value of 1 means 1 physical CPU thread per VMI CPU thread.\nA value of 100 would be 1% of a physical thread allocated for each\nrequested VMI thread.\nThis option has no effect on VMIs that request dedicated CPUs.\nDefaults to 10", + "minimum": 1, + "type": "integer" + } }, - "maxItems": 16, - "type": "array" - }, - "conditions": { - "default": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - }, + "type": "object", + "x-kubernetes-validations": [ { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Programmed" + "message": "vmiCPUAllocationRatio must be greater than 0", + "rule": "!has(self.vmiCPUAllocationRatio) || self.vmiCPUAllocationRatio > 0" } - ], - "description": "Conditions describe the current conditions of the Gateway.\n\nImplementations should prefer to express Gateway conditions\nusing the `GatewayConditionType` and `GatewayConditionReason`\nconstants so that operators and tools can converge on a common\nvocabulary to describe Gateway state.\n\nKnown condition types are:\n\n* \"Accepted\"\n* \"Programmed\"\n* \"Ready\"", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + ] }, - "listeners": { - "description": "Listeners provide status for each unique listener port defined in the Spec.", - "items": { - "description": "ListenerStatus is the status associated with a Listener.", - "properties": { - "attachedRoutes": { - "description": "AttachedRoutes represents the total number of Routes that have been\nsuccessfully attached to this Listener.\n\nSuccessful attachment of a Route to a Listener is based solely on the\ncombination of the AllowedRoutes field on the corresponding Listener\nand the Route's ParentRefs field. A Route is successfully attached to\na Listener when it is selected by the Listener's AllowedRoutes field\nAND the Route has a valid ParentRef selecting the whole Gateway\nresource or a specific Listener as a parent resource (more detail on\nattachment semantics can be found in the documentation on the various\nRoute kinds ParentRefs fields). Listener or Route status does not impact\nsuccessful attachment, i.e. the AttachedRoutes field count MUST be set\nfor Listeners with condition Accepted: false and MUST count successfully\nattached Routes that may themselves have Accepted: false conditions.\n\nUses for this field include troubleshooting Route attachment and\nmeasuring blast radius/impact of changes to a Listener.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "Conditions describe the current condition of this listener.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "name": { - "description": "Name is the name of the Listener that this status corresponds to.", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "scratchSpaceStorageClass": { + "description": "Override the storage class used for scratch space during transfer operations. The scratch space storage class\nis determined in the following order:\nvalue of scratchSpaceStorageClass, if that doesn't exist, use the default storage class, if there is no default\nstorage class, use the storage class of the DataVolume, if no storage class specified, use no storage class for\nscratch space", + "type": "string" + }, + "storageImport": { + "description": "StorageImport contains configuration for importing containerized data", + "properties": { + "insecureRegistries": { + "description": "InsecureRegistries is a list of image registries URLs that are not secured. Setting an insecure registry URL\nin this list allows pulling images from this registry.", + "items": { "type": "string" }, - "supportedKinds": { - "description": "SupportedKinds is the list indicating the Kinds supported by this\nlistener. This MUST represent the kinds an implementation supports for\nthat Listener configuration.\n\nIf kinds are specified in Spec that are not supported, they MUST NOT\nappear in this list and an implementation MUST set the \"ResolvedRefs\"\ncondition to \"False\" with the \"InvalidRouteKinds\" reason. If both valid\nand invalid Route kinds are specified, the implementation MUST\nreference the valid Route kinds that have been specified.", - "items": { - "description": "RouteGroupKind indicates the group and kind of a Route resource.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the Route.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is the kind of the Route.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array" - } - }, - "required": [ - "attachedRoutes", - "conditions", - "name", - "supportedKinds" - ], - "type": "object" - }, - "maxItems": 64, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "Gateway", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/GatewayClass": { - "description": "GatewayClass describes a class of Gateways available to the user for creating\nGateway resources.\n\nIt is recommended that this resource be used as a template for Gateways. This\nmeans that a Gateway is based on the state of the GatewayClass at the time it\nwas created and changes to the GatewayClass or associated parameters are not\npropagated down to existing Gateways. This recommendation is intended to\nlimit the blast radius of changes to GatewayClass or associated parameters.\nIf implementations choose to propagate GatewayClass changes to existing\nGateways, that MUST be clearly documented by the implementation.\n\nWhenever one or more Gateways are using a GatewayClass, implementations SHOULD\nadd the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the\nassociated GatewayClass. This ensures that a GatewayClass associated with a\nGateway is not deleted while in use.\n\nGatewayClass is a Cluster level resource.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Spec defines the desired state of GatewayClass.", - "properties": { - "controllerName": { - "description": "ControllerName is the name of the controller that is managing Gateways of\nthis class. The value of this field MUST be a domain prefixed path.\n\nExample: \"example.net/gateway-controller\".\n\nThis field is not mutable and cannot be empty.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Value is immutable", - "rule": "self == oldSelf" + "type": "array", + "x-kubernetes-list-type": "set" } - ] + }, + "type": "object" }, - "description": { - "description": "Description helps describe a GatewayClass with more details.", - "maxLength": 64, + "tektonPipelinesNamespace": { + "description": "TektonPipelinesNamespace defines namespace in which example pipelines will be deployed.\nIf unset, then the default value is the operator namespace.\nDeprecated: This field is ignored.", "type": "string" }, - "parametersRef": { - "description": "ParametersRef is a reference to a resource that contains the configuration\nparameters corresponding to the GatewayClass. This is optional if the\ncontroller does not require any additional configuration.\n\nParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,\nor an implementation-specific custom resource. The resource can be\ncluster-scoped or namespace-scoped.\n\nIf the referent cannot be found, refers to an unsupported kind, or when\nthe data within that resource is malformed, the GatewayClass SHOULD be\nrejected with the \"Accepted\" status condition set to \"False\" and an\n\"InvalidParameters\" reason.\n\nA Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,\nthe merging behavior is implementation specific.\nIt is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.\n\nSupport: Implementation-specific", + "tektonTasksNamespace": { + "description": "TektonTasksNamespace defines namespace in which tekton tasks will be deployed.\nIf unset, then the default value is the operator namespace.\nDeprecated: This field is ignored.", + "type": "string" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile specifies the settings for TLS connections to be propagated to all kubevirt-hyperconverged components.\nIf unset, the hyperconverged cluster operator will consume the value set on the APIServer CR on OCP/OKD or Intermediate if on vanilla k8s.\nNote that only Old, Intermediate and Custom profiles are currently supported, and the maximum available\nMinTLSVersions is VersionTLS12.", "properties": { - "group": { - "description": "Group is the group of the referent.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" }, - "kind": { - "description": "Kind is kind of the referent.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, + "type": "object" }, - "namespace": { - "description": "Namespace is the namespace of the referent.\nThis field is required when referring to a Namespace-scoped resource and\nMUST be unset when referring to a Cluster-scoped resource.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], "type": "string" } }, - "required": [ - "group", - "kind", - "name" - ], "type": "object" - } - }, - "required": [ - "controllerName" - ], - "type": "object" - }, - "status": { - "default": { - "conditions": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - } - ] - }, - "description": "Status defines the current state of GatewayClass.\n\nImplementations MUST populate status on all GatewayClass resources which\nspecify their controller name.", - "properties": { - "conditions": { - "default": [ - { - "lastTransitionTime": "1970-01-01T00:00:00Z", - "message": "Waiting for controller", - "reason": "Pending", - "status": "Unknown", - "type": "Accepted" - } + }, + "tuningPolicy": { + "description": "TuningPolicy allows to configure the mode in which the RateLimits of kubevirt are set.\nIf TuningPolicy is not present the default kubevirt values are used.\nIt can be set to `annotation` for fine-tuning the kubevirt queryPerSeconds (qps) and burst values.\nQps and burst values are taken from the annotation hco.kubevirt.io/tuningPolicy", + "enum": [ + "annotation", + "highBurst" ], - "description": "Conditions is the current status from the controller for\nthis GatewayClass.\n\nControllers should prefer to publish conditions using values\nof GatewayClassConditionType for the type of each Condition.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" + "type": "string" + }, + "uninstallStrategy": { + "default": "BlockUninstallIfWorkloadsExist", + "description": "UninstallStrategy defines how to proceed on uninstall when workloads (VirtualMachines, DataVolumes) still exist.\nBlockUninstallIfWorkloadsExist will prevent the CR from being removed when workloads still exist.\nBlockUninstallIfWorkloadsExist is the safest choice to protect your workloads from accidental data loss, so it's strongly advised.\nRemoveWorkloads will cause all the workloads to be cascading deleted on uninstallation.\nWARNING: please notice that RemoveWorkloads will cause your workloads to be deleted as soon as this CR will be, even accidentally, deleted.\nPlease correctly consider the implications of this option before setting it.\nBlockUninstallIfWorkloadsExist is the default behaviour.", + "enum": [ + "RemoveWorkloads", + "BlockUninstallIfWorkloadsExist" ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "GatewayClass", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/GatewayClassList": { - "description": "GatewayClassList is a list of GatewayClass", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of gatewayclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.GatewayClass" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "GatewayClassList", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/GatewayList": { - "description": "GatewayList is a list of Gateway", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of gateways. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.Gateway" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "GatewayList", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/HTTPRoute": { - "description": "HTTPRoute provides a way to route HTTP requests. This includes the capability\nto match requests by hostname, path, header, or query param. Filters can be\nused to specify additional processing steps. Backends specify where matching\nrequests should be routed.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Spec defines the desired state of HTTPRoute.", - "properties": { - "hostnames": { - "description": "Hostnames defines a set of hostnames that should match against the HTTP Host\nheader to select a HTTPRoute used to process the request. Implementations\nMUST ignore any port value specified in the HTTP Host header while\nperforming a match and (absent of any applicable header modification\nconfiguration) MUST forward this header unmodified to the backend.\n\nValid values for Hostnames are determined by RFC 1123 definition of a\nhostname with 2 notable exceptions:\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nIf a hostname is specified by both the Listener and HTTPRoute, there\nmust be at least one intersecting hostname for the HTTPRoute to be\nattached to the Listener. For example:\n\n* A Listener with `test.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches HTTPRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `*.example.com`, `test.example.com`, and `foo.test.example.com` would\n all match. On the other hand, `example.com` and `test.example.net` would\n not match.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nIf both the Listener and HTTPRoute have specified hostnames, any\nHTTPRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nHTTPRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` must not be considered for a match.\n\nIf both the Listener and HTTPRoute have specified hostnames, and none\nmatch with the criteria above, then the HTTPRoute is not accepted. The\nimplementation must raise an 'Accepted' Condition with a status of\n`False` in the corresponding RouteParentStatus.\n\nIn the event that multiple HTTPRoutes specify intersecting hostnames (e.g.\noverlapping wildcard matching and exact matching hostnames), precedence must\nbe given to rules from the HTTPRoute with the largest number of:\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n\nIf ties exist across multiple Routes, the matching precedence rules for\nHTTPRouteMatches takes over.\n\nSupport: Core", - "items": { - "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", - "maxLength": 253, - "minLength": 1, - "pattern": "^(\\*\\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "maxItems": 16, - "type": "array" + "type": "string" }, - "parentRefs": { - "description": "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nParentRefs must be _distinct_. This means either that:\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\nSome examples:\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.", - "items": { - "description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Gateway", - "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "vddkInitImage": { + "description": "VDDK Init Image eventually used to import VMs from external providers\n\nDeprecated: please use the Migration Toolkit for Virtualization", + "type": "string" + }, + "virtualMachineOptions": { + "default": { + "disableFreePageReporting": false, + "disableSerialConsoleLog": false }, - "maxItems": 32, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "sectionName must be specified when parentRefs includes 2 or more references to the same parent", - "rule": "self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))" + "description": "VirtualMachineOptions holds the cluster level information regarding the virtual machine.", + "properties": { + "disableFreePageReporting": { + "default": false, + "description": "DisableFreePageReporting disable the free page reporting of\nmemory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device.\nThis will have effect only if AutoattachMemBalloon is not false and the vmi is not\nrequesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled.", + "type": "boolean" }, - { - "message": "sectionName must be unique when parentRefs includes 2 or more references to the same parent", - "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))" + "disableSerialConsoleLog": { + "default": false, + "description": "DisableSerialConsoleLog disables logging the auto-attached default serial console.\nIf not set, serial console logs will be written to a file and then streamed from a container named `guest-console-log`.\nThe value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled for the VM.", + "type": "boolean" } - ] + }, + "type": "object" }, - "rules": { - "default": [ - { - "matches": [ - { - "path": { - "type": "PathPrefix", - "value": "/" - } - } - ] + "vmStateStorageClass": { + "description": "VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.", + "type": "string" + }, + "workloadUpdateStrategy": { + "default": { + "batchEvictionInterval": "1m0s", + "batchEvictionSize": 10, + "workloadUpdateMethods": [ + "LiveMigrate" + ] + }, + "description": "WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates", + "properties": { + "batchEvictionInterval": { + "default": "1m0s", + "description": "BatchEvictionInterval Represents the interval to wait before issuing the next\nbatch of shutdowns", + "type": "string" + }, + "batchEvictionSize": { + "default": 10, + "description": "BatchEvictionSize Represents the number of VMIs that can be forced updated per\nthe BatchShutdownInterval interval", + "type": "integer" + }, + "workloadUpdateMethods": { + "default": [ + "LiveMigrate" + ], + "description": "WorkloadUpdateMethods defines the methods that can be used to disrupt workloads\nduring automated workload updates.\nWhen multiple methods are present, the least disruptive method takes\nprecedence over more disruptive methods. For example if both LiveMigrate and Evict\nmethods are listed, only VMs which are not live migratable will be restarted/shutdown.\nAn empty list defaults to no automated workload updating.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } + }, + "required": [ + "workloadUpdateMethods" ], - "description": "Rules are a list of HTTP matchers, filters and actions.", - "items": { - "description": "HTTPRouteRule defines semantics for matching an HTTP request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", - "properties": { - "backendRefs": { - "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive a 500 status code.\n\nSee the HTTPBackendRef definition for the rules about what makes a single\nHTTPBackendRef invalid.\n\nWhen a HTTPBackendRef is invalid, 500 status codes MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive a 500 status code.\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic must receive a 500. Implementations may\nchoose how that 50 percent is determined.\n\nWhen a HTTPBackendRef refers to a Service that has no ready endpoints,\nimplementations SHOULD return a 503 for requests to that backend instead.\nIf an implementation chooses to do this, all of the above rules for 500 responses\nMUST also apply for responses that return a 503.\n\nSupport: Core for Kubernetes Service\n\nSupport: Extended for Kubernetes ServiceImport\n\nSupport: Implementation-specific for any other resource\n\nSupport for weight: Core", - "items": { - "description": "HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.", + "type": "object" + }, + "workloads": { + "description": "workloads HyperConvergedConfig influences the pod configuration (currently only placement) of components\nwhich need to be running on a node where virtualization workloads should be able to run.\nChanges to Workloads HyperConvergedConfig can be applied only without existing workload.", + "properties": { + "nodePlacement": { + "description": "NodePlacement describes node scheduling configuration.", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", "properties": { - "filters": { - "description": "Filters defined at this level should be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in HTTPRouteRule.)", - "items": { - "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", - "properties": { - "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { - "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "group", - "kind", - "name" + "preference", + "weight" ], "type": "object" }, - "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" - } - ] - }, - "fraction": { - "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "properties": { - "denominator": { - "default": 100, - "format": "int32", - "minimum": 1, - "type": "integer" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "numerator": { - "format": "int32", - "minimum": 0, - "type": "integer" + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, "required": [ - "numerator" + "topologyKey" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "numerator must be less than or equal to denominator", - "rule": "self.numerator <= self.denominator" - } - ] + "type": "object" }, - "percent": { - "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "format": "int32", - "maximum": 100, - "minimum": 0, "type": "integer" } }, "required": [ - "backendRef" + "podAffinityTerm", + "weight" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", - "rule": "!(has(self.percent) && has(self.fraction))" - } - ] + "type": "object" }, - "requestRedirect": { - "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "hostname": { - "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "path": { - "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "type" - ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" - }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" - }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] - }, - "port": { - "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "scheme": { - "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", - "enum": [ - "http", - "https" - ], - "type": "string" + "x-kubernetes-map-type": "atomic" }, - "statusCode": { - "default": 302, - "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", - "enum": [ - 301, - 302 - ], - "type": "integer" - } - }, - "type": "object" - }, - "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "string" }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "RequestHeaderModifier", - "ResponseHeaderModifier", - "RequestMirror", - "RequestRedirect", - "URLRewrite", - "ExtensionRef" - ], - "type": "string" - }, - "urlRewrite": { - "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", - "properties": { - "hostname": { - "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "path": { - "description": "Path defines a path rewrite.\n\nSupport: Extended", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "type" - ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" - }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" - }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", - "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" - }, - { - "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", - "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", - "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", - "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" - }, - { - "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", - "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" - }, - { - "message": "filter.requestMirror must be specified for RequestMirror filter.type", - "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" - }, - { - "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", - "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" - }, - { - "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", - "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" - }, - { - "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", - "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" - }, - { - "message": "filter.urlRewrite must be specified for URLRewrite filter.type", - "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" - }, - { - "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", - "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" }, - { - "message": "filter.extensionRef must be specified for ExtensionRef filter.type", - "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" - } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "RequestHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" - }, - { - "message": "ResponseHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" - }, - { - "message": "RequestRedirect filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" - }, - { - "message": "URLRewrite filter cannot be repeated", - "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" - } - ] - }, - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "weight": { - "default": 1, - "description": "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\nSupport for this field varies based on the context where used.", - "format": "int32", - "maximum": 1000000, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" - } - ] - }, - "maxItems": 16, - "type": "array" - }, - "filters": { - "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\nWherever possible, implementations SHOULD implement filters in the order\nthey are specified.\n\nImplementations MAY choose to implement this ordering strictly, rejecting\nany combination or order of filters that cannot be supported. If implementations\nchoose a strict interpretation of filter ordering, they MUST clearly document\nthat behavior.\n\nTo reject an invalid combination or order of filters, implementations SHOULD\nconsider the Route Rules with this configuration invalid. If all Route Rules\nin a Route are invalid, the entire Route would be considered invalid. If only\na portion of Route Rules are invalid, implementations MUST set the\n\"PartiallyInvalid\" condition for the Route.\n\nConformance-levels at this level are defined based on the type of filter:\n\n- ALL core filters MUST be supported by all implementations.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\nAll filters are expected to be compatible with each other except for the\nURLRewrite and RequestRedirect filters, which may not be combined. If an\nimplementation cannot support other combinations of filters, they must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\nSupport: Core", - "items": { - "description": "HTTPRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. HTTPRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", - "properties": { - "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\nThis filter can be used multiple times within the same rule.\n\nSupport: Implementation-specific", - "properties": { - "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "group", - "kind", - "name" - ], "type": "object" }, - "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\nSupport: Core", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name", - "value" + "podAffinityTerm", + "weight" ], "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { - "type": "string" - }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "name", - "value" + "topologyKey" ], "type": "object" }, - "maxItems": 16, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } }, "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\nSupport: Extended", - "properties": { - "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent.\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\nSupport: Extended for Kubernetes Service\n\nSupport: Implementation-specific for any other resource", - "properties": { - "group": { - "default": "", - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Service", - "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\nDefaults to \"Service\" when not specified.\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\nSupport: Core (Services with a type other than ExternalName)\n\nSupport: Implementation-specific (Services with type ExternalName)", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "HyperConvergedStatus defines the observed state of HyperConverged", + "properties": { + "conditions": { + "description": "Conditions describes the state of the HyperConverged resource.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataImportCronTemplates": { + "description": "DataImportCronTemplates is a list of the actual DataImportCronTemplates as HCO update in the SSP CR. The list\ncontains both the common and the custom templates, including any modification done by HCO.", + "items": { + "description": "DataImportCronTemplateStatus is a copy of a dataImportCronTemplate as defined in the spec, or in the HCO image.", + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "DataImportCronSpec defines specification for DataImportCron", + "properties": { + "garbageCollect": { + "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", + "type": "string" + }, + "importsToKeep": { + "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", + "format": "int32", + "type": "integer" + }, + "managedDataSource": { + "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", + "type": "string" + }, + "retentionPolicy": { + "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", + "type": "string" + }, + "schedule": { + "description": "Schedule specifies in cron format when and how often to look for new imports", + "type": "string" + }, + "template": { + "description": "Template specifies template for the DVs to be created", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "port": { - "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Must have port for Service reference", - "rule": "(size(self.group) == 0 && self.kind == 'Service') ? has(self.port) : true" - } - ] - }, - "fraction": { - "description": "Fraction represents the fraction of requests that should be\nmirrored to BackendRef.\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "properties": { - "denominator": { - "default": 100, - "format": "int32", - "minimum": 1, - "type": "integer" - }, - "numerator": { - "format": "int32", - "minimum": 0, - "type": "integer" - } + "type": "object" }, - "required": [ - "numerator" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "numerator must be less than or equal to denominator", - "rule": "self.numerator <= self.denominator" - } - ] - }, - "percent": { - "description": "Percent represents the percentage of requests that should be\nmirrored to BackendRef. Its minimum value is 0 (indicating 0% of\nrequests) and its maximum value is 100 (indicating 100% of requests).\n\nOnly one of Fraction or Percent may be specified. If neither field\nis specified, 100% of requests will be mirrored.", - "format": "int32", - "maximum": 100, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "backendRef" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of percent or fraction may be specified in HTTPRequestMirrorFilter", - "rule": "!(has(self.percent) && has(self.fraction))" - } - ] - }, - "requestRedirect": { - "description": "RequestRedirect defines a schema for a filter that responds to the\nrequest with an HTTP redirection.\n\nSupport: Core", - "properties": { - "hostname": { - "description": "Hostname is the hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname in the `Host` header of the request is used.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "path": { - "description": "Path defines parameters used to modify the path of the incoming request.\nThe modified path is then used to construct the `Location` header. When\nempty, the request path is used as-is.\n\nSupport: Extended", - "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, + "finalizers": { + "items": { "type": "string" }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, + "type": "array" + }, + "labels": { + "additionalProperties": { "type": "string" }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" - } + "type": "object" }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" - }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" - }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] - }, - "port": { - "description": "Port is the port to be used in the value of the `Location`\nheader in the response.\n\nIf no port is specified, the redirect port MUST be derived using the\nfollowing rules:\n\n* If redirect scheme is not-empty, the redirect port MUST be the well-known\n port associated with the redirect scheme. Specifically \"http\" to port 80\n and \"https\" to port 443. If the redirect scheme does not have a\n well-known port, the listener port of the Gateway SHOULD be used.\n* If redirect scheme is empty, the redirect port MUST be the Gateway\n Listener port.\n\nImplementations SHOULD NOT add the port number in the 'Location'\nheader in the following cases:\n\n* A Location header that will use HTTP (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 80.\n* A Location header that will use HTTPS (whether that is determined via\n the Listener protocol or the Scheme field) _and_ use port 443.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "scheme": { - "description": "Scheme is the scheme to be used in the value of the `Location` header in\nthe response. When empty, the scheme of the request is used.\n\nScheme redirects can affect the port of the redirect, for more information,\nrefer to the documentation for the port field of this filter.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Extended", - "enum": [ - "http", - "https" - ], - "type": "string" + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "statusCode": { - "default": 302, - "description": "StatusCode is the HTTP status code to be used in response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.\n\nSupport: Core", - "enum": [ - 301, - 302 - ], - "type": "integer" - } + "type": "object" }, - "type": "object" - }, - "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\nSupport: Extended", - "properties": { - "add": { - "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", - "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, - "type": "string" - } + "required": [ + "current", + "previous" + ], + "type": "object" }, - "required": [ - "name", - "value" + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" ], - "type": "object" + "type": "string" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", - "items": { + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", "type": "string" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "set": { - "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", - "items": { - "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", + "pvc": { + "description": "PVC is the PVC specification", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "name", - "value" - ], "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "type": { - "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations must support core filters.\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n- Implementation-specific: Filters that are defined and supported by\n specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` should be set to\n \"ExtensionRef\" for custom filters.\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "RequestHeaderModifier", - "ResponseHeaderModifier", - "RequestMirror", - "RequestRedirect", - "URLRewrite", - "ExtensionRef" - ], - "type": "string" - }, - "urlRewrite": { - "description": "URLRewrite defines a schema for a filter that modifies a request during forwarding.\n\nSupport: Extended", - "properties": { - "hostname": { - "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.\n\nSupport: Extended", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "path": { - "description": "Path defines a path rewrite.\n\nSupport: Extended", - "properties": { - "replaceFullPath": { - "description": "ReplaceFullPath specifies the value with which to replace the full path\nof a request during a rewrite or redirect.", - "maxLength": 1024, - "type": "string" - }, - "replacePrefixMatch": { - "description": "ReplacePrefixMatch specifies the value with which to replace the prefix\nmatch of a request during a rewrite or redirect. For example, a request\nto \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch\nof \"/xyz\" would be modified to \"/xyz/bar\".\n\nNote that this matches the behavior of the PathPrefix match type. This\nmatches full path elements. A path element refers to the list of labels\nin the path split by the `/` separator. When specified, a trailing `/` is\nignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all\nmatch the prefix `/abc`, but the path `/abcd` would not.\n\nReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.\nUsing any other HTTPRouteMatch type on the same HTTPRouteRule will result in\nthe implementation setting the Accepted Condition for the Route to `status: False`.\n\nRequest Path | Prefix Match | Replace Prefix | Modified Path", - "maxLength": 1024, - "type": "string" + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } }, - "type": { - "description": "Type defines the type of path modifier. Additional types may be\nadded in a future release of the API.\n\nNote that values may be added to this enum, implementations\nmust ensure that unknown values will not cause a crash.\n\nUnknown values here must result in the implementation setting the\nAccepted Condition for the Route to `status: False`, with a\nReason of `UnsupportedValue`.", - "enum": [ - "ReplaceFullPath", - "ReplacePrefixMatch" - ], - "type": "string" - } + "type": "object" }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "replaceFullPath must be specified when type is set to 'ReplaceFullPath'", - "rule": "self.type == 'ReplaceFullPath' ? has(self.replaceFullPath) : true" - }, - { - "message": "type must be 'ReplaceFullPath' when replaceFullPath is set", - "rule": "has(self.replaceFullPath) ? self.type == 'ReplaceFullPath' : true" + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } }, - { - "message": "replacePrefixMatch must be specified when type is set to 'ReplacePrefixMatch'", - "rule": "self.type == 'ReplacePrefixMatch' ? has(self.replacePrefixMatch) : true" + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } }, - { - "message": "type must be 'ReplacePrefixMatch' when replacePrefixMatch is set", - "rule": "has(self.replacePrefixMatch) ? self.type == 'ReplacePrefixMatch' : true" - } - ] - } + "type": "object" + } + }, + "type": "object" }, - "type": "object" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier", - "rule": "!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" - }, - { - "message": "filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type", - "rule": "!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier", - "rule": "!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" - }, - { - "message": "filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type", - "rule": "!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" - }, - { - "message": "filter.requestMirror must be nil if the filter.type is not RequestMirror", - "rule": "!(has(self.requestMirror) && self.type != 'RequestMirror')" - }, - { - "message": "filter.requestMirror must be specified for RequestMirror filter.type", - "rule": "!(!has(self.requestMirror) && self.type == 'RequestMirror')" - }, - { - "message": "filter.requestRedirect must be nil if the filter.type is not RequestRedirect", - "rule": "!(has(self.requestRedirect) && self.type != 'RequestRedirect')" - }, - { - "message": "filter.requestRedirect must be specified for RequestRedirect filter.type", - "rule": "!(!has(self.requestRedirect) && self.type == 'RequestRedirect')" - }, - { - "message": "filter.urlRewrite must be nil if the filter.type is not URLRewrite", - "rule": "!(has(self.urlRewrite) && self.type != 'URLRewrite')" - }, - { - "message": "filter.urlRewrite must be specified for URLRewrite filter.type", - "rule": "!(!has(self.urlRewrite) && self.type == 'URLRewrite')" - }, - { - "message": "filter.extensionRef must be nil if the filter.type is not ExtensionRef", - "rule": "!(has(self.extensionRef) && self.type != 'ExtensionRef')" - }, - { - "message": "filter.extensionRef must be specified for ExtensionRef filter.type", - "rule": "!(!has(self.extensionRef) && self.type == 'ExtensionRef')" - } - ] - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "May specify either httpRouteFilterRequestRedirect or httpRouteFilterRequestRewrite, but not both", - "rule": "!(self.exists(f, f.type == 'RequestRedirect') && self.exists(f, f.type == 'URLRewrite'))" - }, - { - "message": "RequestHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" - }, - { - "message": "ResponseHeaderModifier filter cannot be repeated", - "rule": "self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" - }, - { - "message": "RequestRedirect filter cannot be repeated", - "rule": "self.filter(f, f.type == 'RequestRedirect').size() <= 1" - }, - { - "message": "URLRewrite filter cannot be repeated", - "rule": "self.filter(f, f.type == 'URLRewrite').size() <= 1" - } - ] - }, - "matches": { - "default": [ - { - "path": { - "type": "PathPrefix", - "value": "/" - } - } - ], - "description": "Matches define conditions used for matching the rule against incoming\nHTTP requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\nFor example, take the following matches configuration:\n\n```\nmatches:\n- path:\n value: \"/foo\"\n headers:\n - name: \"version\"\n value: \"v2\"\n- path:\n value: \"/v2/foo\"\n```\n\nFor a request to match against this rule, a request must satisfy\nEITHER of the two conditions:\n\n- path prefixed with `/foo` AND contains the header `version: v2`\n- path prefix of `/v2/foo`\n\nSee the documentation for HTTPRouteMatch on how to specify multiple\nmatch conditions that should be ANDed together.\n\nIf no matches are specified, the default is a prefix\npath match on \"/\", which has the effect of matching every\nHTTP request.\n\nProxy or Load Balancer routing configuration generated from HTTPRoutes\nMUST prioritize matches based on the following criteria, continuing on\nties. Across all rules specified on applicable Routes, precedence must be\ngiven to the match having:\n\n* \"Exact\" path match.\n* \"Prefix\" path match with largest number of characters.\n* Method match.\n* Largest number of header matches.\n* Largest number of query param matches.\n\nNote: The precedence of RegularExpression path matches are implementation-specific.\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\nIf ties still exist within an HTTPRoute, matching precedence MUST be granted\nto the FIRST matching rule (in list order) with a match meeting the above\ncriteria.\n\nWhen no rules matching a request have been successfully attached to the\nparent a request is coming from, a HTTP 404 status code MUST be returned.", - "items": { - "description": "HTTPRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\nFor example, the match below will match a HTTP request only if its path\nstarts with `/foo` AND it contains the `version: v1` header:\n\n```\nmatch:\n\n\tpath:\n\t value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t value \"v1\"\n\n```", - "properties": { - "headers": { - "description": "Headers specifies HTTP request header matchers. Multiple match values are\nANDed together, meaning, a request must match all the specified headers\nto select the route.", - "items": { - "description": "HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request\nheaders.", + "status": { + "description": "DataVolumeStatus contains the current status of the DataVolume", "properties": { - "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.\n\nWhen a header is repeated in an HTTP request, it is\nimplementation-specific behavior as to how this is represented.\nGenerally, proxies should follow the guidance from the RFC:\nhttps://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding\nprocessing a repeated header, with special handling for \"Set-Cookie\".", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", + "claimName": { + "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", "type": "string" }, - "type": { - "default": "Exact", - "description": "Type specifies how to match against the value of the header.\n\nSupport: Core (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression HeaderMatchType has implementation-specific\nconformance, implementations can support POSIX, PCRE or any other dialects\nof regular expressions. Please read the implementation's documentation to\ndetermine the supported dialect.", - "enum": [ - "Exact", - "RegularExpression" - ], + "conditions": { + "items": { + "description": "DataVolumeCondition represents the state of a data volume condition.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataVolumeConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "phase": { + "description": "Phase is the current phase of the data volume", "type": "string" }, - "value": { - "description": "Value is the value of HTTP Header to be matched.", - "maxLength": 4096, - "minLength": 1, + "progress": { + "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", "type": "string" + }, + "restartCount": { + "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", + "format": "int32", + "type": "integer" } }, - "required": [ - "name", - "value" - ], "type": "object" - }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "method": { - "description": "Method specifies HTTP method matcher.\nWhen specified, this route will be matched only if the request has the\nspecified method.\n\nSupport: Extended", - "enum": [ - "GET", - "HEAD", - "POST", - "PUT", - "DELETE", - "CONNECT", - "OPTIONS", - "TRACE", - "PATCH" - ], - "type": "string" + } }, - "path": { - "default": { - "type": "PathPrefix", - "value": "/" - }, - "description": "Path specifies a HTTP request path matcher. If this field is not\nspecified, a default prefix match on the \"/\" path is provided.", + "required": [ + "spec" + ], + "type": "object" + } + }, + "required": [ + "managedDataSource", + "schedule", + "template" + ], + "type": "object" + }, + "status": { + "description": "DataImportCronStatus is the status field of the DIC template", + "properties": { + "commonTemplate": { + "description": "CommonTemplate indicates whether this is a common template (true), or a custom one (false)", + "type": "boolean" + }, + "conditions": { + "description": "Conditions is a list of conditions that describe the state of the DataImportCronTemplate.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "type": { - "default": "PathPrefix", - "description": "Type specifies how to match against the path Value.\n\nSupport: Core (Exact, PathPrefix)\n\nSupport: Implementation-specific (RegularExpression)", - "enum": [ - "Exact", - "PathPrefix", - "RegularExpression" - ], + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "value": { - "default": "/", - "description": "Value of the HTTP path to match against.", - "maxLength": 1024, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "value must be an absolute path and start with '/' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.startsWith('/') : true" - }, - { - "message": "must not contain '//' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('//') : true" - }, - { - "message": "must not contain '/./' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/./') : true" - }, - { - "message": "must not contain '/../' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('/../') : true" - }, - { - "message": "must not contain '%2f' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2f') : true" - }, - { - "message": "must not contain '%2F' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('%2F') : true" - }, - { - "message": "must not contain '#' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.contains('#') : true" }, - { - "message": "must not end with '/..' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/..') : true" + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - { - "message": "must not end with '/.' when type one of ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? !self.value.endsWith('/.') : true" + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" }, - { - "message": "type must be one of ['Exact', 'PathPrefix', 'RegularExpression']", - "rule": "self.type in ['Exact','PathPrefix'] || self.type == 'RegularExpression'" + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" }, - { - "message": "must only contain valid characters (matching ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) for types ['Exact', 'PathPrefix']", - "rule": "(self.type in ['Exact','PathPrefix']) ? self.value.matches(r\"\"\"^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$\"\"\") : true" + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" } - ] - }, - "queryParams": { - "description": "QueryParams specifies HTTP query parameter matchers. Multiple match\nvalues are ANDed together, meaning, a request must match all the\nspecified query parameters to select the route.\n\nSupport: Extended", - "items": { - "description": "HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP\nquery parameters.", - "properties": { - "name": { - "description": "Name is the name of the HTTP query param to be matched. This must be an\nexact string match. (See\nhttps://tools.ietf.org/html/rfc7230#section-2.7.3).\n\nIf multiple entries specify equivalent query param names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent query param name MUST be ignored.\n\nIf a query param is repeated in an HTTP request, the behavior is\npurposely left undefined, since different data planes have different\ncapabilities. However, it is *recommended* that implementations should\nmatch against the first value of the param if the data plane supports it,\nas this behavior is expected in other load balancing contexts outside of\nthe Gateway API.\n\nUsers SHOULD NOT route traffic based on repeated query params to guard\nthemselves against potential differences in the implementations.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", - "type": "string" - }, - "type": { - "default": "Exact", - "description": "Type specifies how to match against the value of the query parameter.\n\nSupport: Extended (Exact)\n\nSupport: Implementation-specific (RegularExpression)\n\nSince RegularExpression QueryParamMatchType has Implementation-specific\nconformance, implementations can support POSIX, PCRE or any other\ndialects of regular expressions. Please read the implementation's\ndocumentation to determine the supported dialect.", - "enum": [ - "Exact", - "RegularExpression" - ], - "type": "string" - }, - "value": { - "description": "Value is the value of HTTP query param to be matched.", - "maxLength": 1024, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" ], - "x-kubernetes-list-type": "map" - } + "type": "object" + }, + "type": "array" }, - "type": "object" - }, - "maxItems": 64, - "type": "array" - }, - "timeouts": { - "description": "Timeouts defines the timeouts that can be configured for an HTTP request.\n\nSupport: Extended", - "properties": { - "backendRequest": { - "description": "BackendRequest specifies a timeout for an individual request from the gateway\nto a backend. This covers the time from when the request first starts being\nsent from the gateway to when the full response has been received from the backend.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nAn entire client HTTP transaction with a gateway, covered by the Request timeout,\nmay result in more than one call from the gateway to the destination backend,\nfor example, if automatic retries are supported.\n\nThe value of BackendRequest must be a Gateway API Duration string as defined by\nGEP-2257. When this field is unspecified, its behavior is implementation-specific;\nwhen specified, the value of BackendRequest must be no more than the value of the\nRequest timeout (since the Request timeout encompasses the BackendRequest timeout).\n\nSupport: Extended", - "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", - "type": "string" + "modified": { + "description": "Modified indicates if a common template was customized. Always false for custom templates.", + "type": "boolean" }, - "request": { - "description": "Request specifies the maximum duration for a gateway to respond to an HTTP request.\nIf the gateway has not been able to respond before this deadline is met, the gateway\nMUST return a timeout error.\n\nFor example, setting the `rules.timeouts.request` field to the value `10s` in an\n`HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds\nto complete.\n\nSetting a timeout to the zero duration (e.g. \"0s\") SHOULD disable the timeout\ncompletely. Implementations that cannot completely disable the timeout MUST\ninstead interpret the zero duration as the longest possible value to which\nthe timeout can be set.\n\nThis timeout is intended to cover as close to the whole request-response transaction\nas possible although an implementation MAY choose to start the timeout after the entire\nrequest stream has been received instead of immediately after the transaction is\ninitiated by the client.\n\nThe value of Request is a Gateway API Duration string as defined by GEP-2257. When this\nfield is unspecified, request timeout behavior is implementation-specific.\n\nSupport: Extended", - "pattern": "^([0-9]{1,5}(h|m|s|ms)){1,4}$", + "originalSupportedArchitectures": { + "description": "OriginalSupportedArchitectures is a comma-separated list of CPU architectures that the original\ntemplate supports.", "type": "string" } }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "backendRequest timeout cannot be longer than request timeout", - "rule": "!(has(self.request) && has(self.backendRequest) && duration(self.request) != duration('0s') && duration(self.backendRequest) > duration(self.request))" - } - ] + "type": "object" } }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "RequestRedirect filter must not be used together with backendRefs", - "rule": "(has(self.backendRefs) && size(self.backendRefs) > 0) ? (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): true" - }, - { - "message": "When using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - }, - { - "message": "When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - }, - { - "message": "Within backendRefs, when using RequestRedirect filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) && has(f.requestRedirect.path) && f.requestRedirect.path.type == 'ReplacePrefixMatch' && has(f.requestRedirect.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - }, - { - "message": "Within backendRefs, When using URLRewrite filter with path.replacePrefixMatch, exactly one PathPrefix match must be specified", - "rule": "(has(self.backendRefs) && self.backendRefs.exists_one(b, (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) && has(f.urlRewrite.path) && f.urlRewrite.path.type == 'ReplacePrefixMatch' && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) || self.matches[0].path.type != 'PathPrefix') ? false : true) : true" - } - ] + "type": "object" }, - "maxItems": 16, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "While 16 rules and 64 matches per rule are allowed, the total number of matches across all rules in a route must be less than 128", - "rule": "(self.size() > 0 ? self[0].matches.size() : 0) + (self.size() > 1 ? self[1].matches.size() : 0) + (self.size() > 2 ? self[2].matches.size() : 0) + (self.size() > 3 ? self[3].matches.size() : 0) + (self.size() > 4 ? self[4].matches.size() : 0) + (self.size() > 5 ? self[5].matches.size() : 0) + (self.size() > 6 ? self[6].matches.size() : 0) + (self.size() > 7 ? self[7].matches.size() : 0) + (self.size() > 8 ? self[8].matches.size() : 0) + (self.size() > 9 ? self[9].matches.size() : 0) + (self.size() > 10 ? self[10].matches.size() : 0) + (self.size() > 11 ? self[11].matches.size() : 0) + (self.size() > 12 ? self[12].matches.size() : 0) + (self.size() > 13 ? self[13].matches.size() : 0) + (self.size() > 14 ? self[14].matches.size() : 0) + (self.size() > 15 ? self[15].matches.size() : 0) <= 128" - } - ] - } - }, - "type": "object" - }, - "status": { - "description": "Status defines the current state of HTTPRoute.", - "properties": { - "parents": { - "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", - "items": { - "description": "RouteParentStatus describes the status of a route with respect to an\nassociated Parent.", - "properties": { - "conditions": { - "description": "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n* The Route refers to a nonexistent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "controllerName": { - "description": "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\nExample: \"example.net/gateway-controller\".\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary.", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$&'()*+,;=:]+$", + "type": "array" + }, + "dataImportSchedule": { + "description": "DataImportSchedule is the cron expression that is used in for the hard-coded data import cron templates. HCO\ngenerates the value of this field once and stored in the status field, so will survive restart.", + "type": "string" + }, + "infrastructureHighlyAvailable": { + "description": "InfrastructureHighlyAvailable describes whether the cluster has only one worker node\n(false) or more (true).", + "type": "boolean" + }, + "nodeInfo": { + "description": "NodeInfo holds information about the cluster nodes", + "properties": { + "controlPlaneArchitectures": { + "description": "ControlPlaneArchitectures is a distinct list of the CPU architecture of the control-plane nodes.", + "items": { "type": "string" }, - "parentRef": { - "description": "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of.", - "properties": { - "group": { - "default": "gateway.networking.k8s.io", - "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "default": "Gateway", - "description": "Kind is kind of the referent.\n\nThere are two kinds of parent resources with \"Core\" support:\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\nSupport for other resources is Implementation-Specific.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", - "type": "string" - }, - "name": { - "description": "Name is the name of the referent.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "port": { - "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\nSupport: Extended", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\nSupport: Core", - "maxLength": 253, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } + "type": "array" }, - "required": [ - "controllerName", - "parentRef" - ], - "type": "object" + "workloadsArchitectures": { + "description": "WorkloadsArchitectures is a distinct list of the CPU architectures of the workloads nodes in the cluster.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "maxItems": 32, - "type": "array" - } - }, - "required": [ - "parents" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "HTTPRoute", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/HTTPRouteList": { - "description": "HTTPRouteList is a list of HTTPRoute", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of httproutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.HTTPRoute" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "gateway.networking.k8s.io", - "kind": "HTTPRouteList", - "version": "v1beta1" - } - ] - }, - "gateway.networking.k8s.io/v1beta1/ReferenceGrant": { - "description": "ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\nAll cross-namespace references in Gateway API (with the exception of cross-namespace\nGateway-route attachment) require a ReferenceGrant.\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Spec defines the desired state of ReferenceGrant.", - "properties": { - "from": { - "description": "From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\nSupport: Core", + "type": "object" + }, + "observedGeneration": { + "description": "ObservedGeneration reflects the HyperConverged resource generation. If the ObservedGeneration is less than the\nresource generation in metadata, the status is out of date", + "format": "int64", + "type": "integer" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", "items": { - "description": "ReferenceGrantFrom describes trusted namespaces and kinds.", + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "properties": { - "group": { - "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", "type": "string" }, "kind": { - "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\nWhen used to permit a SecretObjectReference:\n\n* Gateway\n\nWhen used to permit a BackendObjectReference:\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { - "description": "Namespace is the namespace of the referent.\n\nSupport: Core", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "required": [ - "group", - "kind", - "namespace" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "maxItems": 16, - "minItems": 1, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "to": { - "description": "To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\nSupport: Core", + "systemHealthStatus": { + "description": "SystemHealthStatus reflects the health of HCO and its secondary resources, based on the aggregated conditions.", + "type": "string" + }, + "versions": { + "description": "Versions is a list of HCO component versions, as name/version pairs. The version with a name of \"operator\"\nis the HCO version itself, as described here:\nhttps://github.com/openshift/cluster-version-operator/blob/master/docs/dev/clusteroperator.md#version", "items": { - "description": "ReferenceGrantTo describes what Kinds are allowed as targets of the\nreferences.", "properties": { - "group": { - "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\nSupport: Core", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "kind": { - "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "name": { "type": "string" }, - "name": { - "description": "Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace.", - "maxLength": 253, - "minLength": 1, + "version": { "type": "string" } }, - "required": [ - "group", - "kind" - ], "type": "object" }, - "maxItems": 16, - "minItems": 1, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "from", - "to" - ], "type": "object" } }, @@ -83530,14 +83276,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "gateway.networking.k8s.io", - "kind": "ReferenceGrant", + "group": "hco.kubevirt.io", + "kind": "HyperConverged", "version": "v1beta1" } ] }, - "gateway.networking.k8s.io/v1beta1/ReferenceGrantList": { - "description": "ReferenceGrantList is a list of ReferenceGrant", + "hco.kubevirt.io/v1beta1/HyperConvergedList": { + "description": "HyperConvergedList is a list of HyperConverged", "namespaced": true, "properties": { "apiVersion": { @@ -83545,9 +83291,9 @@ "type": "string" }, "items": { - "description": "List of referencegrants. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of hyperconvergeds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.networking.gateway.v1beta1.ReferenceGrant" + "$ref": "#/components/schemas/io.kubevirt.hco.v1beta1.HyperConverged" }, "type": "array" }, @@ -83570,15 +83316,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "gateway.networking.k8s.io", - "kind": "ReferenceGrantList", + "group": "hco.kubevirt.io", + "kind": "HyperConvergedList", "version": "v1beta1" } ] }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshot": { - "description": "VolumeGroupSnapshot is a user's request for creating either a point-in-time\ngroup snapshot or binding to a pre-existing group snapshot.", - "namespaced": true, + "helm.openshift.io/v1beta1/HelmChartRepository": { + "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -83597,135 +83343,126 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines the desired characteristics of a group snapshot requested by a user.\nRequired.", + "description": "spec holds user settable values for configuration", "properties": { - "source": { - "description": "Source specifies where a group snapshot will be created from.\nThis field is immutable after creation.\nRequired.", + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", "properties": { - "selector": { - "description": "Selector is a label query over persistent volume claims that are to be\ngrouped together for snapshotting.\nThis labelSelector will be used to match the label added to a PVC.\nIf the label is added or removed to a volume after a group snapshot\nis created, the existing group snapshots won't be modified.\nOnce a VolumeGroupSnapshotContent is created and the sidecar starts to process\nit, the volume list will not change with retries.", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.\nIt is used as a trust anchor to validate the TLS certificate presented by the remote server.\nThe key \"ca-bundle.crt\" is used to locate the data.\nIf empty, the default system roots are used.\nThe namespace for this config map is openshift-config.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "selector is immutable", - "rule": "self == oldSelf" - } - ] + "required": [ + "name" + ], + "type": "object" }, - "volumeGroupSnapshotContentName": { - "description": "VolumeGroupSnapshotContentName specifies the name of a pre-existing VolumeGroupSnapshotContent\nobject representing an existing volume group snapshot.\nThis field should be set if the volume group snapshot already exists and\nonly needs a representation in Kubernetes.\nThis field is immutable.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeGroupSnapshotContentName is immutable", - "rule": "self == oldSelf" + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the\nPEM-encoded TLS client certificate and private key to present when connecting to the server.\nThe key \"tls.crt\" is used to locate the client certificate.\nThe key \"tls.key\" is used to locate the private key.\nThe namespace for this secret is openshift-config.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string" } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "selector is required once set", - "rule": "!has(oldSelf.selector) || has(self.selector)" - }, - { - "message": "volumeGroupSnapshotContentName is required once set", - "rule": "!has(oldSelf.volumeGroupSnapshotContentName) || has(self.volumeGroupSnapshotContentName)" + }, + "required": [ + "name" + ], + "type": "object" }, - { - "message": "exactly one of selector and volumeGroupSnapshotContentName must be set", - "rule": "(has(self.selector) && !has(self.volumeGroupSnapshotContentName)) || (!has(self.selector) && has(self.volumeGroupSnapshotContentName))" + "url": { + "description": "Chart repository URL", + "maxLength": 2048, + "pattern": "^https?:\\/\\/", + "type": "string" } - ] + }, + "type": "object" }, - "volumeGroupSnapshotClassName": { - "description": "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass\nrequested by the VolumeGroupSnapshot.\nVolumeGroupSnapshotClassName may be left nil to indicate that the default\nclass will be used.\nEmpty string is not allowed for this field.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeGroupSnapshotClassName must not be the empty string when set", - "rule": "size(self) > 0" - } - ] + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "disabled": { + "description": "If set to true, disable the repo usage in the cluster/namespace", + "type": "boolean" + }, + "name": { + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "maxLength": 100, + "minLength": 1, + "type": "string" } }, - "required": [ - "source" - ], "type": "object" }, "status": { - "description": "Status represents the current information of a group snapshot.\nConsumers must verify binding between VolumeGroupSnapshot and\nVolumeGroupSnapshotContent objects is successful (by validating that both\nVolumeGroupSnapshot and VolumeGroupSnapshotContent point to each other) before\nusing this object.", + "description": "Observed status of the repository within the cluster..", "properties": { - "boundVolumeGroupSnapshotContentName": { - "description": "BoundVolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent\nobject to which this VolumeGroupSnapshot object intends to bind to.\nIf not specified, it indicates that the VolumeGroupSnapshot object has not\nbeen successfully bound to a VolumeGroupSnapshotContent object yet.\nNOTE: To avoid possible security issues, consumers must verify binding between\nVolumeGroupSnapshot and VolumeGroupSnapshotContent objects is successful\n(by validating that both VolumeGroupSnapshot and VolumeGroupSnapshotContent\npoint at each other) before using this object.", - "type": "string" - }, - "creationTime": { - "description": "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it may indicate that the creation time of the group snapshot\nis unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is updated based on the CreationTime field in VolumeGroupSnapshotContentStatus", - "format": "date-time", - "type": "string" - }, - "error": { - "description": "Error is the last observed error during group snapshot creation, if any.\nThis field could be helpful to upper level controllers (i.e., application\ncontroller) to decide whether they should continue on waiting for the group\nsnapshot to be created based on the type of error reported.\nThe snapshot controller will keep retrying when an error occurs during the\ngroup snapshot creation. Upon success, this error field will be cleared.", - "properties": { - "message": { - "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their statuses", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } }, - "time": { - "description": "time is the timestamp when the error was encountered.", - "format": "date-time", - "type": "string" - } + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" }, - "type": "object" - }, - "readyToUse": { - "description": "ReadyToUse indicates if all the individual snapshots in the group are ready\nto be used to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.\nIf not specified, it means the readiness of a group snapshot is unknown.", - "type": "boolean" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" @@ -83737,67 +83474,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshot", - "version": "v1beta1" - } - ] - }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotClass": { - "description": "VolumeGroupSnapshotClass specifies parameters that a underlying storage system\nuses when creating a volume group snapshot. A specific VolumeGroupSnapshotClass\nis used by specifying its name in a VolumeGroupSnapshot object.\nVolumeGroupSnapshotClasses are non-namespaced.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "deletionPolicy": { - "description": "DeletionPolicy determines whether a VolumeGroupSnapshotContent created\nthrough the VolumeGroupSnapshotClass should be deleted when its bound\nVolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nRequired.", - "enum": [ - "Delete", - "Retain" - ], - "type": "string" - }, - "driver": { - "description": "Driver is the name of the storage driver expected to handle this VolumeGroupSnapshotClass.\nRequired.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a key-value map with storage driver specific parameters for\ncreating group snapshots.\nThese values are opaque to Kubernetes and are passed directly to the driver.", - "type": "object" - } - }, - "required": [ - "deletionPolicy", - "driver" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshotClass", + "group": "helm.openshift.io", + "kind": "HelmChartRepository", "version": "v1beta1" } ] }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotClassList": { - "description": "VolumeGroupSnapshotClassList is a list of VolumeGroupSnapshotClass", + "helm.openshift.io/v1beta1/HelmChartRepositoryList": { + "description": "HelmChartRepositoryList is a list of HelmChartRepository", "namespaced": true, "properties": { "apiVersion": { @@ -83805,9 +83489,9 @@ "type": "string" }, "items": { - "description": "List of volumegroupsnapshotclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of helmchartrepositories. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshotClass" + "$ref": "#/components/schemas/io.openshift.helm.v1beta1.HelmChartRepository" }, "type": "array" }, @@ -83830,15 +83514,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshotClassList", + "group": "helm.openshift.io", + "kind": "HelmChartRepositoryList", "version": "v1beta1" } ] }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotContent": { - "description": "VolumeGroupSnapshotContent represents the actual \"on-disk\" group snapshot object\nin the underlying storage system", - "namespaced": false, + "helm.openshift.io/v1beta1/ProjectHelmChartRepository": { + "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -83857,186 +83541,139 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Spec defines properties of a VolumeGroupSnapshotContent created by the underlying storage system.\nRequired.", + "description": "spec holds user settable values for configuration", "properties": { - "deletionPolicy": { - "description": "DeletionPolicy determines whether this VolumeGroupSnapshotContent and the\nphysical group snapshot on the underlying storage system should be deleted\nwhen the bound VolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nFor dynamically provisioned group snapshots, this field will automatically\nbe filled in by the CSI snapshotter sidecar with the \"DeletionPolicy\" field\ndefined in the corresponding VolumeGroupSnapshotClass.\nFor pre-existing snapshots, users MUST specify this field when creating the\nVolumeGroupSnapshotContent object.\nRequired.", - "enum": [ - "Delete", - "Retain" - ], - "type": "string" - }, - "driver": { - "description": "Driver is the name of the CSI driver used to create the physical group snapshot on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", - "type": "string" - }, - "source": { - "description": "Source specifies whether the snapshot is (or should be) dynamically provisioned\nor already exists, and just requires a Kubernetes object representation.\nThis field is immutable after creation.\nRequired.", + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", "properties": { - "groupSnapshotHandles": { - "description": "GroupSnapshotHandles specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot and a list of CSI \"snapshot_id\" of pre-existing snapshots\non the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable.", + "basicAuthConfig": { + "description": "basicAuthConfig is an optional reference to a secret by name that contains\nthe basic authentication credentials to present when connecting to the server.\nThe key \"username\" is used locate the username.\nThe key \"password\" is used to locate the password.\nThe namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", "properties": { - "volumeGroupSnapshotHandle": { - "description": "VolumeGroupSnapshotHandle specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot on the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable.\nRequired.", + "name": { + "description": "name is the metadata.name of the referenced secret", "type": "string" - }, - "volumeSnapshotHandles": { - "description": "VolumeSnapshotHandles is a list of CSI \"snapshot_id\" of pre-existing\nsnapshots on the underlying storage system for which Kubernetes objects\nrepresentation were (or should be) created.\nThis field is immutable.\nRequired.", - "items": { - "type": "string" - }, - "type": "array" } }, "required": [ - "volumeGroupSnapshotHandle", - "volumeSnapshotHandles" + "name" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "groupSnapshotHandles is immutable", - "rule": "self == oldSelf" - } - ] + "type": "object" }, - "volumeHandles": { - "description": "VolumeHandles is a list of volume handles on the backend to be snapshotted\ntogether. It is specified for dynamic provisioning of the VolumeGroupSnapshot.\nThis field is immutable.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "volumeHandles is immutable", - "rule": "self == oldSelf" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.\nIt is used as a trust anchor to validate the TLS certificate presented by the remote server.\nThe key \"ca-bundle.crt\" is used to locate the data.\nIf empty, the default system roots are used.\nThe namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "volumeHandles is required once set", - "rule": "!has(oldSelf.volumeHandles) || has(self.volumeHandles)" + }, + "required": [ + "name" + ], + "type": "object" }, - { - "message": "groupSnapshotHandles is required once set", - "rule": "!has(oldSelf.groupSnapshotHandles) || has(self.groupSnapshotHandles)" + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the\nPEM-encoded TLS client certificate and private key to present when connecting to the server.\nThe key \"tls.crt\" is used to locate the client certificate.\nThe key \"tls.key\" is used to locate the private key.\nThe namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - { - "message": "exactly one of volumeHandles and groupSnapshotHandles must be set", - "rule": "(has(self.volumeHandles) && !has(self.groupSnapshotHandles)) || (!has(self.volumeHandles) && has(self.groupSnapshotHandles))" + "url": { + "description": "Chart repository URL", + "maxLength": 2048, + "pattern": "^https?:\\/\\/", + "type": "string" } - ] + }, + "type": "object" }, - "volumeGroupSnapshotClassName": { - "description": "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass from\nwhich this group snapshot was (or will be) created.\nNote that after provisioning, the VolumeGroupSnapshotClass may be deleted or\nrecreated with different set of values, and as such, should not be referenced\npost-snapshot creation.\nFor dynamic provisioning, this field must be set.\nThis field may be unset for pre-provisioned snapshots.", + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", + "maxLength": 2048, + "minLength": 1, "type": "string" }, - "volumeGroupSnapshotRef": { - "description": "VolumeGroupSnapshotRef specifies the VolumeGroupSnapshot object to which this\nVolumeGroupSnapshotContent object is bound.\nVolumeGroupSnapshot.Spec.VolumeGroupSnapshotContentName field must reference to\nthis VolumeGroupSnapshotContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeGroupSnapshotContent object, name and namespace of the\nVolumeGroupSnapshot object MUST be provided for binding to happen.\nThis field is immutable after creation.\nRequired.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "both volumeGroupSnapshotRef.name and volumeGroupSnapshotRef.namespace must be set", - "rule": "has(self.name) && has(self.__namespace__)" - } - ] + "disabled": { + "description": "If set to true, disable the repo usage in the namespace", + "type": "boolean" + }, + "name": { + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "maxLength": 100, + "minLength": 1, + "type": "string" } }, - "required": [ - "deletionPolicy", - "driver", - "source", - "volumeGroupSnapshotRef" - ], "type": "object" }, "status": { - "description": "status represents the current information of a group snapshot.", + "description": "Observed status of the repository within the namespace..", "properties": { - "creationTime": { - "description": "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it indicates the creation time is unknown.\nIf not specified, it means the readiness of a group snapshot is unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is the source for the CreationTime field in VolumeGroupSnapshotStatus", - "format": "date-time", - "type": "string" - }, - "error": { - "description": "Error is the last observed error during group snapshot creation, if any.\nUpon success after retry, this error field will be cleared.", - "properties": { - "message": { - "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", - "type": "string" - }, - "time": { - "description": "time is the timestamp when the error was encountered.", - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "readyToUse": { - "description": "ReadyToUse indicates if all the individual snapshots in the group are ready to be\nused to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.", - "type": "boolean" - }, - "volumeGroupSnapshotHandle": { - "description": "VolumeGroupSnapshotHandle is a unique id returned by the CSI driver\nto identify the VolumeGroupSnapshot on the storage system.\nIf a storage system does not provide such an id, the\nCSI driver can choose to return the VolumeGroupSnapshot name.", - "type": "string" - }, - "volumeSnapshotHandlePairList": { - "description": "VolumeSnapshotHandlePairList is a list of CSI \"volume_id\" and \"snapshot_id\"\npair returned by the CSI driver to identify snapshots and their source volumes\non the storage system.", + "conditions": { + "description": "conditions is a list of conditions and their statuses", "items": { - "description": "VolumeSnapshotHandlePair defines a pair of a source volume handle and a snapshot handle", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "snapshotHandle": { - "description": "SnapshotHandle is a unique id returned by the CSI driver to identify a volume\nsnapshot on the storage system\nRequired.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "volumeHandle": { - "description": "VolumeHandle is a unique id returned by the CSI driver to identify a volume\non the storage system\nRequired.", + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ - "snapshotHandle", - "volumeHandle" + "lastTransitionTime", + "message", + "reason", + "status", + "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" @@ -84048,54 +83685,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshotContent", - "version": "v1beta1" - } - ] - }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotContentList": { - "description": "VolumeGroupSnapshotContentList is a list of VolumeGroupSnapshotContent", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of volumegroupsnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshotContent" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshotContentList", + "group": "helm.openshift.io", + "kind": "ProjectHelmChartRepository", "version": "v1beta1" } ] }, - "groupsnapshot.storage.openshift.io/v1beta1/VolumeGroupSnapshotList": { - "description": "VolumeGroupSnapshotList is a list of VolumeGroupSnapshot", + "helm.openshift.io/v1beta1/ProjectHelmChartRepositoryList": { + "description": "ProjectHelmChartRepositoryList is a list of ProjectHelmChartRepository", "namespaced": true, "properties": { "apiVersion": { @@ -84103,9 +83700,9 @@ "type": "string" }, "items": { - "description": "List of volumegroupsnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of projecthelmchartrepositories. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.storage.groupsnapshot.v1beta1.VolumeGroupSnapshot" + "$ref": "#/components/schemas/io.openshift.helm.v1beta1.ProjectHelmChartRepository" }, "type": "array" }, @@ -84128,15 +83725,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "groupsnapshot.storage.openshift.io", - "kind": "VolumeGroupSnapshotList", + "group": "helm.openshift.io", + "kind": "ProjectHelmChartRepositoryList", "version": "v1beta1" } ] }, - "hco.kubevirt.io/v1beta1/HyperConverged": { - "description": "HyperConverged is the Schema for the hyperconvergeds API", - "namespaced": true, + "hostpathprovisioner.kubevirt.io/v1beta1/HostPathProvisioner": { + "description": "HostPathProvisioner is the Schema for the hostpathprovisioners API", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -84155,432 +83752,478 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "default": { - "certConfig": { - "ca": { - "duration": "48h0m0s", - "renewBefore": "24h0m0s" + "description": "HostPathProvisionerSpec defines the desired state of HostPathProvisioner", + "properties": { + "featureGates": { + "description": "FeatureGates are a list of specific enabled feature gates", + "items": { + "type": "string" }, - "server": { - "duration": "24h0m0s", - "renewBefore": "12h0m0s" - } - }, - "deployVmConsoleProxy": false, - "enableApplicationAwareQuota": false, - "enableCommonBootImageImport": true, - "featureGates": { - "decentralizedLiveMigration": false, - "deployKubeSecondaryDNS": false, - "disableMDevConfiguration": false, - "downwardMetrics": false, - "enableMultiArchBootImageImport": false, - "persistentReservation": false - }, - "liveMigrationConfig": { - "allowAutoConverge": false, - "allowPostCopy": false, - "completionTimeoutPerGiB": 150, - "parallelMigrationsPerCluster": 5, - "parallelOutboundMigrationsPerNode": 2, - "progressTimeout": 150 + "type": "array", + "x-kubernetes-list-type": "set" }, - "resourceRequirements": { - "vmiCPUAllocationRatio": 10 + "imagePullPolicy": { + "description": "ImagePullPolicy is the container pull policy for the host path provisioner containers", + "type": "string" }, - "uninstallStrategy": "BlockUninstallIfWorkloadsExist", - "virtualMachineOptions": { - "disableFreePageReporting": false, - "disableSerialConsoleLog": false - } - }, - "description": "HyperConvergedSpec defines the desired state of HyperConverged", - "properties": { - "CommonInstancetypesDeployment": { - "description": "CommonInstancetypesDeployment holds the configuration of common-instancetypes deployment within KubeVirt.", + "pathConfig": { + "description": "PathConfig describes the location and layout of PV storage on nodes. Deprecated", "properties": { - "enabled": { - "description": "Enabled controls the deployment of common-instancetypes resources, defaults to True.", - "nullable": true, + "path": { + "description": "Path The path the directories for the PVs are created under", + "type": "string" + }, + "useNamingPrefix": { + "description": "UseNamingPrefix Use the name of the PVC requesting the PV as part of the directory created", "type": "boolean" } }, "type": "object" }, - "applicationAwareConfig": { - "description": "ApplicationAwareConfig set the AAQ configurations", - "properties": { - "allowApplicationAwareClusterResourceQuota": { - "default": false, - "description": "AllowApplicationAwareClusterResourceQuota if set to true, allows creation and management of ClusterAppsResourceQuota", - "type": "boolean" - }, - "namespaceSelector": { - "description": "NamespaceSelector determines in which namespaces scheduling gate will be added to pods..", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "storagePools": { + "description": "StoragePools are a list of storage pools", + "items": { + "description": "StoragePool defines how and where hostpath provisioner can use storage to create volumes.", + "properties": { + "name": { + "description": "Name specifies an identifier that is used in the storage class arguments to identify the source to use.", + "type": "string" + }, + "path": { + "description": "path the path to use on the host, this is a required field", + "type": "string" + }, + "pvcTemplate": { + "description": "PVCTemplate is the template of the PVC to create as the source volume", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" } }, "required": [ - "key", - "operator" + "kind", + "name" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "vmiCalcConfigName": { - "default": "DedicatedVirtualResources", - "description": "VmiCalcConfigName determine how resource allocation will be done with ApplicationsResourceQuota.\nallowed values are: VmiPodUsage, VirtualResources, DedicatedVirtualResources or IgnoreVmiCalculator", - "enum": [ - "VmiPodUsage", - "VirtualResources", - "DedicatedVirtualResources", - "IgnoreVmiCalculator" - ], - "type": "string" - } - }, - "type": "object" - }, - "certConfig": { - "default": { - "ca": { - "duration": "48h0m0s", - "renewBefore": "24h0m0s" - }, - "server": { - "duration": "24h0m0s", - "renewBefore": "12h0m0s" - } - }, - "description": "certConfig holds the rotation policy for internal, self-signed certificates", - "properties": { - "ca": { - "default": { - "duration": "48h0m0s", - "renewBefore": "24h0m0s" - }, - "description": "CA configuration -\nCA certs are kept in the CA bundle as long as they are valid", - "properties": { - "duration": { - "default": "48h0m0s", - "description": "The requested 'duration' (i.e. lifetime) of the Certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", - "type": "string" - }, - "renewBefore": { - "default": "24h0m0s", - "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", - "type": "string" - } - }, - "type": "object" - }, - "server": { - "default": { - "duration": "24h0m0s", - "renewBefore": "12h0m0s" - }, - "description": "Server configuration -\nCerts are rotated and discarded", - "properties": { - "duration": { - "default": "24h0m0s", - "description": "The requested 'duration' (i.e. lifetime) of the Certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", - "type": "string" - }, - "renewBefore": { - "default": "12h0m0s", - "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.\nThis should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration)", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "commonBootImageNamespace": { - "description": "CommonBootImageNamespace override the default namespace of the common boot images, in order to hide them.\n\nIf not set, HCO won't set any namespace, letting SSP to use the default. If set, use the namespace to create the\nDataImportCronTemplates and the common image streams, with this namespace. This field is not set by default.", - "type": "string" - }, - "commonTemplatesNamespace": { - "description": "CommonTemplatesNamespace defines namespace in which common templates will\nbe deployed. It overrides the default openshift namespace.", - "type": "string" - }, - "dataImportCronTemplates": { - "description": "DataImportCronTemplates holds list of data import cron templates (golden images)", - "items": { - "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, + "required": [ + "kind", + "name" + ], "type": "object" }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, "type": "object" }, - "name": { - "type": "string" + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataImportCronSpec defines specification for DataImportCron", - "properties": { - "garbageCollect": { - "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "importsToKeep": { - "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", - "format": "int32", - "type": "integer" - }, - "managedDataSource": { - "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "retentionPolicy": { - "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "schedule": { - "description": "Schedule specifies in cron format when and how often to look for new imports", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" - }, - "template": { - "description": "Template specifies template for the DVs to be created", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { + } + }, + "type": "object" + } + }, + "required": [ + "name", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "workload": { + "description": "Restrict on which nodes HPP workload pods will be scheduled", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "object" - }, - "name": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "namespace": { - "type": "string" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" } }, + "required": [ + "preference", + "weight" + ], "type": "object" }, - "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" - } - }, - "required": [ - "current", - "previous" - ], - "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" - }, - "pvc": { - "description": "PVC is the PVC specification", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "items": { - "type": "string" + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } + }, + "required": [ + "key", + "operator" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "requests": { + "matchLabels": { "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -84624,1002 +84267,184 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "url" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "diskId", - "url" - ], + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", - "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", - "type": "string" - } - }, - "type": "object" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "extraArgs": { - "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" - }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" } }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeStatus contains the current status of the DataVolume", - "properties": { - "claimName": { - "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "conditions": { + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { - "description": "DataVolumeCondition represents the state of a data volume condition.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "DataVolumeConditionType is the string representation of known condition types", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" + "type": "string" }, - "type": "array" - }, - "phase": { - "description": "Phase is the current phase of the data volume", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "progress": { - "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" - }, - "restartCount": { - "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", - "format": "int32", - "type": "integer" } }, + "required": [ + "topologyKey" + ], "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "required": [ - "managedDataSource", - "schedule", - "template" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "defaultCPUModel": { - "description": "DefaultCPUModel defines a cluster default for CPU model: default CPU model is set when VMI doesn't have any CPU model.\nWhen VMI has CPU model set, then VMI's CPU model is preferred.\nWhen default CPU model is not set and VMI's CPU model is not set too, host-model will be set.\nDefault CPU model can be changed when kubevirt is running.", - "type": "string" - }, - "defaultRuntimeClass": { - "description": "DefaultRuntimeClass defines a cluster default for the RuntimeClass to be used for VMIs pods if not set there.\nDefault RuntimeClass can be changed when kubevirt is running, existing VMIs are not impacted till\nthe next restart/live-migration when they are eventually going to consume the new default RuntimeClass.", - "type": "string" - }, - "deployVmConsoleProxy": { - "default": false, - "description": "deploy VM console proxy resources in SSP operator", - "type": "boolean" - }, - "enableApplicationAwareQuota": { - "default": false, - "description": "EnableApplicationAwareQuota if true, enables the Application Aware Quota feature", - "type": "boolean" - }, - "enableCommonBootImageImport": { - "default": true, - "description": "Opt-in to automatic delivery/updates of the common data import cron templates.\nThere are two sources for the data import cron templates: hard coded list of common templates, and custom (user\ndefined) templates that can be added to the dataImportCronTemplates field. This field only controls the common\ntemplates. It is possible to use custom templates by adding them to the dataImportCronTemplates field.", - "type": "boolean" - }, - "evictionStrategy": { - "description": "EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be\nmigrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific\nfield is set it overrides the cluster level one.\nAllowed values:\n- `None` no eviction strategy at cluster level.\n- `LiveMigrate` migrate the VM on eviction; a not live migratable VM with no specific strategy will block the drain of the node util manually evicted.\n- `LiveMigrateIfPossible` migrate the VM on eviction if live migration is possible, otherwise directly evict.\n- `External` block the drain, track eviction and notify an external controller.\nDefaults to LiveMigrate with multiple worker nodes, None on single worker clusters.", - "enum": [ - "None", - "LiveMigrate", - "LiveMigrateIfPossible", - "External" - ], - "type": "string" - }, - "featureGates": { - "default": { - "decentralizedLiveMigration": false, - "deployKubeSecondaryDNS": false, - "disableMDevConfiguration": false, - "downwardMetrics": false, - "enableMultiArchBootImageImport": false, - "persistentReservation": false - }, - "description": "featureGates is a map of feature gate flags. Setting a flag to `true` will enable\nthe feature. Setting `false` or removing the feature gate, disables the feature.", - "properties": { - "alignCPUs": { - "default": false, - "description": "Enable KubeVirt to request up to two additional dedicated CPUs\nin order to complete the total CPU count to an even parity when using emulator thread isolation.\nNote: this feature is in Developer Preview.", - "type": "boolean" - }, - "autoResourceLimits": { - "description": "Deprecated: this field is ignored and will be removed in the next version of the API.", - "type": "boolean" - }, - "decentralizedLiveMigration": { - "default": false, - "description": "DecentralizedLiveMigration enables the decentralized live migration (cross-cluster migration) feature.\nThis feature allows live migration of VirtualMachineInstances between different clusters.\nThis feature is in Developer Preview.", - "type": "boolean" - }, - "deployKubeSecondaryDNS": { - "default": false, - "description": "Deploy KubeSecondaryDNS by CNAO", - "type": "boolean" - }, - "deployKubevirtIpamController": { - "description": "Deprecated: this field is ignored and will be removed in the next version of the API.", - "type": "boolean" - }, - "deployTektonTaskResources": { - "description": "Deprecated: This field is ignored and will be removed on the next version of the API.", - "type": "boolean" - }, - "deployVmConsoleProxy": { - "description": "Deprecated: This field is ignored and will be removed on the next version of the API.\nUse spec.deployVmConsoleProxy instead", - "type": "boolean" - }, - "disableMDevConfiguration": { - "default": false, - "description": "Disable mediated devices handling on KubeVirt", - "type": "boolean" - }, - "downwardMetrics": { - "default": false, - "description": "Allow to expose a limited set of host metrics to guests.", - "type": "boolean" - }, - "enableApplicationAwareQuota": { - "description": "Deprecated: This field is ignored and will be removed on the next version of the API.\nUse spec.enableApplicationAwareQuota instead", - "type": "boolean" - }, - "enableCommonBootImageImport": { - "description": "Deprecated: This field is ignored. Use spec.enableCommonBootImageImport instead", - "type": "boolean" - }, - "enableManagedTenantQuota": { - "description": "Deprecated: This field is ignored and will be removed on the next version of the API.", - "type": "boolean" - }, - "enableMultiArchBootImageImport": { - "default": false, - "description": "EnableMultiArchBootImageImport allows the HCO to run on heterogeneous clusters with different CPU architectures.\nSetting this field to true will allow the HCO to create Golden Images for different CPU architectures.\n\nThis feature is in Developer Preview.", - "type": "boolean" - }, - "nonRoot": { - "description": "Deprecated: // Deprecated: This field is ignored and will be removed on the next version of the API.", - "type": "boolean" - }, - "persistentReservation": { - "default": false, - "description": "Enable persistent reservation of a LUN through the SCSI Persistent Reserve commands on Kubevirt.\nIn order to issue privileged SCSI ioctls, the VM requires activation of the persistent reservation flag.\nOnce this feature gate is enabled, then the additional container with the qemu-pr-helper is deployed inside the virt-handler pod.\nEnabling (or removing) the feature gate causes the redeployment of the virt-handler pod.", - "type": "boolean" - }, - "primaryUserDefinedNetworkBinding": { - "description": "primaryUserDefinedNetworkBinding deploys the needed configurations for kubevirt users to\nbe able to bind their VM to a UDN network on the VM's primary interface.\nDeprecated: this field is ignored and will be removed in the next version of the API.", - "type": "boolean" - }, - "withHostPassthroughCPU": { - "description": "Deprecated: there is no such FG in KubeVirt. This field is ignored", - "type": "boolean" - } - }, - "type": "object" - }, - "filesystemOverhead": { - "description": "FilesystemOverhead describes the space reserved for overhead when using Filesystem volumes.\nA value is between 0 and 1, if not defined it is 0.055 (5.5 percent overhead)", - "properties": { - "global": { - "description": "Global is how much space of a Filesystem volume should be reserved for overhead. This value is used unless overridden by a more specific value (per storageClass)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "storageClass": { - "additionalProperties": { - "description": "Percent is a string that can only be a value between [0,1)\n(Note: we actually rely on reconcile to reject invalid values)", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "description": "StorageClass specifies how much space of a Filesystem volume should be reserved for safety. The keys are the storageClass and the values are the overhead. This value overrides the global value", - "type": "object" - } - }, - "type": "object" - }, - "higherWorkloadDensity": { - "default": { - "memoryOvercommitPercentage": 100 - }, - "description": "HigherWorkloadDensity holds configurataion aimed to increase virtual machine density", - "properties": { - "memoryOvercommitPercentage": { - "default": 100, - "description": "MemoryOvercommitPercentage is the percentage of memory we want to give VMIs compared to the amount\ngiven to its parent pod (virt-launcher). For example, a value of 102 means the VMI will\n\"see\" 2% more memory than its parent pod. Values under 100 are effectively \"undercommits\".\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.", - "minimum": 1, - "type": "integer" - } - }, - "type": "object" - }, - "infra": { - "description": "infra HyperConvergedConfig influences the pod configuration (currently only placement)\nfor all the infra components needed on the virtualization enabled cluster\nbut not necessarily directly on each node running VMs/VMIs.", - "properties": { - "nodePlacement": { - "description": "NodePlacement describes node scheduling configuration.", - "properties": { - "affinity": { - "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", @@ -85667,7 +84492,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -85675,7 +84500,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -85745,2960 +84570,452 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "instancetypeConfig": { - "description": "InstancetypeConfig holds the configuration of instance type related functionality within KubeVirt.", - "properties": { - "referencePolicy": { - "description": "ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:\nreference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.\nexpand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.\nexpandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.", - "enum": [ - "reference", - "expand", - "expandAll" - ], - "nullable": true, - "type": "string" - } - }, - "type": "object" - }, - "ksmConfiguration": { - "description": "KSMConfiguration holds the information regarding\nthe enabling the KSM in the nodes (if available).", - "properties": { - "nodeLabelSelector": { - "description": "NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled.\nEmpty NodeLabelSelector will enable ksm for every node.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "kubeSecondaryDNSNameServerIP": { - "description": "KubeSecondaryDNSNameServerIP defines name server IP used by KubeSecondaryDNS", - "type": "string" - }, - "liveMigrationConfig": { - "default": { - "allowAutoConverge": false, - "allowPostCopy": false, - "completionTimeoutPerGiB": 150, - "parallelMigrationsPerCluster": 5, - "parallelOutboundMigrationsPerNode": 2, - "progressTimeout": 150 - }, - "description": "Live migration limits and timeouts are applied so that migration processes do not\noverwhelm the cluster.", - "properties": { - "allowAutoConverge": { - "default": false, - "description": "AllowAutoConverge allows the platform to compromise performance/availability of VMIs to\nguarantee successful VMI live migrations. Defaults to false", - "type": "boolean" - }, - "allowPostCopy": { - "default": false, - "description": "When enabled, KubeVirt attempts to use post-copy live-migration in case it\nreaches its completion timeout while attempting pre-copy live-migration.\nPost-copy migrations allow even the busiest VMs to successfully live-migrate.\nHowever, events like a network failure or a failure in any of the source or\ndestination nodes can cause the migrated VM to crash or reach inconsistency.\nEnable this option when evicting nodes is more important than keeping VMs\nalive.\nDefaults to false.", - "type": "boolean" - }, - "bandwidthPerMigration": { - "description": "Bandwidth limit of each migration, the value is quantity of bytes per second (e.g. 2048Mi = 2048MiB/sec)", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "type": "string" - }, - "completionTimeoutPerGiB": { - "default": 150, - "description": "If a migrating VM is big and busy, while the connection to the destination node\nis slow, migration may never converge. The completion timeout is calculated\nbased on completionTimeoutPerGiB times the size of the guest (both RAM and\nmigrated disks, if any). For example, with completionTimeoutPerGiB set to 800,\na virtual machine instance with 6GiB memory will timeout if it has not\ncompleted migration in 1h20m. Use a lower completionTimeoutPerGiB to induce\nquicker failure, so that another destination or post-copy is attempted. Use a\nhigher completionTimeoutPerGiB to let workload with spikes in its memory dirty\nrate to converge.\nThe format is a number.", - "format": "int64", - "type": "integer" - }, - "network": { - "description": "The migrations will be performed over a dedicated multus network to minimize disruption to tenant workloads due to network saturation when VM live migrations are triggered.", - "type": "string" - }, - "parallelMigrationsPerCluster": { - "default": 5, - "description": "Number of migrations running in parallel in the cluster.", - "format": "int32", - "type": "integer" - }, - "parallelOutboundMigrationsPerNode": { - "default": 2, - "description": "Maximum number of outbound migrations per node.", - "format": "int32", - "type": "integer" - }, - "progressTimeout": { - "default": 150, - "description": "The migration will be canceled if memory copy fails to make progress in this time, in seconds.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "liveUpdateConfiguration": { - "description": "LiveUpdateConfiguration holds the cluster configuration for live update of virtual machines - max cpu sockets,\nmax guest memory and max hotplug ratio. This setting can affect VM CPU and memory settings.", - "properties": { - "maxCpuSockets": { - "description": "MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.\nFor VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.", - "format": "int32", - "type": "integer" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxGuest defines the maximum amount memory that can be allocated\nto the guest using hotplug.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "maxHotplugRatio": { - "description": "MaxHotplugRatio is the ratio used to define the max amount\nof a hotplug resource that can be made available to a VM\nwhen the specific Max* setting is not defined (MaxCpuSockets, MaxGuest)\nExample: VM is configured with 512Mi of guest memory, if MaxGuest is not\ndefined and MaxHotplugRatio is 2 then MaxGuest = 1Gi\ndefaults to 4", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "localStorageClassName": { - "description": "Deprecated: LocalStorageClassName the name of the local storage class.", - "type": "string" - }, - "logVerbosityConfig": { - "description": "LogVerbosityConfig configures the verbosity level of Kubevirt's different components. The higher\nthe value - the higher the log verbosity.", - "properties": { - "cdi": { - "description": "CDI indicates the log verbosity level that controls the amount of information logged for CDI components.", - "format": "int32", - "type": "integer" - }, - "kubevirt": { - "description": "Kubevirt is a struct that allows specifying the log verbosity level that controls the amount of information\nlogged for each Kubevirt component.", - "properties": { - "nodeVerbosity": { - "additionalProperties": { - "type": "integer" - }, - "description": "NodeVerbosity represents a map of nodes with a specific verbosity level", - "type": "object" - }, - "virtAPI": { - "type": "integer" - }, - "virtController": { - "type": "integer" - }, - "virtHandler": { - "type": "integer" - }, - "virtLauncher": { - "type": "integer" - }, - "virtOperator": { - "type": "integer" - }, - "virtSynchronizationController": { - "type": "integer" } }, "type": "object" - } - }, - "type": "object" - }, - "mediatedDevicesConfiguration": { - "description": "MediatedDevicesConfiguration holds information about MDEV types to be defined on nodes, if available", - "properties": { - "mediatedDeviceTypes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "mediatedDevicesTypes": { - "description": "Deprecated: please use mediatedDeviceTypes instead.", - "items": { + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" }, - "nodeMediatedDeviceTypes": { + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", "items": { - "description": "NodeMediatedDeviceTypesConfig holds information about MDEV types to be defined in a specific node that matches the NodeSelector field.", + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { - "mediatedDeviceTypes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" }, - "mediatedDevicesTypes": { - "description": "Deprecated: please use mediatedDeviceTypes instead.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" } }, - "required": [ - "nodeSelector" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "for nodeMediatedDeviceTypes a non-empty mediatedDeviceTypes or mediatedDevicesTypes(deprecated) is required", - "rule": "(has(self.mediatedDeviceTypes) && size(self.mediatedDeviceTypes)>0) || (has(self.mediatedDevicesTypes) && size(self.mediatedDevicesTypes)>0)" - } - ] + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" } }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "for mediatedDevicesConfiguration a non-empty mediatedDeviceTypes or mediatedDevicesTypes(deprecated) is required", - "rule": "(has(self.mediatedDeviceTypes) && size(self.mediatedDeviceTypes)>0) || (has(self.mediatedDevicesTypes) && size(self.mediatedDevicesTypes)>0)" - } - ] - }, - "networkBinding": { - "additionalProperties": { + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "HostPathProvisionerStatus defines the observed state of HostPathProvisioner", + "properties": { + "conditions": { + "description": "Conditions contains the current conditions observed by the operator", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", "properties": { - "computeResourceOverhead": { - "description": "ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.\nversion: v1alphav1", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" }, - "domainAttachmentType": { - "description": "DomainAttachmentType is a standard domain network attachment method kubevirt supports.\nSupported values: \"tap\", \"managedTap\" (since v1.4).\nThe standard domain attachment can be used instead or in addition to the sidecarImage.\nversion: 1alphav1", + "lastTransitionTime": { + "format": "date-time", "type": "string" }, - "downwardAPI": { - "description": "DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar.\nSupported values: \"device-info\"\nversion: v1alphav1", + "message": { "type": "string" }, - "migration": { - "description": "Migration means the VM using the plugin can be safely migrated\nversion: 1alphav1", - "properties": { - "method": { - "description": "Method defines a pre-defined migration methodology\nversion: 1alphav1", - "type": "string" - } - }, - "type": "object" + "reason": { + "type": "string" }, - "networkAttachmentDefinition": { - "description": "NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object.\nFormat: , /.\nIf namespace is not specified, VMI namespace is assumed.\nversion: 1alphav1", + "status": { "type": "string" }, - "sidecarImage": { - "description": "SidecarImage references a container image that runs in the virt-launcher pod.\nThe sidecar handles (libvirt) domain configuration and optional services.\nversion: 1alphav1", + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", "type": "string" } }, + "required": [ + "status", + "type" + ], "type": "object" }, - "description": "NetworkBinding defines the network binding plugins.\nThose bindings can be used when defining virtual machine interfaces.", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "obsoleteCPUs": { - "description": "ObsoleteCPUs allows avoiding scheduling of VMs for obsolete CPU models", - "properties": { - "cpuModels": { - "description": "CPUModels is a list of obsolete CPU models. When the node-labeller obtains the list of obsolete CPU models, it\neliminates those CPU models and creates labels for valid CPU models.\nThe default values for this field is nil, however, HCO uses opinionated values, and adding values to this list\nwill add them to the opinionated values.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "minCPUModel": { - "description": "MinCPUModel is the Minimum CPU model that is used for basic CPU features; e.g. Penryn or Haswell.\nThe default value for this field is nil, but in KubeVirt, the default value is \"Penryn\", if nothing else is set.\nUse this field to override KubeVirt default value.", - "type": "string" - } - }, - "type": "object" + "observedVersion": { + "description": "ObservedVersion The observed version of the HostPathProvisioner deployment", + "type": "string" }, - "permittedHostDevices": { - "description": "PermittedHostDevices holds information about devices allowed for passthrough", - "properties": { - "mediatedDevices": { - "items": { - "description": "MediatedHostDevice represents a host mediated device allowed for passthrough", - "properties": { - "disabled": { - "description": "HCO enforces the existence of several MediatedHostDevice objects. Set disabled field to true instead of remove\nthese objects.", - "type": "boolean" - }, - "externalResourceProvider": { - "description": "indicates that this resource is being provided by an external device plugin", - "type": "boolean" - }, - "mdevNameSelector": { - "description": "name of a mediated device type required to identify a mediated device on a host", - "type": "string" - }, - "resourceName": { - "description": "name by which a device is advertised and being requested", - "type": "string" - } - }, - "required": [ - "mdevNameSelector", - "resourceName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mdevNameSelector" - ], - "x-kubernetes-list-type": "map" - }, - "pciHostDevices": { - "items": { - "description": "PciHostDevice represents a host PCI device allowed for passthrough", - "properties": { - "disabled": { - "description": "HCO enforces the existence of several PciHostDevice objects. Set disabled field to true instead of remove\nthese objects.", - "type": "boolean" - }, - "externalResourceProvider": { - "description": "indicates that this resource is being provided by an external device plugin", - "type": "boolean" - }, - "pciDeviceSelector": { - "description": "a combination of a vendor_id:product_id required to identify a PCI device on a host.", - "type": "string" - }, - "resourceName": { - "description": "name by which a device is advertised and being requested", - "type": "string" - } - }, - "required": [ - "pciDeviceSelector", - "resourceName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "pciDeviceSelector" - ], - "x-kubernetes-list-type": "map" - }, - "usbHostDevices": { - "items": { - "description": "USBHostDevice represents a host USB device allowed for passthrough", - "properties": { - "disabled": { - "description": "HCO enforces the existence of several USBHostDevice objects. Set disabled field to true instead of remove\nthese objects.", - "type": "boolean" - }, - "externalResourceProvider": { - "description": "If true, KubeVirt will leave the allocation and monitoring to an\nexternal device plugin", - "type": "boolean" - }, - "resourceName": { - "description": "Identifies the list of USB host devices.\ne.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc", - "type": "string" - }, - "selectors": { - "items": { - "description": "USBSelector represents a selector for a USB device allowed for passthrough", + "operatorVersion": { + "description": "OperatorVersion The version of the HostPathProvisioner Operator", + "type": "string" + }, + "storagePoolStatuses": { + "items": { + "description": "StoragePoolStatus is the status of the named storage pool", + "properties": { + "claimStatuses": { + "description": "The status of all the claims.", + "items": { + "description": "ClaimStatus defines the storage claim status for each PVC in a storage pool", + "properties": { + "name": { + "description": "Name of the PersistentVolumeClaim", + "type": "string" + }, + "status": { + "description": "Status of the PersistentVolumeClaim", "properties": { - "product": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, - "vendor": { + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, - "required": [ - "product", - "vendor" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "resourceName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "resourceName" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "resourceRequirements": { - "default": { - "vmiCPUAllocationRatio": 10 - }, - "description": "ResourceRequirements describes the resource requirements for the operand workloads.", - "properties": { - "autoCPULimitNamespaceLabelSelector": { - "description": "When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside\nnamespaces that match the label selector.\nThe CPU limit will equal the number of requested vCPUs.\nThis setting does not apply to VMIs with dedicated CPUs.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageWorkloads": { - "description": "StorageWorkloads defines the resources requirements for storage workloads. It will propagate to the CDI custom\nresource", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "name", + "status" ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" + "currentReady": { + "description": "CurrentReady is the number of currently ready replicasets.", + "type": "integer" + }, + "desiredReady": { + "description": "DesiredReady is the number of desired ready replicasets.", + "type": "integer" + }, + "name": { + "description": "Name is the name of the storage pool", + "type": "string" + }, + "phase": { + "description": "StoragePoolPhase indicates which phase the storage pool is in.", + "type": "string" + } }, - "vmiCPUAllocationRatio": { - "default": 10, - "description": "VmiCPUAllocationRatio defines, for each requested virtual CPU,\nhow much physical CPU to request per VMI from the\nhosting node. The value is in fraction of a CPU thread (or\ncore on non-hyperthreaded nodes).\nVMI POD CPU request = number of vCPUs * 1/vmiCPUAllocationRatio\nFor example, a value of 1 means 1 physical CPU thread per VMI CPU thread.\nA value of 100 would be 1% of a physical thread allocated for each\nrequested VMI thread.\nThis option has no effect on VMIs that request dedicated CPUs.\nDefaults to 10", - "minimum": 1, - "type": "integer" - } + "required": [ + "name", + "phase" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "vmiCPUAllocationRatio must be greater than 0", - "rule": "!has(self.vmiCPUAllocationRatio) || self.vmiCPUAllocationRatio > 0" - } - ] - }, - "scratchSpaceStorageClass": { - "description": "Override the storage class used for scratch space during transfer operations. The scratch space storage class\nis determined in the following order:\nvalue of scratchSpaceStorageClass, if that doesn't exist, use the default storage class, if there is no default\nstorage class, use the storage class of the DataVolume, if no storage class specified, use no storage class for\nscratch space", - "type": "string" - }, - "storageImport": { - "description": "StorageImport contains configuration for importing containerized data", - "properties": { - "insecureRegistries": { - "description": "InsecureRegistries is a list of image registries URLs that are not secured. Setting an insecure registry URL\nin this list allows pulling images from this registry.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "tektonPipelinesNamespace": { - "description": "TektonPipelinesNamespace defines namespace in which example pipelines will be deployed.\nIf unset, then the default value is the operator namespace.\nDeprecated: This field is ignored.", - "type": "string" - }, - "tektonTasksNamespace": { - "description": "TektonTasksNamespace defines namespace in which tekton tasks will be deployed.\nIf unset, then the default value is the operator namespace.\nDeprecated: This field is ignored.", - "type": "string" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile specifies the settings for TLS connections to be propagated to all kubevirt-hyperconverged components.\nIf unset, the hyperconverged cluster operator will consume the value set on the APIServer CR on OCP/OKD or Intermediate if on vanilla k8s.\nNote that only Old, Intermediate and Custom profiles are currently supported, and the maximum available\nMinTLSVersions is VersionTLS12.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - }, - "tuningPolicy": { - "description": "TuningPolicy allows to configure the mode in which the RateLimits of kubevirt are set.\nIf TuningPolicy is not present the default kubevirt values are used.\nIt can be set to `annotation` for fine-tuning the kubevirt queryPerSeconds (qps) and burst values.\nQps and burst values are taken from the annotation hco.kubevirt.io/tuningPolicy", - "enum": [ - "annotation", - "highBurst" - ], - "type": "string" - }, - "uninstallStrategy": { - "default": "BlockUninstallIfWorkloadsExist", - "description": "UninstallStrategy defines how to proceed on uninstall when workloads (VirtualMachines, DataVolumes) still exist.\nBlockUninstallIfWorkloadsExist will prevent the CR from being removed when workloads still exist.\nBlockUninstallIfWorkloadsExist is the safest choice to protect your workloads from accidental data loss, so it's strongly advised.\nRemoveWorkloads will cause all the workloads to be cascading deleted on uninstallation.\nWARNING: please notice that RemoveWorkloads will cause your workloads to be deleted as soon as this CR will be, even accidentally, deleted.\nPlease correctly consider the implications of this option before setting it.\nBlockUninstallIfWorkloadsExist is the default behaviour.", - "enum": [ - "RemoveWorkloads", - "BlockUninstallIfWorkloadsExist" - ], - "type": "string" - }, - "vddkInitImage": { - "description": "VDDK Init Image eventually used to import VMs from external providers\n\nDeprecated: please use the Migration Toolkit for Virtualization", - "type": "string" - }, - "virtualMachineOptions": { - "default": { - "disableFreePageReporting": false, - "disableSerialConsoleLog": false - }, - "description": "VirtualMachineOptions holds the cluster level information regarding the virtual machine.", - "properties": { - "disableFreePageReporting": { - "default": false, - "description": "DisableFreePageReporting disable the free page reporting of\nmemory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device.\nThis will have effect only if AutoattachMemBalloon is not false and the vmi is not\nrequesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled.", - "type": "boolean" - }, - "disableSerialConsoleLog": { - "default": false, - "description": "DisableSerialConsoleLog disables logging the auto-attached default serial console.\nIf not set, serial console logs will be written to a file and then streamed from a container named `guest-console-log`.\nThe value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled for the VM.", - "type": "boolean" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "vmStateStorageClass": { - "description": "VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.\nThe storage class must support RWX in filesystem mode.", + "targetVersion": { + "description": "TargetVersion The targeted version of the HostPathProvisioner deployment", "type": "string" - }, - "workloadUpdateStrategy": { - "default": { - "batchEvictionInterval": "1m0s", - "batchEvictionSize": 10, - "workloadUpdateMethods": [ - "LiveMigrate" - ] - }, - "description": "WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates", - "properties": { - "batchEvictionInterval": { - "default": "1m0s", - "description": "BatchEvictionInterval Represents the interval to wait before issuing the next\nbatch of shutdowns", - "type": "string" - }, - "batchEvictionSize": { - "default": 10, - "description": "BatchEvictionSize Represents the number of VMIs that can be forced updated per\nthe BatchShutdownInterval interval", - "type": "integer" - }, - "workloadUpdateMethods": { - "default": [ - "LiveMigrate" - ], - "description": "WorkloadUpdateMethods defines the methods that can be used to disrupt workloads\nduring automated workload updates.\nWhen multiple methods are present, the least disruptive method takes\nprecedence over more disruptive methods. For example if both LiveMigrate and Evict\nmethods are listed, only VMs which are not live migratable will be restarted/shutdown.\nAn empty list defaults to no automated workload updating.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "workloadUpdateMethods" - ], - "type": "object" - }, - "workloads": { - "description": "workloads HyperConvergedConfig influences the pod configuration (currently only placement) of components\nwhich need to be running on a node where virtualization workloads should be able to run.\nChanges to Workloads HyperConvergedConfig can be applied only without existing workload.", - "properties": { - "nodePlacement": { - "description": "NodePlacement describes node scheduling configuration.", - "properties": { - "affinity": { - "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" } }, "type": "object" - }, - "status": { - "description": "HyperConvergedStatus defines the observed state of HyperConverged", - "properties": { - "conditions": { - "description": "Conditions describes the state of the HyperConverged resource.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataImportCronTemplates": { - "description": "DataImportCronTemplates is a list of the actual DataImportCronTemplates as HCO update in the SSP CR. The list\ncontains both the common and the custom templates, including any modification done by HCO.", - "items": { - "description": "DataImportCronTemplateStatus is a copy of a dataImportCronTemplate as defined in the spec, or in the HCO image.", - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataImportCronSpec defines specification for DataImportCron", - "properties": { - "garbageCollect": { - "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", - "type": "string" - }, - "importsToKeep": { - "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", - "format": "int32", - "type": "integer" - }, - "managedDataSource": { - "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", - "type": "string" - }, - "retentionPolicy": { - "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", - "type": "string" - }, - "schedule": { - "description": "Schedule specifies in cron format when and how often to look for new imports", - "type": "string" - }, - "template": { - "description": "Template specifies template for the DVs to be created", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" - } - }, - "required": [ - "current", - "previous" - ], - "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" - }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", - "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", - "type": "string" - } - }, - "type": "object" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "extraArgs": { - "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" - }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeStatus contains the current status of the DataVolume", - "properties": { - "claimName": { - "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", - "type": "string" - }, - "conditions": { - "items": { - "description": "DataVolumeCondition represents the state of a data volume condition.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "DataVolumeConditionType is the string representation of known condition types", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "phase": { - "description": "Phase is the current phase of the data volume", - "type": "string" - }, - "progress": { - "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", - "type": "string" - }, - "restartCount": { - "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "required": [ - "managedDataSource", - "schedule", - "template" - ], - "type": "object" - }, - "status": { - "description": "DataImportCronStatus is the status field of the DIC template", - "properties": { - "commonTemplate": { - "description": "CommonTemplate indicates whether this is a common template (true), or a custom one (false)", - "type": "boolean" - }, - "conditions": { - "description": "Conditions is a list of conditions that describe the state of the DataImportCronTemplate.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "modified": { - "description": "Modified indicates if a common template was customized. Always false for custom templates.", - "type": "boolean" - }, - "originalSupportedArchitectures": { - "description": "OriginalSupportedArchitectures is a comma-separated list of CPU architectures that the original\ntemplate supports.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "dataImportSchedule": { - "description": "DataImportSchedule is the cron expression that is used in for the hard-coded data import cron templates. HCO\ngenerates the value of this field once and stored in the status field, so will survive restart.", - "type": "string" - }, - "infrastructureHighlyAvailable": { - "description": "InfrastructureHighlyAvailable describes whether the cluster has only one worker node\n(false) or more (true).", - "type": "boolean" - }, - "nodeInfo": { - "description": "NodeInfo holds information about the cluster nodes", - "properties": { - "controlPlaneArchitectures": { - "description": "ControlPlaneArchitectures is a distinct list of the CPU architecture of the control-plane nodes.", - "items": { - "type": "string" - }, - "type": "array" - }, - "workloadsArchitectures": { - "description": "WorkloadsArchitectures is a distinct list of the CPU architectures of the workloads nodes in the cluster.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "observedGeneration": { - "description": "ObservedGeneration reflects the HyperConverged resource generation. If the ObservedGeneration is less than the\nresource generation in metadata, the status is out of date", - "format": "int64", - "type": "integer" - }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "systemHealthStatus": { - "description": "SystemHealthStatus reflects the health of HCO and its secondary resources, based on the aggregated conditions.", - "type": "string" - }, - "versions": { - "description": "Versions is a list of HCO component versions, as name/version pairs. The version with a name of \"operator\"\nis the HCO version itself, as described here:\nhttps://github.com/openshift/cluster-version-operator/blob/master/docs/dev/clusteroperator.md#version", - "items": { - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "hco.kubevirt.io", - "kind": "HyperConverged", - "version": "v1beta1" - } - ] - }, - "hco.kubevirt.io/v1beta1/HyperConvergedList": { - "description": "HyperConvergedList is a list of HyperConverged", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "hostpathprovisioner.kubevirt.io", + "kind": "HostPathProvisioner", + "version": "v1beta1" + } + ] + }, + "hostpathprovisioner.kubevirt.io/v1beta1/HostPathProvisionerList": { + "description": "HostPathProvisionerList is a list of HostPathProvisioner", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "items": { - "description": "List of hyperconvergeds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of hostpathprovisioners. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.hco.v1beta1.HyperConverged" + "$ref": "#/components/schemas/io.kubevirt.hostpathprovisioner.v1beta1.HostPathProvisioner" }, "type": "array" }, @@ -88721,172 +85038,467 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "hco.kubevirt.io", - "kind": "HyperConvergedList", + "group": "hostpathprovisioner.kubevirt.io", + "kind": "HostPathProvisionerList", "version": "v1beta1" } ] }, - "helm.openshift.io/v1beta1/HelmChartRepository": { - "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "image.openshift.io/v1/Image": { + "description": "Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dockerImageConfig": { + "description": "DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "dockerImageLayers": { + "description": "DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLayer" + } + ], + "default": {} + }, + "type": "array" }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", - "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.\nIt is used as a trust anchor to validate the TLS certificate presented by the remote server.\nThe key \"ca-bundle.crt\" is used to locate the data.\nIf empty, the default system roots are used.\nThe namespace for this config map is openshift-config.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the\nPEM-encoded TLS client certificate and private key to present when connecting to the server.\nThe key \"tls.crt\" is used to locate the client certificate.\nThe key \"tls.key\" is used to locate the private key.\nThe namespace for this secret is openshift-config.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "url": { - "description": "Chart repository URL", - "maxLength": 2048, - "pattern": "^https?:\\/\\/", - "type": "string" - } - }, - "type": "object" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "maxLength": 2048, - "minLength": 1, - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the cluster/namespace", - "type": "boolean" - }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "maxLength": 100, - "minLength": 1, - "type": "string" + "dockerImageManifest": { + "description": "DockerImageManifest is the raw JSON of the manifest", + "type": "string" + }, + "dockerImageManifestMediaType": { + "description": "DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", + "type": "string" + }, + "dockerImageManifests": { + "description": "DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageManifest" + } + ], + "default": {} + }, + "type": "array" + }, + "dockerImageMetadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + ], + "description": "DockerImageMetadata contains metadata about this image", + "x-kubernetes-patch-strategy": "replace" + }, + "dockerImageMetadataVersion": { + "description": "DockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", + "type": "string" + }, + "dockerImageReference": { + "description": "DockerImageReference is the string that can be used to pull this image.", + "type": "string" + }, + "dockerImageSignatures": { + "description": "DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", + "items": { + "format": "byte", + "type": "string" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "signatures": { + "description": "Signatures holds all signatures of the image.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageSignature" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "Image", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageList": { + "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of images", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageList", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageSignature": { + "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observations of a signature's current state.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "content": { + "description": "Required: An opaque binary string which is an image's signature.", + "format": "byte", + "type": "string" + }, + "created": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "If specified, it is the time of signature's creation." + }, + "imageIdentity": { + "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", + "type": "string" + }, + "issuedBy": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureIssuer" + } + ], + "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key)." + }, + "issuedTo": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureSubject" + } + ], + "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image)." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "signedClaims": { + "additionalProperties": { + "default": "", + "type": "string" }, + "description": "Contains claims from the signature.", "type": "object" }, + "type": { + "default": "", + "description": "Required: Describes a type of stored blob.", + "type": "string" + } + }, + "required": [ + "type", + "content" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageSignature", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStream": { + "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamSpec" + } + ], + "default": {}, + "description": "Spec describes the desired state of this stream" + }, "status": { - "description": "Observed status of the repository within the cluster..", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their statuses", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamStatus" + } + ], + "default": {}, + "description": "Status describes the current state of this stream" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStream", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStreamImage": { + "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "image": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + } + ], + "default": {}, + "description": "Image associated with the ImageStream and image name." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "image" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStreamImage", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStreamImport": { + "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamImportSpec" } + ], + "default": {}, + "description": "Spec is a description of the images that the user wishes to import" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamImportStatus" + } + ], + "default": {}, + "description": "Status is the result of importing the image" + } + }, + "required": [ + "spec", + "status" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStreamImport", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStreamLayers": { + "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "blobs": { + "additionalProperties": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLayerData" + } + ], + "default": {} + }, + "description": "blobs is a map of blob name to metadata about the blob.", + "type": "object" + }, + "images": { + "additionalProperties": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageBlobReferences" + } + ], + "default": {} }, + "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", "type": "object" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "spec" + "blobs", + "images" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "helm.openshift.io", - "kind": "HelmChartRepository", - "version": "v1beta1" + "group": "image.openshift.io", + "kind": "ImageStreamLayers", + "version": "v1" } ] }, - "helm.openshift.io/v1beta1/HelmChartRepositoryList": { - "description": "HelmChartRepositoryList is a list of HelmChartRepository", + "image.openshift.io/v1/ImageStreamList": { + "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -88894,9 +85506,14 @@ "type": "string" }, "items": { - "description": "List of helmchartrepositories. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "Items is a list of imageStreams", "items": { - "$ref": "#/components/schemas/io.openshift.helm.v1beta1.HelmChartRepository" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStream" + } + ], + "default": {} }, "type": "array" }, @@ -88910,7 +85527,8 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ @@ -88919,20 +85537,29 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "helm.openshift.io", - "kind": "HelmChartRepositoryList", - "version": "v1beta1" + "group": "image.openshift.io", + "kind": "ImageStreamList", + "version": "v1" } ] }, - "helm.openshift.io/v1beta1/ProjectHelmChartRepository": { - "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "image.openshift.io/v1/ImageStreamMapping": { + "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "image": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + } + ], + "default": {}, + "description": "Image is a container image." + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -88943,161 +85570,263 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", - "properties": { - "basicAuthConfig": { - "description": "basicAuthConfig is an optional reference to a secret by name that contains\nthe basic authentication credentials to present when connecting to the server.\nThe key \"username\" is used locate the username.\nThe key \"password\" is used to locate the password.\nThe namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.\nIt is used as a trust anchor to validate the TLS certificate presented by the remote server.\nThe key \"ca-bundle.crt\" is used to locate the data.\nIf empty, the default system roots are used.\nThe namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the\nPEM-encoded TLS client certificate and private key to present when connecting to the server.\nThe key \"tls.crt\" is used to locate the client certificate.\nThe key \"tls.key\" is used to locate the private key.\nThe namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "url": { - "description": "Chart repository URL", - "maxLength": 2048, - "pattern": "^https?:\\/\\/", - "type": "string" - } - }, - "type": "object" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "maxLength": 2048, - "minLength": 1, - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the namespace", - "type": "boolean" - }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "maxLength": 100, - "minLength": 1, - "type": "string" + "tag": { + "default": "", + "description": "Tag is a string value this image can be located with inside the stream.", + "type": "string" + } + }, + "required": [ + "image", + "tag" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStreamMapping", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStreamTag": { + "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "conditions": { + "description": "conditions is an array of conditions that apply to the image stream tag.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagEventCondition" + } + ], + "default": {} + }, + "type": "array" + }, + "generation": { + "default": 0, + "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", + "format": "int64", + "type": "integer" + }, + "image": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + } + ], + "default": {}, + "description": "image associated with the ImageStream and tag." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "lookupPolicy": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLookupPolicy" + } + ], + "default": {}, + "description": "lookupPolicy indicates whether this tag will handle image references in this namespace." + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "tag": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReference" + } + ], + "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream." + } + }, + "required": [ + "tag", + "generation", + "lookupPolicy", + "image" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStreamTag", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageStreamTagList": { + "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of image stream tags", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamTag" + } + ], + "default": {} }, - "type": "object" + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageStreamTagList", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageTag": { + "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "image": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + } + ], + "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReference" + } + ], + "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream." }, "status": { - "description": "Observed status of the repository within the namespace..", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their statuses", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.NamedTagEventList" } + ], + "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed." + } + }, + "required": [ + "spec", + "status", + "image" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "image.openshift.io", + "kind": "ImageTag", + "version": "v1" + } + ] + }, + "image.openshift.io/v1/ImageTagList": { + "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of image stream tags", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageTag" + } + ], + "default": {} }, - "type": "object" + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "spec" + "items" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "helm.openshift.io", - "kind": "ProjectHelmChartRepository", - "version": "v1beta1" + "group": "image.openshift.io", + "kind": "ImageTagList", + "version": "v1" } ] }, - "helm.openshift.io/v1beta1/ProjectHelmChartRepositoryList": { - "description": "ProjectHelmChartRepositoryList is a list of ProjectHelmChartRepository", + "image.openshift.io/v1/SecretList": { + "description": "SecretList is a list of Secret.", "namespaced": true, "properties": { "apiVersion": { @@ -89105,9 +85834,14 @@ "type": "string" }, "items": { - "description": "List of projecthelmchartrepositories. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", "items": { - "$ref": "#/components/schemas/io.openshift.helm.v1beta1.ProjectHelmChartRepository" + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + ], + "default": {} }, "type": "array" }, @@ -89121,6 +85855,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], + "default": {}, "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, @@ -89130,14 +85865,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "helm.openshift.io", - "kind": "ProjectHelmChartRepositoryList", - "version": "v1beta1" + "group": "image.openshift.io", + "kind": "SecretList", + "version": "v1" } ] }, - "hostpathprovisioner.kubevirt.io/v1beta1/HostPathProvisioner": { - "description": "HostPathProvisioner is the Schema for the hostpathprovisioners API", + "imageregistry.operator.openshift.io/v1/Config": { + "description": "Config is the configuration object for a registry instance managed by\nthe registry operator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -89157,558 +85892,200 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "HostPathProvisionerSpec defines the desired state of HostPathProvisioner", + "description": "ImageRegistrySpec defines the specs for the running registry.", "properties": { - "featureGates": { - "description": "FeatureGates are a list of specific enabled feature gates", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "imagePullPolicy": { - "description": "ImagePullPolicy is the container pull policy for the host path provisioner containers", - "type": "string" - }, - "pathConfig": { - "description": "PathConfig describes the location and layout of PV storage on nodes. Deprecated", + "affinity": { + "description": "affinity is a group of node affinity scheduling rules for the image registry pod(s).", "properties": { - "path": { - "description": "Path The path the directories for the PVs are created under", - "type": "string" - }, - "useNamingPrefix": { - "description": "UseNamingPrefix Use the name of the PVC requesting the PV as part of the directory created", - "type": "boolean" - } - }, - "type": "object" - }, - "storagePools": { - "description": "StoragePools are a list of storage pools", - "items": { - "description": "StoragePool defines how and where hostpath provisioner can use storage to create volumes.", - "properties": { - "name": { - "description": "Name specifies an identifier that is used in the storage class arguments to identify the source to use.", - "type": "string" - }, - "path": { - "description": "path the path to use on the host, this is a required field", - "type": "string" - }, - "pvcTemplate": { - "description": "PVCTemplate is the template of the PVC to create as the source volume", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "name", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "workload": { - "description": "Restrict on which nodes HPP workload pods will be scheduled", - "properties": { - "affinity": { - "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", @@ -89756,7 +86133,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -89764,7 +86141,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -89834,166 +86211,166 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", @@ -90041,7 +86418,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -90049,7 +86426,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "items": { "type": "string" }, @@ -90119,791 +86496,1390 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "HostPathProvisionerStatus defines the observed state of HostPathProvisioner", - "properties": { - "conditions": { - "description": "Conditions contains the current conditions observed by the operator", - "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "observedVersion": { - "description": "ObservedVersion The observed version of the HostPathProvisioner deployment", + "defaultRoute": { + "description": "defaultRoute indicates whether an external facing route for the registry\nshould be created using the default generated hostname.", + "type": "boolean" + }, + "disableRedirect": { + "description": "disableRedirect controls whether to route all data through the Registry,\nrather than redirecting to the backend.", + "type": "boolean" + }, + "httpSecret": { + "description": "httpSecret is the value needed by the registry to secure uploads, generated by default.", "type": "string" }, - "operatorVersion": { - "description": "OperatorVersion The version of the HostPathProvisioner Operator", + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], "type": "string" }, - "storagePoolStatuses": { + "logging": { + "description": "logging is deprecated, use logLevel instead.", + "format": "int64", + "type": "integer" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "nodeSelector defines the node selection constraints for the registry\npod.", + "type": "object" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "proxy": { + "description": "proxy defines the proxy to be used when calling master api, upstream\nregistries, etc.", + "properties": { + "http": { + "description": "http defines the proxy to be used by the image registry when\naccessing HTTP endpoints.", + "type": "string" + }, + "https": { + "description": "https defines the proxy to be used by the image registry when\naccessing HTTPS endpoints.", + "type": "string" + }, + "noProxy": { + "description": "noProxy defines a comma-separated list of host names that shouldn't\ngo through any proxy.", + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "description": "readOnly indicates whether the registry instance should reject attempts\nto push new images or delete existing ones.", + "type": "boolean" + }, + "replicas": { + "description": "replicas determines the number of registry instances to run.", + "format": "int32", + "type": "integer" + }, + "requests": { + "description": "requests controls how many parallel requests a given registry instance\nwill handle before queuing additional requests.", + "properties": { + "read": { + "description": "read defines limits for image registry's reads.", + "properties": { + "maxInQueue": { + "description": "maxInQueue sets the maximum queued api requests to the registry.", + "type": "integer" + }, + "maxRunning": { + "description": "maxRunning sets the maximum in flight api requests to the registry.", + "type": "integer" + }, + "maxWaitInQueue": { + "description": "maxWaitInQueue sets the maximum time a request can wait in the queue\nbefore being rejected.", + "format": "duration", + "type": "string" + } + }, + "type": "object" + }, + "write": { + "description": "write defines limits for image registry's writes.", + "properties": { + "maxInQueue": { + "description": "maxInQueue sets the maximum queued api requests to the registry.", + "type": "integer" + }, + "maxRunning": { + "description": "maxRunning sets the maximum in flight api requests to the registry.", + "type": "integer" + }, + "maxWaitInQueue": { + "description": "maxWaitInQueue sets the maximum time a request can wait in the queue\nbefore being rejected.", + "format": "duration", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resources": { + "description": "resources defines the resource requests+limits for the registry pod.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "rolloutStrategy": { + "description": "rolloutStrategy defines rollout strategy for the image registry\ndeployment.", + "pattern": "^(RollingUpdate|Recreate)$", + "type": "string" + }, + "routes": { + "description": "routes defines additional external facing routes which should be\ncreated for the registry.", "items": { - "description": "StoragePoolStatus is the status of the named storage pool", + "description": "ImageRegistryConfigRoute holds information on external route access to image\nregistry.", "properties": { - "claimStatuses": { - "description": "The status of all the claims.", - "items": { - "description": "ClaimStatus defines the storage claim status for each PVC in a storage pool", + "hostname": { + "description": "hostname for the route.", + "type": "string" + }, + "name": { + "description": "name of the route to be created.", + "type": "string" + }, + "secretName": { + "description": "secretName points to secret containing the certificates to be used\nby the route.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "storage": { + "description": "storage details for configuring registry storage, e.g. S3 bucket\ncoordinates.", + "properties": { + "azure": { + "description": "azure represents configuration that uses Azure Blob Storage.", + "properties": { + "accountName": { + "description": "accountName defines the account to be used by the registry.", + "type": "string" + }, + "cloudName": { + "description": "cloudName is the name of the Azure cloud environment to be used by the\nregistry. If empty, the operator will set it based on the infrastructure\nobject.", + "type": "string" + }, + "container": { + "description": "container defines Azure's container to be used by registry.", + "maxLength": 63, + "minLength": 3, + "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", + "type": "string" + }, + "networkAccess": { + "default": { + "type": "External" + }, + "description": "networkAccess defines the network access properties for the storage account.\nDefaults to type: External.", "properties": { - "name": { - "description": "Name of the PersistentVolumeClaim", - "type": "string" - }, - "status": { - "description": "Status of the PersistentVolumeClaim", + "internal": { + "description": "internal defines the vnet and subnet names to configure a private\nendpoint and connect it to the storage account in order to make it\nprivate.\nwhen type: Internal and internal is unset, the image registry operator\nwill discover vnet and subnet names, and generate a private endpoint\nname.", "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" - }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", - "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "PersistentVolumeClaimConditionType defines the condition of PV claim.\nValid values are:\n - \"Resizing\", \"FileSystemResizePending\"\n\nIf RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:\n - \"ControllerResizeError\", \"NodeResizeError\"\n\nIf VolumeAttributesClass feature gate is enabled, then following additional values can be expected:\n - \"ModifyVolumeError\", \"ModifyingVolume\"", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "networkResourceGroupName": { + "description": "networkResourceGroupName is the resource group name where the cluster's vnet\nand subnet are. When omitted, the registry operator will use the cluster\nresource group (from in the infrastructure status).\nIf you set a networkResourceGroupName on your install-config.yaml, that\nvalue will be used automatically (for clusters configured with publish:Internal).\nNote that both vnet and subnet must be in the same resource group.\nIt must be between 1 and 90 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_), and\nnot end with a period.", + "maxLength": 90, + "minLength": 1, + "pattern": "^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$", + "type": "string" }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "privateEndpointName": { + "description": "privateEndpointName is the name of the private endpoint for the registry.\nWhen provided, the registry will use it as the name of the private endpoint\nit will create for the storage account. When omitted, the registry will\ngenerate one.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", + "maxLength": 64, + "minLength": 2, + "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", "type": "string" }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" + "subnetName": { + "description": "subnetName is the name of the subnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource, then using one of listed subnets.\nAdvanced cluster network configurations that use network security groups\nto protect subnets should ensure the provided subnetName has access to\nAzure Storage service.\nIt must be between 1 and 80 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).", + "maxLength": 80, + "minLength": 1, + "pattern": "^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$", + "type": "string" }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", + "vnetName": { + "description": "vnetName is the name of the vnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource. This tag is set automatically by the installer.\nCommonly, this will be the same vnet as the cluster.\nAdvanced cluster network configurations should ensure the provided vnetName\nis the vnet of the nodes where the image registry pods are running from.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", + "maxLength": 64, + "minLength": 2, + "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", + "type": "string" + } + }, + "type": "object" + }, + "type": { + "default": "External", + "description": "type is the network access level to be used for the storage account.\ntype: Internal means the storage account will be private, type: External\nmeans the storage account will be publicly accessible.\nInternal storage accounts are only exposed within the cluster's vnet.\nExternal storage accounts are publicly exposed on the internet.\nWhen type: Internal is used, a vnetName, subNetName and privateEndpointName\nmay optionally be specified. If unspecificed, the image registry operator\nwill discover vnet and subnet names, and generate a privateEndpointName.\nDefaults to \"External\".", + "enum": [ + "Internal", + "External" + ], + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "internal is forbidden when type is not Internal", + "rule": "has(self.type) && self.type == 'Internal' ? true : !has(self.internal)" + } + ] + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents ephemeral storage on the pod's host node.\nWARNING: this storage cannot be used with more than 1 replica and\nis not suitable for production use. When the pod is removed from a\nnode for any reason, the data in the emptyDir is deleted forever.", + "type": "object" + }, + "gcs": { + "description": "gcs represents configuration that uses Google Cloud Storage.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "keyID": { + "description": "keyID is the KMS key ID to use for encryption.\nOptional, buckets are encrypted by default on GCP.\nThis allows for the use of a custom encryption key.", + "type": "string" + }, + "projectID": { + "description": "projectID is the Project ID of the GCP project that this bucket should\nbe associated with.", + "type": "string" + }, + "region": { + "description": "region is the GCS location in which your bucket exists.\nOptional, will be set based on the installed GCS Region.", + "type": "string" + } + }, + "type": "object" + }, + "ibmcos": { + "description": "ibmcos represents configuration that uses IBM Cloud Object Storage.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "location": { + "description": "location is the IBM Cloud location in which your bucket exists.\nOptional, will be set based on the installed IBM Cloud location.", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the name of the IBM Cloud resource group that this\nbucket and its service instance is associated with.\nOptional, will be set based on the installed IBM Cloud resource group.", + "type": "string" + }, + "resourceKeyCRN": { + "description": "resourceKeyCRN is the CRN of the IBM Cloud resource key that is created\nfor the service instance. Commonly referred as a service credential and\nmust contain HMAC type credentials.\nOptional, will be computed if not provided.", + "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$", + "type": "string" + }, + "serviceInstanceCRN": { + "description": "serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service\ninstance that this bucket is associated with.\nOptional, will be computed if not provided.", + "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$", + "type": "string" + } + }, + "type": "object" + }, + "managementState": { + "description": "managementState indicates if the operator manages the underlying\nstorage unit. If Managed the operator will remove the storage when\nthis operator gets Removed.", + "pattern": "^(Managed|Unmanaged)$", + "type": "string" + }, + "oss": { + "description": "Oss represents configuration that uses Alibaba Cloud Object Storage Service.", + "properties": { + "bucket": { + "description": "Bucket is the bucket name in which you want to store the registry's data.\nAbout Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm)\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be autogenerated in the form of -image-registry--", + "maxLength": 63, + "minLength": 3, + "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", + "type": "string" + }, + "encryption": { + "anyOf": [ + { + "not": { + "required": [ + "kms" + ] + }, + "properties": { + "method": { + "not": { + "enum": [ + "KMS" + ] + } + } + } + }, + { + "properties": { + "method": { + "enum": [ + "KMS" + ] + } + }, + "required": [ + "kms" + ] + } + ], + "description": "Encryption specifies whether you would like your data encrypted on the server side.\nMore details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)", + "properties": { + "kms": { + "description": "KMS (key management service) is an encryption type that holds the struct for KMS KeyID", + "properties": { + "keyID": { + "description": "KeyID holds the KMS encryption key ID", + "minLength": 1, "type": "string" } }, + "required": [ + "keyID" + ], "type": "object" + }, + "method": { + "default": "AES256", + "description": "Method defines the different encrytion modes available\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `AES256`.", + "enum": [ + "KMS", + "AES256" + ], + "type": "string" + } + }, + "type": "object" + }, + "endpointAccessibility": { + "default": "Internal", + "description": "EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `Internal`.", + "enum": [ + "Internal", + "Public", + "" + ], + "type": "string" + }, + "region": { + "description": "Region is the Alibaba Cloud Region in which your bucket exists.\nFor a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html).\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be based on the installed Alibaba Cloud Region.", + "type": "string" + } + }, + "type": "object" + }, + "pvc": { + "description": "pvc represents configuration that uses a PersistentVolumeClaim.", + "properties": { + "claim": { + "description": "claim defines the Persisent Volume Claim's name to be used.", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "s3 represents configuration that uses Amazon Simple Storage Service.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "chunkSizeMiB": { + "description": "chunkSizeMiB defines the size of the multipart upload chunks of the S3 API.\nThe S3 API requires multipart upload chunks to be at least 5MiB.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default value is 10 MiB.\nThe value is an integer number of MiB.\nThe minimum value is 5 and the maximum value is 5120 (5 GiB).", + "format": "int32", + "maximum": 5120, + "minimum": 5, + "type": "integer" + }, + "cloudFront": { + "description": "cloudFront configures Amazon Cloudfront as the storage middleware in a\nregistry.", + "properties": { + "baseURL": { + "description": "baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.", + "type": "string" + }, + "duration": { + "description": "duration is the duration of the Cloudfront session.", + "format": "duration", + "type": "string" + }, + "keypairID": { + "description": "keypairID is key pair ID provided by AWS.", + "type": "string" + }, + "privateKey": { + "description": "privateKey points to secret containing the private key, provided by AWS.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ - "name", - "status" + "baseURL", + "keypairID", + "privateKey" ], "type": "object" }, + "encrypt": { + "description": "encrypt specifies whether the registry stores the image in encrypted\nformat or not.\nOptional, defaults to false.", + "type": "boolean" + }, + "keyID": { + "description": "keyID is the KMS key ID to use for encryption.\nOptional, Encrypt must be true, or this parameter is ignored.", + "type": "string" + }, + "region": { + "description": "region is the AWS region in which your bucket exists.\nOptional, will be set based on the installed AWS Region.", + "type": "string" + }, + "regionEndpoint": { + "description": "regionEndpoint is the endpoint for S3 compatible storage services.\nIt should be a valid URL with scheme, e.g. https://s3.example.com.\nOptional, defaults based on the Region that is provided.", + "type": "string" + }, + "trustedCA": { + "description": "trustedCA is a reference to a config map containing a CA bundle. The\nimage registry and its operator use certificates from this bundle to\nverify S3 server certificates.\n\nThe namespace for the config map referenced by trustedCA is\n\"openshift-config\". The key for the bundle in the config map is\n\"ca-bundle.crt\".", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map.\nThis field must adhere to standard config map naming restrictions.\nThe name must consist solely of alphanumeric characters, hyphens (-)\nand periods (.). It has a maximum length of 253 characters.\nIf this field is not specified or is empty string, the default trust\nbundle will be used.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "virtualHostedStyle": { + "description": "virtualHostedStyle enables using S3 virtual hosted style bucket paths with\na custom RegionEndpoint\nOptional, defaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "swift": { + "description": "swift represents configuration that uses OpenStack Object Storage.", + "properties": { + "authURL": { + "description": "authURL defines the URL for obtaining an authentication token.", + "type": "string" + }, + "authVersion": { + "description": "authVersion specifies the OpenStack Auth's version.", + "type": "string" + }, + "container": { + "description": "container defines the name of Swift container where to store the\nregistry's data.", + "type": "string" + }, + "domain": { + "description": "domain specifies Openstack's domain name for Identity v3 API.", + "type": "string" + }, + "domainID": { + "description": "domainID specifies Openstack's domain id for Identity v3 API.", + "type": "string" + }, + "regionName": { + "description": "regionName defines Openstack's region in which container exists.", + "type": "string" + }, + "tenant": { + "description": "tenant defines Openstack tenant name to be used by registry.", + "type": "string" + }, + "tenantID": { + "description": "tenant defines Openstack tenant id to be used by registry.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "tolerations": { + "description": "tolerations defines the tolerations for the registry pod.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints specify how to spread matching pods among the given topology.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "currentReady": { - "description": "CurrentReady is the number of currently ready replicasets.", + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", "type": "integer" }, - "desiredReady": { - "description": "DesiredReady is the number of desired ready replicasets.", + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", "type": "integer" }, - "name": { - "description": "Name is the name of the storage pool", + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, - "phase": { - "description": "StoragePoolPhase indicates which phase the storage pool is in.", + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", "type": "string" } }, "required": [ - "name", - "phase" + "maxSkew", + "topologyKey", + "whenUnsatisfiable" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "targetVersion": { - "description": "TargetVersion The targeted version of the HostPathProvisioner deployment", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } }, + "required": [ + "replicas" + ], "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "hostpathprovisioner.kubevirt.io", - "kind": "HostPathProvisioner", - "version": "v1beta1" - } - ] - }, - "hostpathprovisioner.kubevirt.io/v1beta1/HostPathProvisionerList": { - "description": "HostPathProvisionerList is a list of HostPathProvisioner", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hostpathprovisioners. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.hostpathprovisioner.v1beta1.HostPathProvisioner" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "hostpathprovisioner.kubevirt.io", - "kind": "HostPathProvisionerList", - "version": "v1beta1" - } - ] - }, - "image.openshift.io/v1/Image": { - "description": "Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "dockerImageConfig": { - "description": "DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", - "type": "string" - }, - "dockerImageLayers": { - "description": "DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLayer" - } - ], - "default": {} - }, - "type": "array" - }, - "dockerImageManifest": { - "description": "DockerImageManifest is the raw JSON of the manifest", - "type": "string" - }, - "dockerImageManifestMediaType": { - "description": "DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", - "type": "string" - }, - "dockerImageManifests": { - "description": "DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageManifest" - } - ], - "default": {} - }, - "type": "array" - }, - "dockerImageMetadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - ], - "description": "DockerImageMetadata contains metadata about this image", - "x-kubernetes-patch-strategy": "replace" - }, - "dockerImageMetadataVersion": { - "description": "DockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", - "type": "string" - }, - "dockerImageReference": { - "description": "DockerImageReference is the string that can be used to pull this image.", - "type": "string" - }, - "dockerImageSignatures": { - "description": "DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", - "items": { - "format": "byte", - "type": "string" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "signatures": { - "description": "Signatures holds all signatures of the image.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageSignature" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "Image", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageList": { - "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of images", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageList", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageSignature": { - "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "conditions": { - "description": "Conditions represent the latest available observations of a signature's current state.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureCondition" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "content": { - "description": "Required: An opaque binary string which is an image's signature.", - "format": "byte", - "type": "string" - }, - "created": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "If specified, it is the time of signature's creation." - }, - "imageIdentity": { - "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", - "type": "string" - }, - "issuedBy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureIssuer" - } - ], - "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key)." - }, - "issuedTo": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.SignatureSubject" - } - ], - "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image)." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "signedClaims": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "Contains claims from the signature.", - "type": "object" - }, - "type": { - "default": "", - "description": "Required: Describes a type of stored blob.", - "type": "string" - } - }, - "required": [ - "type", - "content" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageSignature", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStream": { - "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamSpec" - } - ], - "default": {}, - "description": "Spec describes the desired state of this stream" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamStatus" - } - ], - "default": {}, - "description": "Status describes the current state of this stream" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStream", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStreamImage": { - "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "image": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "default": {}, - "description": "Image associated with the ImageStream and image name." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "image" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStreamImage", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStreamImport": { - "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamImportSpec" - } - ], - "default": {}, - "description": "Spec is a description of the images that the user wishes to import" }, "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamImportStatus" + "description": "ImageRegistryStatus reports image registry operational status.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "storage": { + "description": "storage indicates the current applied storage configuration of the\nregistry.", + "properties": { + "azure": { + "description": "azure represents configuration that uses Azure Blob Storage.", + "properties": { + "accountName": { + "description": "accountName defines the account to be used by the registry.", + "type": "string" + }, + "cloudName": { + "description": "cloudName is the name of the Azure cloud environment to be used by the\nregistry. If empty, the operator will set it based on the infrastructure\nobject.", + "type": "string" + }, + "container": { + "description": "container defines Azure's container to be used by registry.", + "maxLength": 63, + "minLength": 3, + "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", + "type": "string" + }, + "networkAccess": { + "default": { + "type": "External" + }, + "description": "networkAccess defines the network access properties for the storage account.\nDefaults to type: External.", + "properties": { + "internal": { + "description": "internal defines the vnet and subnet names to configure a private\nendpoint and connect it to the storage account in order to make it\nprivate.\nwhen type: Internal and internal is unset, the image registry operator\nwill discover vnet and subnet names, and generate a private endpoint\nname.", + "properties": { + "networkResourceGroupName": { + "description": "networkResourceGroupName is the resource group name where the cluster's vnet\nand subnet are. When omitted, the registry operator will use the cluster\nresource group (from in the infrastructure status).\nIf you set a networkResourceGroupName on your install-config.yaml, that\nvalue will be used automatically (for clusters configured with publish:Internal).\nNote that both vnet and subnet must be in the same resource group.\nIt must be between 1 and 90 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_), and\nnot end with a period.", + "maxLength": 90, + "minLength": 1, + "pattern": "^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$", + "type": "string" + }, + "privateEndpointName": { + "description": "privateEndpointName is the name of the private endpoint for the registry.\nWhen provided, the registry will use it as the name of the private endpoint\nit will create for the storage account. When omitted, the registry will\ngenerate one.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", + "maxLength": 64, + "minLength": 2, + "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", + "type": "string" + }, + "subnetName": { + "description": "subnetName is the name of the subnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource, then using one of listed subnets.\nAdvanced cluster network configurations that use network security groups\nto protect subnets should ensure the provided subnetName has access to\nAzure Storage service.\nIt must be between 1 and 80 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).", + "maxLength": 80, + "minLength": 1, + "pattern": "^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$", + "type": "string" + }, + "vnetName": { + "description": "vnetName is the name of the vnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource. This tag is set automatically by the installer.\nCommonly, this will be the same vnet as the cluster.\nAdvanced cluster network configurations should ensure the provided vnetName\nis the vnet of the nodes where the image registry pods are running from.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", + "maxLength": 64, + "minLength": 2, + "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", + "type": "string" + } + }, + "type": "object" + }, + "type": { + "default": "External", + "description": "type is the network access level to be used for the storage account.\ntype: Internal means the storage account will be private, type: External\nmeans the storage account will be publicly accessible.\nInternal storage accounts are only exposed within the cluster's vnet.\nExternal storage accounts are publicly exposed on the internet.\nWhen type: Internal is used, a vnetName, subNetName and privateEndpointName\nmay optionally be specified. If unspecificed, the image registry operator\nwill discover vnet and subnet names, and generate a privateEndpointName.\nDefaults to \"External\".", + "enum": [ + "Internal", + "External" + ], + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "internal is forbidden when type is not Internal", + "rule": "has(self.type) && self.type == 'Internal' ? true : !has(self.internal)" + } + ] + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents ephemeral storage on the pod's host node.\nWARNING: this storage cannot be used with more than 1 replica and\nis not suitable for production use. When the pod is removed from a\nnode for any reason, the data in the emptyDir is deleted forever.", + "type": "object" + }, + "gcs": { + "description": "gcs represents configuration that uses Google Cloud Storage.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "keyID": { + "description": "keyID is the KMS key ID to use for encryption.\nOptional, buckets are encrypted by default on GCP.\nThis allows for the use of a custom encryption key.", + "type": "string" + }, + "projectID": { + "description": "projectID is the Project ID of the GCP project that this bucket should\nbe associated with.", + "type": "string" + }, + "region": { + "description": "region is the GCS location in which your bucket exists.\nOptional, will be set based on the installed GCS Region.", + "type": "string" + } + }, + "type": "object" + }, + "ibmcos": { + "description": "ibmcos represents configuration that uses IBM Cloud Object Storage.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "location": { + "description": "location is the IBM Cloud location in which your bucket exists.\nOptional, will be set based on the installed IBM Cloud location.", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the name of the IBM Cloud resource group that this\nbucket and its service instance is associated with.\nOptional, will be set based on the installed IBM Cloud resource group.", + "type": "string" + }, + "resourceKeyCRN": { + "description": "resourceKeyCRN is the CRN of the IBM Cloud resource key that is created\nfor the service instance. Commonly referred as a service credential and\nmust contain HMAC type credentials.\nOptional, will be computed if not provided.", + "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$", + "type": "string" + }, + "serviceInstanceCRN": { + "description": "serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service\ninstance that this bucket is associated with.\nOptional, will be computed if not provided.", + "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$", + "type": "string" + } + }, + "type": "object" + }, + "managementState": { + "description": "managementState indicates if the operator manages the underlying\nstorage unit. If Managed the operator will remove the storage when\nthis operator gets Removed.", + "pattern": "^(Managed|Unmanaged)$", + "type": "string" + }, + "oss": { + "description": "Oss represents configuration that uses Alibaba Cloud Object Storage Service.", + "properties": { + "bucket": { + "description": "Bucket is the bucket name in which you want to store the registry's data.\nAbout Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm)\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be autogenerated in the form of -image-registry--", + "maxLength": 63, + "minLength": 3, + "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", + "type": "string" + }, + "encryption": { + "description": "Encryption specifies whether you would like your data encrypted on the server side.\nMore details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)", + "properties": { + "kms": { + "description": "KMS (key management service) is an encryption type that holds the struct for KMS KeyID", + "properties": { + "keyID": { + "description": "KeyID holds the KMS encryption key ID", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "keyID" + ], + "type": "object" + }, + "method": { + "default": "AES256", + "description": "Method defines the different encrytion modes available\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `AES256`.", + "enum": [ + "KMS", + "AES256" + ], + "type": "string" + } + }, + "type": "object" + }, + "endpointAccessibility": { + "default": "Internal", + "description": "EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `Internal`.", + "enum": [ + "Internal", + "Public", + "" + ], + "type": "string" + }, + "region": { + "description": "Region is the Alibaba Cloud Region in which your bucket exists.\nFor a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html).\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be based on the installed Alibaba Cloud Region.", + "type": "string" + } + }, + "type": "object" + }, + "pvc": { + "description": "pvc represents configuration that uses a PersistentVolumeClaim.", + "properties": { + "claim": { + "description": "claim defines the Persisent Volume Claim's name to be used.", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "s3 represents configuration that uses Amazon Simple Storage Service.", + "properties": { + "bucket": { + "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", + "type": "string" + }, + "chunkSizeMiB": { + "description": "chunkSizeMiB defines the size of the multipart upload chunks of the S3 API.\nThe S3 API requires multipart upload chunks to be at least 5MiB.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default value is 10 MiB.\nThe value is an integer number of MiB.\nThe minimum value is 5 and the maximum value is 5120 (5 GiB).", + "format": "int32", + "maximum": 5120, + "minimum": 5, + "type": "integer" + }, + "cloudFront": { + "description": "cloudFront configures Amazon Cloudfront as the storage middleware in a\nregistry.", + "properties": { + "baseURL": { + "description": "baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.", + "type": "string" + }, + "duration": { + "description": "duration is the duration of the Cloudfront session.", + "format": "duration", + "type": "string" + }, + "keypairID": { + "description": "keypairID is key pair ID provided by AWS.", + "type": "string" + }, + "privateKey": { + "description": "privateKey points to secret containing the private key, provided by AWS.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "baseURL", + "keypairID", + "privateKey" + ], + "type": "object" + }, + "encrypt": { + "description": "encrypt specifies whether the registry stores the image in encrypted\nformat or not.\nOptional, defaults to false.", + "type": "boolean" + }, + "keyID": { + "description": "keyID is the KMS key ID to use for encryption.\nOptional, Encrypt must be true, or this parameter is ignored.", + "type": "string" + }, + "region": { + "description": "region is the AWS region in which your bucket exists.\nOptional, will be set based on the installed AWS Region.", + "type": "string" + }, + "regionEndpoint": { + "description": "regionEndpoint is the endpoint for S3 compatible storage services.\nIt should be a valid URL with scheme, e.g. https://s3.example.com.\nOptional, defaults based on the Region that is provided.", + "type": "string" + }, + "trustedCA": { + "description": "trustedCA is a reference to a config map containing a CA bundle. The\nimage registry and its operator use certificates from this bundle to\nverify S3 server certificates.\n\nThe namespace for the config map referenced by trustedCA is\n\"openshift-config\". The key for the bundle in the config map is\n\"ca-bundle.crt\".", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map.\nThis field must adhere to standard config map naming restrictions.\nThe name must consist solely of alphanumeric characters, hyphens (-)\nand periods (.). It has a maximum length of 253 characters.\nIf this field is not specified or is empty string, the default trust\nbundle will be used.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "virtualHostedStyle": { + "description": "virtualHostedStyle enables using S3 virtual hosted style bucket paths with\na custom RegionEndpoint\nOptional, defaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "swift": { + "description": "swift represents configuration that uses OpenStack Object Storage.", + "properties": { + "authURL": { + "description": "authURL defines the URL for obtaining an authentication token.", + "type": "string" + }, + "authVersion": { + "description": "authVersion specifies the OpenStack Auth's version.", + "type": "string" + }, + "container": { + "description": "container defines the name of Swift container where to store the\nregistry's data.", + "type": "string" + }, + "domain": { + "description": "domain specifies Openstack's domain name for Identity v3 API.", + "type": "string" + }, + "domainID": { + "description": "domainID specifies Openstack's domain id for Identity v3 API.", + "type": "string" + }, + "regionName": { + "description": "regionName defines Openstack's region in which container exists.", + "type": "string" + }, + "tenant": { + "description": "tenant defines Openstack tenant name to be used by registry.", + "type": "string" + }, + "tenantID": { + "description": "tenant defines Openstack tenant id to be used by registry.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "storageManaged": { + "description": "storageManaged is deprecated, please refer to Storage.managementState", + "type": "boolean" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } - ], - "default": {}, - "description": "Status is the result of importing the image" - } - }, - "required": [ - "spec", - "status" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStreamImport", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStreamLayers": { - "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "blobs": { - "additionalProperties": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLayerData" - } - ], - "default": {} - }, - "description": "blobs is a map of blob name to metadata about the blob.", - "type": "object" - }, - "images": { - "additionalProperties": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageBlobReferences" - } - ], - "default": {} }, - "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", - "type": "object" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } + "required": [ + "storage", + "storageManaged" ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "type": "object" } }, "required": [ - "blobs", - "images" + "metadata", + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "image.openshift.io", - "kind": "ImageStreamLayers", + "group": "imageregistry.operator.openshift.io", + "kind": "Config", "version": "v1" } ] }, - "image.openshift.io/v1/ImageStreamList": { - "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "imageregistry.operator.openshift.io/v1/ConfigList": { + "description": "ConfigList is a list of Config", "namespaced": true, "properties": { "apiVersion": { @@ -90911,14 +87887,9 @@ "type": "string" }, "items": { - "description": "Items is a list of imageStreams", + "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStream" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.operator.imageregistry.v1.Config" }, "type": "array" }, @@ -90932,8 +87903,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -90942,29 +87912,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "image.openshift.io", - "kind": "ImageStreamList", + "group": "imageregistry.operator.openshift.io", + "kind": "ConfigList", "version": "v1" } ] }, - "image.openshift.io/v1/ImageStreamMapping": { - "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, + "imageregistry.operator.openshift.io/v1/ImagePruner": { + "description": "ImagePruner is the configuration object for an image registry pruner\nmanaged by the registry operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "image": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "default": {}, - "description": "Image is a container image." - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -90975,332 +87936,13 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "tag": { - "default": "", - "description": "Tag is a string value this image can be located with inside the stream.", - "type": "string" - } - }, - "required": [ - "image", - "tag" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStreamMapping", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStreamTag": { - "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "conditions": { - "description": "conditions is an array of conditions that apply to the image stream tag.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagEventCondition" - } - ], - "default": {} - }, - "type": "array" - }, - "generation": { - "default": 0, - "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", - "format": "int64", - "type": "integer" - }, - "image": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "default": {}, - "description": "image associated with the ImageStream and tag." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "lookupPolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLookupPolicy" - } - ], - "default": {}, - "description": "lookupPolicy indicates whether this tag will handle image references in this namespace." - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "tag": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReference" - } - ], - "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream." - } - }, - "required": [ - "tag", - "generation", - "lookupPolicy", - "image" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStreamTag", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageStreamTagList": { - "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of image stream tags", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStreamTag" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageStreamTagList", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageTag": { - "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "image": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReference" - } - ], - "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.NamedTagEventList" - } - ], - "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed." - } - }, - "required": [ - "spec", - "status", - "image" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageTag", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/ImageTagList": { - "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of image stream tags", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageTag" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "ImageTagList", - "version": "v1" - } - ] - }, - "image.openshift.io/v1/SecretList": { - "description": "SecretList is a list of Secret.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "image.openshift.io", - "kind": "SecretList", - "version": "v1" - } - ] - }, - "imageregistry.operator.openshift.io/v1/Config": { - "description": "Config is the configuration object for a registry instance managed by\nthe registry operator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ImageRegistrySpec defines the specs for the running registry.", + "description": "ImagePrunerSpec defines the specs for the running image pruner.", "properties": { "affinity": { - "description": "affinity is a group of node affinity scheduling rules for the image registry pod(s).", + "description": "affinity is a group of node affinity scheduling rules for the image pruner pod.", "properties": { "nodeAffinity": { "description": "Describes node affinity scheduling rules for the pod.", @@ -92054,56 +88696,32 @@ }, "type": "object" }, - "defaultRoute": { - "description": "defaultRoute indicates whether an external facing route for the registry\nshould be created using the default generated hostname.", - "type": "boolean" + "failedJobsHistoryLimit": { + "description": "failedJobsHistoryLimit specifies how many failed image pruner jobs to retain.\nDefaults to 3 if not set.", + "format": "int32", + "type": "integer" }, - "disableRedirect": { - "description": "disableRedirect controls whether to route all data through the Registry,\nrather than redirecting to the backend.", + "ignoreInvalidImageReferences": { + "description": "ignoreInvalidImageReferences indicates whether the pruner can ignore\nerrors while parsing image references.", "type": "boolean" }, - "httpSecret": { - "description": "httpSecret is the value needed by the registry to secure uploads, generated by default.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" + "keepTagRevisions": { + "description": "keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved.\nDefaults to 3.", + "type": "integer" }, - "logging": { - "description": "logging is deprecated, use logLevel instead.", + "keepYoungerThan": { + "description": "keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning.\nDEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.", "format": "int64", "type": "integer" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "keepYoungerThanDuration": { + "description": "keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning.\nDefaults to 60m (60 minutes).", + "format": "duration", "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector defines the node selection constraints for the registry\npod.", - "type": "object" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { + "logLevel": { "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "description": "logLevel sets the level of log output for the pruner job.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", "enum": [ "", "Normal", @@ -92113,80 +88731,15 @@ ], "type": "string" }, - "proxy": { - "description": "proxy defines the proxy to be used when calling master api, upstream\nregistries, etc.", - "properties": { - "http": { - "description": "http defines the proxy to be used by the image registry when\naccessing HTTP endpoints.", - "type": "string" - }, - "https": { - "description": "https defines the proxy to be used by the image registry when\naccessing HTTPS endpoints.", - "type": "string" - }, - "noProxy": { - "description": "noProxy defines a comma-separated list of host names that shouldn't\ngo through any proxy.", - "type": "string" - } + "nodeSelector": { + "additionalProperties": { + "type": "string" }, + "description": "nodeSelector defines the node selection constraints for the image pruner pod.", "type": "object" }, - "readOnly": { - "description": "readOnly indicates whether the registry instance should reject attempts\nto push new images or delete existing ones.", - "type": "boolean" - }, - "replicas": { - "description": "replicas determines the number of registry instances to run.", - "format": "int32", - "type": "integer" - }, - "requests": { - "description": "requests controls how many parallel requests a given registry instance\nwill handle before queuing additional requests.", - "properties": { - "read": { - "description": "read defines limits for image registry's reads.", - "properties": { - "maxInQueue": { - "description": "maxInQueue sets the maximum queued api requests to the registry.", - "type": "integer" - }, - "maxRunning": { - "description": "maxRunning sets the maximum in flight api requests to the registry.", - "type": "integer" - }, - "maxWaitInQueue": { - "description": "maxWaitInQueue sets the maximum time a request can wait in the queue\nbefore being rejected.", - "format": "duration", - "type": "string" - } - }, - "type": "object" - }, - "write": { - "description": "write defines limits for image registry's writes.", - "properties": { - "maxInQueue": { - "description": "maxInQueue sets the maximum queued api requests to the registry.", - "type": "integer" - }, - "maxRunning": { - "description": "maxRunning sets the maximum in flight api requests to the registry.", - "type": "integer" - }, - "maxWaitInQueue": { - "description": "maxWaitInQueue sets the maximum time a request can wait in the queue\nbefore being rejected.", - "format": "duration", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, "resources": { - "description": "resources defines the resource requests+limits for the registry pod.", + "description": "resources defines the resource requests and limits for the image pruner pod.", "properties": { "claims": { "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", @@ -92246,416 +88799,23 @@ "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "rolloutStrategy": { - "description": "rolloutStrategy defines rollout strategy for the image registry\ndeployment.", - "pattern": "^(RollingUpdate|Recreate)$", + "schedule": { + "description": "schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron.\nDefaults to `0 0 * * *`.", "type": "string" }, - "routes": { - "description": "routes defines additional external facing routes which should be\ncreated for the registry.", - "items": { - "description": "ImageRegistryConfigRoute holds information on external route access to image\nregistry.", - "properties": { - "hostname": { - "description": "hostname for the route.", - "type": "string" - }, - "name": { - "description": "name of the route to be created.", - "type": "string" - }, - "secretName": { - "description": "secretName points to secret containing the certificates to be used\nby the route.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "successfulJobsHistoryLimit": { + "description": "successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain.\nDefaults to 3 if not set.", + "format": "int32", + "type": "integer" }, - "storage": { - "description": "storage details for configuring registry storage, e.g. S3 bucket\ncoordinates.", - "properties": { - "azure": { - "description": "azure represents configuration that uses Azure Blob Storage.", - "properties": { - "accountName": { - "description": "accountName defines the account to be used by the registry.", - "type": "string" - }, - "cloudName": { - "description": "cloudName is the name of the Azure cloud environment to be used by the\nregistry. If empty, the operator will set it based on the infrastructure\nobject.", - "type": "string" - }, - "container": { - "description": "container defines Azure's container to be used by registry.", - "maxLength": 63, - "minLength": 3, - "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", - "type": "string" - }, - "networkAccess": { - "default": { - "type": "External" - }, - "description": "networkAccess defines the network access properties for the storage account.\nDefaults to type: External.", - "properties": { - "internal": { - "description": "internal defines the vnet and subnet names to configure a private\nendpoint and connect it to the storage account in order to make it\nprivate.\nwhen type: Internal and internal is unset, the image registry operator\nwill discover vnet and subnet names, and generate a private endpoint\nname.", - "properties": { - "networkResourceGroupName": { - "description": "networkResourceGroupName is the resource group name where the cluster's vnet\nand subnet are. When omitted, the registry operator will use the cluster\nresource group (from in the infrastructure status).\nIf you set a networkResourceGroupName on your install-config.yaml, that\nvalue will be used automatically (for clusters configured with publish:Internal).\nNote that both vnet and subnet must be in the same resource group.\nIt must be between 1 and 90 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_), and\nnot end with a period.", - "maxLength": 90, - "minLength": 1, - "pattern": "^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$", - "type": "string" - }, - "privateEndpointName": { - "description": "privateEndpointName is the name of the private endpoint for the registry.\nWhen provided, the registry will use it as the name of the private endpoint\nit will create for the storage account. When omitted, the registry will\ngenerate one.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", - "maxLength": 64, - "minLength": 2, - "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", - "type": "string" - }, - "subnetName": { - "description": "subnetName is the name of the subnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource, then using one of listed subnets.\nAdvanced cluster network configurations that use network security groups\nto protect subnets should ensure the provided subnetName has access to\nAzure Storage service.\nIt must be between 1 and 80 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).", - "maxLength": 80, - "minLength": 1, - "pattern": "^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$", - "type": "string" - }, - "vnetName": { - "description": "vnetName is the name of the vnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource. This tag is set automatically by the installer.\nCommonly, this will be the same vnet as the cluster.\nAdvanced cluster network configurations should ensure the provided vnetName\nis the vnet of the nodes where the image registry pods are running from.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", - "maxLength": 64, - "minLength": 2, - "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", - "type": "string" - } - }, - "type": "object" - }, - "type": { - "default": "External", - "description": "type is the network access level to be used for the storage account.\ntype: Internal means the storage account will be private, type: External\nmeans the storage account will be publicly accessible.\nInternal storage accounts are only exposed within the cluster's vnet.\nExternal storage accounts are publicly exposed on the internet.\nWhen type: Internal is used, a vnetName, subNetName and privateEndpointName\nmay optionally be specified. If unspecificed, the image registry operator\nwill discover vnet and subnet names, and generate a privateEndpointName.\nDefaults to \"External\".", - "enum": [ - "Internal", - "External" - ], - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "internal is forbidden when type is not Internal", - "rule": "has(self.type) && self.type == 'Internal' ? true : !has(self.internal)" - } - ] - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents ephemeral storage on the pod's host node.\nWARNING: this storage cannot be used with more than 1 replica and\nis not suitable for production use. When the pod is removed from a\nnode for any reason, the data in the emptyDir is deleted forever.", - "type": "object" - }, - "gcs": { - "description": "gcs represents configuration that uses Google Cloud Storage.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "keyID": { - "description": "keyID is the KMS key ID to use for encryption.\nOptional, buckets are encrypted by default on GCP.\nThis allows for the use of a custom encryption key.", - "type": "string" - }, - "projectID": { - "description": "projectID is the Project ID of the GCP project that this bucket should\nbe associated with.", - "type": "string" - }, - "region": { - "description": "region is the GCS location in which your bucket exists.\nOptional, will be set based on the installed GCS Region.", - "type": "string" - } - }, - "type": "object" - }, - "ibmcos": { - "description": "ibmcos represents configuration that uses IBM Cloud Object Storage.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "location": { - "description": "location is the IBM Cloud location in which your bucket exists.\nOptional, will be set based on the installed IBM Cloud location.", - "type": "string" - }, - "resourceGroupName": { - "description": "resourceGroupName is the name of the IBM Cloud resource group that this\nbucket and its service instance is associated with.\nOptional, will be set based on the installed IBM Cloud resource group.", - "type": "string" - }, - "resourceKeyCRN": { - "description": "resourceKeyCRN is the CRN of the IBM Cloud resource key that is created\nfor the service instance. Commonly referred as a service credential and\nmust contain HMAC type credentials.\nOptional, will be computed if not provided.", - "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$", - "type": "string" - }, - "serviceInstanceCRN": { - "description": "serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service\ninstance that this bucket is associated with.\nOptional, will be computed if not provided.", - "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$", - "type": "string" - } - }, - "type": "object" - }, - "managementState": { - "description": "managementState indicates if the operator manages the underlying\nstorage unit. If Managed the operator will remove the storage when\nthis operator gets Removed.", - "pattern": "^(Managed|Unmanaged)$", - "type": "string" - }, - "oss": { - "description": "Oss represents configuration that uses Alibaba Cloud Object Storage Service.", - "properties": { - "bucket": { - "description": "Bucket is the bucket name in which you want to store the registry's data.\nAbout Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm)\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be autogenerated in the form of -image-registry--", - "maxLength": 63, - "minLength": 3, - "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", - "type": "string" - }, - "encryption": { - "anyOf": [ - { - "not": { - "required": [ - "kms" - ] - }, - "properties": { - "method": { - "not": { - "enum": [ - "KMS" - ] - } - } - } - }, - { - "properties": { - "method": { - "enum": [ - "KMS" - ] - } - }, - "required": [ - "kms" - ] - } - ], - "description": "Encryption specifies whether you would like your data encrypted on the server side.\nMore details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)", - "properties": { - "kms": { - "description": "KMS (key management service) is an encryption type that holds the struct for KMS KeyID", - "properties": { - "keyID": { - "description": "KeyID holds the KMS encryption key ID", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "keyID" - ], - "type": "object" - }, - "method": { - "default": "AES256", - "description": "Method defines the different encrytion modes available\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `AES256`.", - "enum": [ - "KMS", - "AES256" - ], - "type": "string" - } - }, - "type": "object" - }, - "endpointAccessibility": { - "default": "Internal", - "description": "EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `Internal`.", - "enum": [ - "Internal", - "Public", - "" - ], - "type": "string" - }, - "region": { - "description": "Region is the Alibaba Cloud Region in which your bucket exists.\nFor a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html).\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be based on the installed Alibaba Cloud Region.", - "type": "string" - } - }, - "type": "object" - }, - "pvc": { - "description": "pvc represents configuration that uses a PersistentVolumeClaim.", - "properties": { - "claim": { - "description": "claim defines the Persisent Volume Claim's name to be used.", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "s3 represents configuration that uses Amazon Simple Storage Service.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "chunkSizeMiB": { - "description": "chunkSizeMiB defines the size of the multipart upload chunks of the S3 API.\nThe S3 API requires multipart upload chunks to be at least 5MiB.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default value is 10 MiB.\nThe value is an integer number of MiB.\nThe minimum value is 5 and the maximum value is 5120 (5 GiB).", - "format": "int32", - "maximum": 5120, - "minimum": 5, - "type": "integer" - }, - "cloudFront": { - "description": "cloudFront configures Amazon Cloudfront as the storage middleware in a\nregistry.", - "properties": { - "baseURL": { - "description": "baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.", - "type": "string" - }, - "duration": { - "description": "duration is the duration of the Cloudfront session.", - "format": "duration", - "type": "string" - }, - "keypairID": { - "description": "keypairID is key pair ID provided by AWS.", - "type": "string" - }, - "privateKey": { - "description": "privateKey points to secret containing the private key, provided by AWS.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "baseURL", - "keypairID", - "privateKey" - ], - "type": "object" - }, - "encrypt": { - "description": "encrypt specifies whether the registry stores the image in encrypted\nformat or not.\nOptional, defaults to false.", - "type": "boolean" - }, - "keyID": { - "description": "keyID is the KMS key ID to use for encryption.\nOptional, Encrypt must be true, or this parameter is ignored.", - "type": "string" - }, - "region": { - "description": "region is the AWS region in which your bucket exists.\nOptional, will be set based on the installed AWS Region.", - "type": "string" - }, - "regionEndpoint": { - "description": "regionEndpoint is the endpoint for S3 compatible storage services.\nIt should be a valid URL with scheme, e.g. https://s3.example.com.\nOptional, defaults based on the Region that is provided.", - "type": "string" - }, - "trustedCA": { - "description": "trustedCA is a reference to a config map containing a CA bundle. The\nimage registry and its operator use certificates from this bundle to\nverify S3 server certificates.\n\nThe namespace for the config map referenced by trustedCA is\n\"openshift-config\". The key for the bundle in the config map is\n\"ca-bundle.crt\".", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map.\nThis field must adhere to standard config map naming restrictions.\nThe name must consist solely of alphanumeric characters, hyphens (-)\nand periods (.). It has a maximum length of 253 characters.\nIf this field is not specified or is empty string, the default trust\nbundle will be used.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "type": "object" - }, - "virtualHostedStyle": { - "description": "virtualHostedStyle enables using S3 virtual hosted style bucket paths with\na custom RegionEndpoint\nOptional, defaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "swift": { - "description": "swift represents configuration that uses OpenStack Object Storage.", - "properties": { - "authURL": { - "description": "authURL defines the URL for obtaining an authentication token.", - "type": "string" - }, - "authVersion": { - "description": "authVersion specifies the OpenStack Auth's version.", - "type": "string" - }, - "container": { - "description": "container defines the name of Swift container where to store the\nregistry's data.", - "type": "string" - }, - "domain": { - "description": "domain specifies Openstack's domain name for Identity v3 API.", - "type": "string" - }, - "domainID": { - "description": "domainID specifies Openstack's domain id for Identity v3 API.", - "type": "string" - }, - "regionName": { - "description": "regionName defines Openstack's region in which container exists.", - "type": "string" - }, - "tenant": { - "description": "tenant defines Openstack tenant name to be used by registry.", - "type": "string" - }, - "tenantID": { - "description": "tenant defines Openstack tenant id to be used by registry.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" + "suspend": { + "description": "suspend specifies whether or not to suspend subsequent executions of this cronjob.\nDefaults to false.", + "type": "boolean" }, "tolerations": { - "description": "tolerations defines the tolerations for the registry pod.", + "description": "tolerations defines the node tolerations for the image pruner pod.", "items": { "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { @@ -92683,121 +88843,16 @@ }, "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints specify how to spread matching pods among the given topology.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "array" } }, - "required": [ - "replicas" - ], "type": "object" }, "status": { - "description": "ImageRegistryStatus reports image registry operational status.", + "description": "ImagePrunerStatus reports image pruner operational status.", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is a list of conditions and their status.", "items": { "description": "OperatorCondition is just the standard condition fields.", "properties": { @@ -92835,438 +88890,14 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] + "type": "array" }, "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "description": "observedGeneration is the last generation change that has been applied.", "format": "int64", "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "storage": { - "description": "storage indicates the current applied storage configuration of the\nregistry.", - "properties": { - "azure": { - "description": "azure represents configuration that uses Azure Blob Storage.", - "properties": { - "accountName": { - "description": "accountName defines the account to be used by the registry.", - "type": "string" - }, - "cloudName": { - "description": "cloudName is the name of the Azure cloud environment to be used by the\nregistry. If empty, the operator will set it based on the infrastructure\nobject.", - "type": "string" - }, - "container": { - "description": "container defines Azure's container to be used by registry.", - "maxLength": 63, - "minLength": 3, - "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", - "type": "string" - }, - "networkAccess": { - "default": { - "type": "External" - }, - "description": "networkAccess defines the network access properties for the storage account.\nDefaults to type: External.", - "properties": { - "internal": { - "description": "internal defines the vnet and subnet names to configure a private\nendpoint and connect it to the storage account in order to make it\nprivate.\nwhen type: Internal and internal is unset, the image registry operator\nwill discover vnet and subnet names, and generate a private endpoint\nname.", - "properties": { - "networkResourceGroupName": { - "description": "networkResourceGroupName is the resource group name where the cluster's vnet\nand subnet are. When omitted, the registry operator will use the cluster\nresource group (from in the infrastructure status).\nIf you set a networkResourceGroupName on your install-config.yaml, that\nvalue will be used automatically (for clusters configured with publish:Internal).\nNote that both vnet and subnet must be in the same resource group.\nIt must be between 1 and 90 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_), and\nnot end with a period.", - "maxLength": 90, - "minLength": 1, - "pattern": "^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$", - "type": "string" - }, - "privateEndpointName": { - "description": "privateEndpointName is the name of the private endpoint for the registry.\nWhen provided, the registry will use it as the name of the private endpoint\nit will create for the storage account. When omitted, the registry will\ngenerate one.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", - "maxLength": 64, - "minLength": 2, - "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", - "type": "string" - }, - "subnetName": { - "description": "subnetName is the name of the subnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource, then using one of listed subnets.\nAdvanced cluster network configurations that use network security groups\nto protect subnets should ensure the provided subnetName has access to\nAzure Storage service.\nIt must be between 1 and 80 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).", - "maxLength": 80, - "minLength": 1, - "pattern": "^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$", - "type": "string" - }, - "vnetName": { - "description": "vnetName is the name of the vnet the registry operates in. When omitted,\nthe registry operator will discover and set this by using the `kubernetes.io_cluster.`\ntag in the vnet resource. This tag is set automatically by the installer.\nCommonly, this will be the same vnet as the cluster.\nAdvanced cluster network configurations should ensure the provided vnetName\nis the vnet of the nodes where the image registry pods are running from.\nIt must be between 2 and 64 characters in length and must consist only of\nalphanumeric characters, hyphens (-), periods (.) and underscores (_).\nIt must start with an alphanumeric character and end with an alphanumeric character or an underscore.", - "maxLength": 64, - "minLength": 2, - "pattern": "^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$", - "type": "string" - } - }, - "type": "object" - }, - "type": { - "default": "External", - "description": "type is the network access level to be used for the storage account.\ntype: Internal means the storage account will be private, type: External\nmeans the storage account will be publicly accessible.\nInternal storage accounts are only exposed within the cluster's vnet.\nExternal storage accounts are publicly exposed on the internet.\nWhen type: Internal is used, a vnetName, subNetName and privateEndpointName\nmay optionally be specified. If unspecificed, the image registry operator\nwill discover vnet and subnet names, and generate a privateEndpointName.\nDefaults to \"External\".", - "enum": [ - "Internal", - "External" - ], - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "internal is forbidden when type is not Internal", - "rule": "has(self.type) && self.type == 'Internal' ? true : !has(self.internal)" - } - ] - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents ephemeral storage on the pod's host node.\nWARNING: this storage cannot be used with more than 1 replica and\nis not suitable for production use. When the pod is removed from a\nnode for any reason, the data in the emptyDir is deleted forever.", - "type": "object" - }, - "gcs": { - "description": "gcs represents configuration that uses Google Cloud Storage.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "keyID": { - "description": "keyID is the KMS key ID to use for encryption.\nOptional, buckets are encrypted by default on GCP.\nThis allows for the use of a custom encryption key.", - "type": "string" - }, - "projectID": { - "description": "projectID is the Project ID of the GCP project that this bucket should\nbe associated with.", - "type": "string" - }, - "region": { - "description": "region is the GCS location in which your bucket exists.\nOptional, will be set based on the installed GCS Region.", - "type": "string" - } - }, - "type": "object" - }, - "ibmcos": { - "description": "ibmcos represents configuration that uses IBM Cloud Object Storage.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "location": { - "description": "location is the IBM Cloud location in which your bucket exists.\nOptional, will be set based on the installed IBM Cloud location.", - "type": "string" - }, - "resourceGroupName": { - "description": "resourceGroupName is the name of the IBM Cloud resource group that this\nbucket and its service instance is associated with.\nOptional, will be set based on the installed IBM Cloud resource group.", - "type": "string" - }, - "resourceKeyCRN": { - "description": "resourceKeyCRN is the CRN of the IBM Cloud resource key that is created\nfor the service instance. Commonly referred as a service credential and\nmust contain HMAC type credentials.\nOptional, will be computed if not provided.", - "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$", - "type": "string" - }, - "serviceInstanceCRN": { - "description": "serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service\ninstance that this bucket is associated with.\nOptional, will be computed if not provided.", - "pattern": "^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$", - "type": "string" - } - }, - "type": "object" - }, - "managementState": { - "description": "managementState indicates if the operator manages the underlying\nstorage unit. If Managed the operator will remove the storage when\nthis operator gets Removed.", - "pattern": "^(Managed|Unmanaged)$", - "type": "string" - }, - "oss": { - "description": "Oss represents configuration that uses Alibaba Cloud Object Storage Service.", - "properties": { - "bucket": { - "description": "Bucket is the bucket name in which you want to store the registry's data.\nAbout Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm)\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be autogenerated in the form of -image-registry--", - "maxLength": 63, - "minLength": 3, - "pattern": "^[0-9a-z]+(-[0-9a-z]+)*$", - "type": "string" - }, - "encryption": { - "description": "Encryption specifies whether you would like your data encrypted on the server side.\nMore details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)", - "properties": { - "kms": { - "description": "KMS (key management service) is an encryption type that holds the struct for KMS KeyID", - "properties": { - "keyID": { - "description": "KeyID holds the KMS encryption key ID", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "keyID" - ], - "type": "object" - }, - "method": { - "default": "AES256", - "description": "Method defines the different encrytion modes available\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `AES256`.", - "enum": [ - "KMS", - "AES256" - ], - "type": "string" - } - }, - "type": "object" - }, - "endpointAccessibility": { - "default": "Internal", - "description": "EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default is `Internal`.", - "enum": [ - "Internal", - "Public", - "" - ], - "type": "string" - }, - "region": { - "description": "Region is the Alibaba Cloud Region in which your bucket exists.\nFor a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html).\nEmpty value means no opinion and the platform chooses the a default, which is subject to change over time.\nCurrently the default will be based on the installed Alibaba Cloud Region.", - "type": "string" - } - }, - "type": "object" - }, - "pvc": { - "description": "pvc represents configuration that uses a PersistentVolumeClaim.", - "properties": { - "claim": { - "description": "claim defines the Persisent Volume Claim's name to be used.", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "s3 represents configuration that uses Amazon Simple Storage Service.", - "properties": { - "bucket": { - "description": "bucket is the bucket name in which you want to store the registry's\ndata.\nOptional, will be generated if not provided.", - "type": "string" - }, - "chunkSizeMiB": { - "description": "chunkSizeMiB defines the size of the multipart upload chunks of the S3 API.\nThe S3 API requires multipart upload chunks to be at least 5MiB.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default value is 10 MiB.\nThe value is an integer number of MiB.\nThe minimum value is 5 and the maximum value is 5120 (5 GiB).", - "format": "int32", - "maximum": 5120, - "minimum": 5, - "type": "integer" - }, - "cloudFront": { - "description": "cloudFront configures Amazon Cloudfront as the storage middleware in a\nregistry.", - "properties": { - "baseURL": { - "description": "baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served.", - "type": "string" - }, - "duration": { - "description": "duration is the duration of the Cloudfront session.", - "format": "duration", - "type": "string" - }, - "keypairID": { - "description": "keypairID is key pair ID provided by AWS.", - "type": "string" - }, - "privateKey": { - "description": "privateKey points to secret containing the private key, provided by AWS.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "baseURL", - "keypairID", - "privateKey" - ], - "type": "object" - }, - "encrypt": { - "description": "encrypt specifies whether the registry stores the image in encrypted\nformat or not.\nOptional, defaults to false.", - "type": "boolean" - }, - "keyID": { - "description": "keyID is the KMS key ID to use for encryption.\nOptional, Encrypt must be true, or this parameter is ignored.", - "type": "string" - }, - "region": { - "description": "region is the AWS region in which your bucket exists.\nOptional, will be set based on the installed AWS Region.", - "type": "string" - }, - "regionEndpoint": { - "description": "regionEndpoint is the endpoint for S3 compatible storage services.\nIt should be a valid URL with scheme, e.g. https://s3.example.com.\nOptional, defaults based on the Region that is provided.", - "type": "string" - }, - "trustedCA": { - "description": "trustedCA is a reference to a config map containing a CA bundle. The\nimage registry and its operator use certificates from this bundle to\nverify S3 server certificates.\n\nThe namespace for the config map referenced by trustedCA is\n\"openshift-config\". The key for the bundle in the config map is\n\"ca-bundle.crt\".", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map.\nThis field must adhere to standard config map naming restrictions.\nThe name must consist solely of alphanumeric characters, hyphens (-)\nand periods (.). It has a maximum length of 253 characters.\nIf this field is not specified or is empty string, the default trust\nbundle will be used.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "type": "object" - }, - "virtualHostedStyle": { - "description": "virtualHostedStyle enables using S3 virtual hosted style bucket paths with\na custom RegionEndpoint\nOptional, defaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "swift": { - "description": "swift represents configuration that uses OpenStack Object Storage.", - "properties": { - "authURL": { - "description": "authURL defines the URL for obtaining an authentication token.", - "type": "string" - }, - "authVersion": { - "description": "authVersion specifies the OpenStack Auth's version.", - "type": "string" - }, - "container": { - "description": "container defines the name of Swift container where to store the\nregistry's data.", - "type": "string" - }, - "domain": { - "description": "domain specifies Openstack's domain name for Identity v3 API.", - "type": "string" - }, - "domainID": { - "description": "domainID specifies Openstack's domain id for Identity v3 API.", - "type": "string" - }, - "regionName": { - "description": "regionName defines Openstack's region in which container exists.", - "type": "string" - }, - "tenant": { - "description": "tenant defines Openstack tenant name to be used by registry.", - "type": "string" - }, - "tenantID": { - "description": "tenant defines Openstack tenant id to be used by registry.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "storageManaged": { - "description": "storageManaged is deprecated, please refer to Storage.managementState", - "type": "boolean" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } }, - "required": [ - "storage", - "storageManaged" - ], "type": "object" } }, @@ -93278,13 +88909,13 @@ "x-kubernetes-group-version-kind": [ { "group": "imageregistry.operator.openshift.io", - "kind": "Config", + "kind": "ImagePruner", "version": "v1" } ] }, - "imageregistry.operator.openshift.io/v1/ConfigList": { - "description": "ConfigList is a list of Config", + "imageregistry.operator.openshift.io/v1/ImagePrunerList": { + "description": "ImagePrunerList is a list of ImagePruner", "namespaced": true, "properties": { "apiVersion": { @@ -93292,9 +88923,9 @@ "type": "string" }, "items": { - "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of imagepruners. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.operator.imageregistry.v1.Config" + "$ref": "#/components/schemas/io.openshift.operator.imageregistry.v1.ImagePruner" }, "type": "array" }, @@ -93318,14 +88949,14 @@ "x-kubernetes-group-version-kind": [ { "group": "imageregistry.operator.openshift.io", - "kind": "ConfigList", + "kind": "ImagePrunerList", "version": "v1" } ] }, - "imageregistry.operator.openshift.io/v1/ImagePruner": { - "description": "ImagePruner is the configuration object for an image registry pruner\nmanaged by the registry operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "infrastructure.cluster.x-k8s.io/v1alpha5/Metal3Remediation": { + "description": "Metal3Remediation is the Schema for the metal3remediations API.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -93344,1046 +88975,10 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "ImagePrunerSpec defines the specs for the running image pruner.", + "description": "Metal3RemediationSpec defines the desired state of Metal3Remediation.", "properties": { - "affinity": { - "description": "affinity is a group of node affinity scheduling rules for the image pruner pod.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "failedJobsHistoryLimit": { - "description": "failedJobsHistoryLimit specifies how many failed image pruner jobs to retain.\nDefaults to 3 if not set.", - "format": "int32", - "type": "integer" - }, - "ignoreInvalidImageReferences": { - "description": "ignoreInvalidImageReferences indicates whether the pruner can ignore\nerrors while parsing image references.", - "type": "boolean" - }, - "keepTagRevisions": { - "description": "keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved.\nDefaults to 3.", - "type": "integer" - }, - "keepYoungerThan": { - "description": "keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning.\nDEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.", - "format": "int64", - "type": "integer" - }, - "keepYoungerThanDuration": { - "description": "keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning.\nDefaults to 60m (60 minutes).", - "format": "duration", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel sets the level of log output for the pruner job.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector defines the node selection constraints for the image pruner pod.", - "type": "object" - }, - "resources": { - "description": "resources defines the resource requests and limits for the image pruner pod.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "schedule": { - "description": "schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron.\nDefaults to `0 0 * * *`.", - "type": "string" - }, - "successfulJobsHistoryLimit": { - "description": "successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain.\nDefaults to 3 if not set.", - "format": "int32", - "type": "integer" - }, - "suspend": { - "description": "suspend specifies whether or not to suspend subsequent executions of this cronjob.\nDefaults to false.", - "type": "boolean" - }, - "tolerations": { - "description": "tolerations defines the node tolerations for the image pruner pod.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "ImagePrunerStatus reports image pruner operational status.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status.", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change that has been applied.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "imageregistry.operator.openshift.io", - "kind": "ImagePruner", - "version": "v1" - } - ] - }, - "imageregistry.operator.openshift.io/v1/ImagePrunerList": { - "description": "ImagePrunerList is a list of ImagePruner", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagepruners. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.imageregistry.v1.ImagePruner" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "imageregistry.operator.openshift.io", - "kind": "ImagePrunerList", - "version": "v1" - } - ] - }, - "infrastructure.cluster.x-k8s.io/v1alpha5/Metal3Remediation": { - "description": "Metal3Remediation is the Schema for the metal3remediations API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Metal3RemediationSpec defines the desired state of Metal3Remediation.", - "properties": { - "strategy": { - "description": "Strategy field defines remediation strategy.", + "strategy": { + "description": "Strategy field defines remediation strategy.", "properties": { "retryLimit": { "description": "Sets maximum number of remediation retries.", @@ -94614,8 +89209,8 @@ } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPCluster": { - "description": "GCPCluster is the Schema for the gcpclusters API.", + "infrastructure.cluster.x-k8s.io/v1beta1/Metal3Remediation": { + "description": "Metal3Remediation is the Schema for the metal3remediations API.", "namespaced": true, "properties": { "apiVersion": { @@ -94635,361 +89230,46 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPClusterSpec defines the desired state of GCPCluster.", + "description": "Metal3RemediationSpec defines the desired state of Metal3Remediation.", "properties": { - "additionalLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the\nones added by default.", - "type": "object" - }, - "controlPlaneEndpoint": { - "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", + "strategy": { + "description": "Strategy field defines remediation strategy.", "properties": { - "host": { - "description": "The hostname on which the API server is serving.", - "type": "string" - }, - "port": { - "description": "The port on which the API server is serving.", - "format": "int32", + "retryLimit": { + "description": "Sets maximum number of remediation retries.", "type": "integer" - } - }, - "required": [ - "host", - "port" - ], - "type": "object" - }, - "credentialsRef": { - "description": "CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not\nsupplied then the credentials of the controller will be used.", - "properties": { - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + }, + "timeout": { + "description": "Sets the timeout between remediation retries.", "type": "string" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "failureDomains": { - "description": "FailureDomains is an optional field which is used to assign selected availability zones to a cluster\nFailureDomains if empty, defaults to all the zones in the selected region and if specified would override\nthe default zones.", - "items": { - "type": "string" - }, - "type": "array" - }, - "loadBalancer": { - "description": "LoadBalancer contains configuration for one or more LoadBalancers.", - "properties": { - "apiServerInstanceGroupTagOverride": { - "description": "APIServerInstanceGroupTagOverride overrides the default setting for the\ntag used when creating the API Server Instance Group.", - "maxLength": 16, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "internalLoadBalancer": { - "description": "InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer.", - "properties": { - "name": { - "description": "Name is the name of the Load Balancer. If not set a default name\nwill be used. For an Internal Load Balancer service the default\nname is \"api-internal\".", - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "subnet": { - "description": "Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is\nrequired for the Load Balancer, if not defined the first configured subnet will be\nused.", - "type": "string" - } - }, - "type": "object" - }, - "loadBalancerType": { - "description": "LoadBalancerType defines the type of Load Balancer that should be created.\nIf not set, a Global External Proxy Load Balancer will be created by default.", - "type": "string" - } - }, - "type": "object" - }, - "network": { - "description": "NetworkSpec encapsulates all things related to GCP network.", - "properties": { - "autoCreateSubnetworks": { - "description": "AutoCreateSubnetworks: When set to true, the VPC network is created\nin \"auto\" mode. When set to false, the VPC network is created in\n\"custom\" mode.\n\nAn auto mode VPC network starts with one subnet per region. Each\nsubnet has a predetermined range as described in Auto mode VPC\nnetwork IP ranges.\n\nDefaults to true.", - "type": "boolean" - }, - "hostProject": { - "description": "HostProject is the name of the project hosting the shared VPC network resources.", - "type": "string" - }, - "loadBalancerBackendPort": { - "description": "Allow for configuration of load balancer backend (useful for changing apiserver port)", - "format": "int32", - "type": "integer" - }, - "mtu": { - "default": 1460, - "description": "Mtu: Maximum Transmission Unit in bytes. The minimum value for this field is\n1300 and the maximum value is 8896. The suggested value is 1500, which is\nthe default MTU used on the Internet, or 8896 if you want to use Jumbo\nframes. If unspecified, the value defaults to 1460.\nMore info: https://pkg.go.dev/google.golang.org/api/compute/v1#Network", - "format": "int64", - "maximum": 8896, - "minimum": 1300, - "type": "integer" - }, - "name": { - "description": "Name is the name of the network to be used.", - "type": "string" - }, - "subnets": { - "description": "Subnets configuration.", - "items": { - "description": "SubnetSpec configures an GCP Subnet.", - "properties": { - "cidrBlock": { - "description": "CidrBlock is the range of internal addresses that are owned by this\nsubnetwork. Provide this property when you create the subnetwork. For\nexample, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported. This field\ncan be set only at resource creation time.", - "type": "string" - }, - "description": { - "description": "Description is an optional description associated with the resource.", - "type": "string" - }, - "enableFlowLogs": { - "description": "EnableFlowLogs: Whether to enable flow logging for this subnetwork.\nIf this field is not explicitly set, it will not appear in get\nlistings. If not set the default behavior is to disable flow logging.", - "type": "boolean" - }, - "name": { - "description": "Name defines a unique identifier to reference this resource.", - "type": "string" - }, - "privateGoogleAccess": { - "description": "PrivateGoogleAccess defines whether VMs in this subnet can access\nGoogle services without assigning external IP addresses", - "type": "boolean" - }, - "purpose": { - "default": "PRIVATE_RFC_1918", - "description": "Purpose: The purpose of the resource.\nIf unspecified, the purpose defaults to PRIVATE_RFC_1918.\nThe enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.\n\nPossible values:\n \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal\nHTTP(S) Load Balancing.\n \"PRIVATE\" - Regular user created or automatically created subnet.\n \"PRIVATE_RFC_1918\" - Regular user created or automatically created\nsubnet.\n \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service\nConnect in the producer network.\n \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional\nInternal/External HTTP(S) Load Balancing.", - "enum": [ - "INTERNAL_HTTPS_LOAD_BALANCER", - "PRIVATE_RFC_1918", - "PRIVATE", - "PRIVATE_SERVICE_CONNECT", - "REGIONAL_MANAGED_PROXY" - ], - "type": "string" - }, - "region": { - "description": "Region is the name of the region where the Subnetwork resides.", - "type": "string" - }, - "secondaryCidrBlocks": { - "additionalProperties": { - "type": "string" - }, - "description": "SecondaryCidrBlocks defines secondary CIDR ranges,\nfrom which secondary IP ranges of a VM may be allocated", - "type": "object" - }, - "stackType": { - "default": "IPV4_ONLY", - "description": "StackType: The stack type for the subnet. If set to IPV4_ONLY, new VMs in\nthe subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in\nthe subnet can be assigned both IPv4 and IPv6 addresses. If not specified,\nIPV4_ONLY is used. This field can be both set at resource creation time and\nupdated using patch.\n\nPossible values:\n \"IPV4_IPV6\" - New VMs in this subnet can have both IPv4 and IPv6\naddresses.\n \"IPV4_ONLY\" - New VMs in this subnet will only be assigned IPv4 addresses.\n \"IPV6_ONLY\" - New VMs in this subnet will only be assigned IPv6 addresses.", - "enum": [ - "IPV4_ONLY", - "IPV4_IPV6", - "IPV6_ONLY" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "project": { - "description": "Project is the name of the project to deploy the cluster to.", - "type": "string" - }, - "region": { - "description": "The GCP Region the cluster lives in.", - "type": "string" - }, - "resourceManagerTags": { - "description": "ResourceManagerTags is an optional set of tags to apply to GCP resources managed\nby the GCP provider. GCP supports a maximum of 50 tags per resource.", - "items": { - "description": "ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.", - "properties": { - "key": { - "description": "Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot\nbe empty. Tag key must begin and end with an alphanumeric character, and must contain\nonly uppercase, lowercase alphanumeric characters, and the following special\ncharacters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", - "type": "string" - }, - "parentID": { - "description": "ParentID is the ID of the hierarchical resource where the tags are defined\ne.g. at the Organization or the Project level. To find the Organization or Project ID ref\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,\nnumbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "value": { - "description": "Value is the value part of the tag. A tag value can have a maximum of 63 characters and\ncannot be empty. Tag value must begin and end with an alphanumeric character, and must\ncontain only uppercase, lowercase alphanumeric characters, and the following special\ncharacters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "key", - "parentID", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "serviceEndpoints": { - "description": "ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.\nFor instance, the user can specify a new endpoint for the compute service.", - "properties": { - "compute": { - "description": "ComputeServiceEndpoint is the custom endpoint url for the Compute Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "container": { - "description": "ContainerServiceEndpoint is the custom endpoint url for the Container Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "iam": { - "description": "IAMServiceEndpoint is the custom endpoint url for the IAM Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "resourceManager": { - "description": "ResourceManagerServiceEndpoint is the custom endpoint url for the Resource Manager Service", - "format": "uri", - "pattern": "^https://", + "type": { + "description": "Type of remediation.", "type": "string" } }, "type": "object" } }, - "required": [ - "project", - "region" - ], "type": "object" }, "status": { - "description": "GCPClusterStatus defines the observed state of GCPCluster.", + "description": "Metal3RemediationStatus defines the observed state of Metal3Remediation.", "properties": { - "failureDomains": { - "additionalProperties": { - "description": "FailureDomainSpec is the Schema for Cluster API failure domains.\nIt allows controllers to understand how many failure domains a cluster can optionally span across.", - "properties": { - "attributes": { - "additionalProperties": { - "type": "string" - }, - "description": "attributes is a free form map of attributes an infrastructure provider might use or require.", - "type": "object" - }, - "controlPlane": { - "description": "controlPlane determines if this failure domain is suitable for use by control plane machines.", - "type": "boolean" - } - }, - "type": "object" - }, - "description": "FailureDomains is a slice of FailureDomains.", - "type": "object" + "lastRemediated": { + "description": "LastRemediated identifies when the host was last remediated", + "format": "date-time", + "type": "string" }, - "network": { - "description": "Network encapsulates GCP networking resources.", - "properties": { - "apiInternalBackendService": { - "description": "APIInternalBackendService is the full reference to the backend service\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalForwardingRule": { - "description": "APIInternalForwardingRule is the full reference to the forwarding rule\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalHealthCheck": { - "description": "APIInternalHealthCheck is the full reference to the health check\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalIpAddress": { - "description": "APIInternalAddress is the IPV4 regional address assigned to the\ninternal Load Balancer.", - "type": "string" - }, - "apiServerBackendService": { - "description": "APIServerBackendService is the full reference to the backend service\ncreated for the API Server.", - "type": "string" - }, - "apiServerForwardingRule": { - "description": "APIServerForwardingRule is the full reference to the forwarding rule\ncreated for the API Server.", - "type": "string" - }, - "apiServerHealthCheck": { - "description": "APIServerHealthCheck is the full reference to the health check\ncreated for the API Server.", - "type": "string" - }, - "apiServerInstanceGroups": { - "additionalProperties": { - "type": "string" - }, - "description": "APIServerInstanceGroups is a map from zone to the full reference\nto the instance groups created for the control plane nodes created in the same zone.", - "type": "object" - }, - "apiServerIpAddress": { - "description": "APIServerAddress is the IPV4 global address assigned to the load balancer\ncreated for the API Server.", - "type": "string" - }, - "apiServerTargetProxy": { - "description": "APIServerTargetProxy is the full reference to the target proxy\ncreated for the API Server.", - "type": "string" - }, - "firewallRules": { - "additionalProperties": { - "type": "string" - }, - "description": "FirewallRules is a map from the name of the rule to its full reference.", - "type": "object" - }, - "router": { - "description": "Router is the full reference to the router created within the network\nit'll contain the cloud nat gateway", - "type": "string" - }, - "selfLink": { - "description": "SelfLink is the link to the Network used for this cluster.", - "type": "string" - } - }, - "type": "object" + "phase": { + "description": "Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc.", + "type": "string" }, - "ready": { - "description": "Bastion Instance `json:\"bastion,omitempty\"`", - "type": "boolean" + "retryCount": { + "description": "RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc.", + "type": "integer" } }, - "required": [ - "ready" - ], "type": "object" } }, @@ -94998,13 +89278,13 @@ "x-kubernetes-group-version-kind": [ { "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPCluster", + "kind": "Metal3Remediation", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPClusterList": { - "description": "GCPClusterList is a list of GCPCluster", + "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationList": { + "description": "Metal3RemediationList is a list of Metal3Remediation", "namespaced": true, "properties": { "apiVersion": { @@ -95012,9 +89292,9 @@ "type": "string" }, "items": { - "description": "List of gcpclusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of metal3remediations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPCluster" + "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.Metal3Remediation" }, "type": "array" }, @@ -95038,13 +89318,13 @@ "x-kubernetes-group-version-kind": [ { "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPClusterList", + "kind": "Metal3RemediationList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPClusterTemplate": { - "description": "GCPClusterTemplate is the Schema for the gcpclustertemplates API.", + "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationTemplate": { + "description": "Metal3RemediationTemplate is the Schema for the metal3remediationtemplates API.", "namespaced": true, "properties": { "apiVersion": { @@ -95064,289 +89344,33 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate.", + "description": "Metal3RemediationTemplateSpec defines the desired state of Metal3RemediationTemplate.", "properties": { "template": { - "description": "GCPClusterTemplateResource contains spec for GCPClusterSpec.", + "description": "Metal3RemediationTemplateResource describes the data needed to create a Metal3Remediation from a template.", "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - } - }, - "type": "object" - }, "spec": { - "description": "GCPClusterSpec defines the desired state of GCPCluster.", + "description": "Spec is the specification of the desired behavior of the Metal3Remediation.", "properties": { - "additionalLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the\nones added by default.", - "type": "object" - }, - "controlPlaneEndpoint": { - "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", - "properties": { - "host": { - "description": "The hostname on which the API server is serving.", - "type": "string" - }, - "port": { - "description": "The port on which the API server is serving.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "host", - "port" - ], - "type": "object" - }, - "credentialsRef": { - "description": "CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not\nsupplied then the credentials of the controller will be used.", - "properties": { - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "failureDomains": { - "description": "FailureDomains is an optional field which is used to assign selected availability zones to a cluster\nFailureDomains if empty, defaults to all the zones in the selected region and if specified would override\nthe default zones.", - "items": { - "type": "string" - }, - "type": "array" - }, - "loadBalancer": { - "description": "LoadBalancer contains configuration for one or more LoadBalancers.", - "properties": { - "apiServerInstanceGroupTagOverride": { - "description": "APIServerInstanceGroupTagOverride overrides the default setting for the\ntag used when creating the API Server Instance Group.", - "maxLength": 16, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "internalLoadBalancer": { - "description": "InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer.", - "properties": { - "name": { - "description": "Name is the name of the Load Balancer. If not set a default name\nwill be used. For an Internal Load Balancer service the default\nname is \"api-internal\".", - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "subnet": { - "description": "Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is\nrequired for the Load Balancer, if not defined the first configured subnet will be\nused.", - "type": "string" - } - }, - "type": "object" - }, - "loadBalancerType": { - "description": "LoadBalancerType defines the type of Load Balancer that should be created.\nIf not set, a Global External Proxy Load Balancer will be created by default.", - "type": "string" - } - }, - "type": "object" - }, - "network": { - "description": "NetworkSpec encapsulates all things related to GCP network.", + "strategy": { + "description": "Strategy field defines remediation strategy.", "properties": { - "autoCreateSubnetworks": { - "description": "AutoCreateSubnetworks: When set to true, the VPC network is created\nin \"auto\" mode. When set to false, the VPC network is created in\n\"custom\" mode.\n\nAn auto mode VPC network starts with one subnet per region. Each\nsubnet has a predetermined range as described in Auto mode VPC\nnetwork IP ranges.\n\nDefaults to true.", - "type": "boolean" - }, - "hostProject": { - "description": "HostProject is the name of the project hosting the shared VPC network resources.", - "type": "string" - }, - "loadBalancerBackendPort": { - "description": "Allow for configuration of load balancer backend (useful for changing apiserver port)", - "format": "int32", - "type": "integer" - }, - "mtu": { - "default": 1460, - "description": "Mtu: Maximum Transmission Unit in bytes. The minimum value for this field is\n1300 and the maximum value is 8896. The suggested value is 1500, which is\nthe default MTU used on the Internet, or 8896 if you want to use Jumbo\nframes. If unspecified, the value defaults to 1460.\nMore info: https://pkg.go.dev/google.golang.org/api/compute/v1#Network", - "format": "int64", - "maximum": 8896, - "minimum": 1300, + "retryLimit": { + "description": "Sets maximum number of remediation retries.", "type": "integer" }, - "name": { - "description": "Name is the name of the network to be used.", - "type": "string" - }, - "subnets": { - "description": "Subnets configuration.", - "items": { - "description": "SubnetSpec configures an GCP Subnet.", - "properties": { - "cidrBlock": { - "description": "CidrBlock is the range of internal addresses that are owned by this\nsubnetwork. Provide this property when you create the subnetwork. For\nexample, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported. This field\ncan be set only at resource creation time.", - "type": "string" - }, - "description": { - "description": "Description is an optional description associated with the resource.", - "type": "string" - }, - "enableFlowLogs": { - "description": "EnableFlowLogs: Whether to enable flow logging for this subnetwork.\nIf this field is not explicitly set, it will not appear in get\nlistings. If not set the default behavior is to disable flow logging.", - "type": "boolean" - }, - "name": { - "description": "Name defines a unique identifier to reference this resource.", - "type": "string" - }, - "privateGoogleAccess": { - "description": "PrivateGoogleAccess defines whether VMs in this subnet can access\nGoogle services without assigning external IP addresses", - "type": "boolean" - }, - "purpose": { - "default": "PRIVATE_RFC_1918", - "description": "Purpose: The purpose of the resource.\nIf unspecified, the purpose defaults to PRIVATE_RFC_1918.\nThe enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.\n\nPossible values:\n \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal\nHTTP(S) Load Balancing.\n \"PRIVATE\" - Regular user created or automatically created subnet.\n \"PRIVATE_RFC_1918\" - Regular user created or automatically created\nsubnet.\n \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service\nConnect in the producer network.\n \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional\nInternal/External HTTP(S) Load Balancing.", - "enum": [ - "INTERNAL_HTTPS_LOAD_BALANCER", - "PRIVATE_RFC_1918", - "PRIVATE", - "PRIVATE_SERVICE_CONNECT", - "REGIONAL_MANAGED_PROXY" - ], - "type": "string" - }, - "region": { - "description": "Region is the name of the region where the Subnetwork resides.", - "type": "string" - }, - "secondaryCidrBlocks": { - "additionalProperties": { - "type": "string" - }, - "description": "SecondaryCidrBlocks defines secondary CIDR ranges,\nfrom which secondary IP ranges of a VM may be allocated", - "type": "object" - }, - "stackType": { - "default": "IPV4_ONLY", - "description": "StackType: The stack type for the subnet. If set to IPV4_ONLY, new VMs in\nthe subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in\nthe subnet can be assigned both IPv4 and IPv6 addresses. If not specified,\nIPV4_ONLY is used. This field can be both set at resource creation time and\nupdated using patch.\n\nPossible values:\n \"IPV4_IPV6\" - New VMs in this subnet can have both IPv4 and IPv6\naddresses.\n \"IPV4_ONLY\" - New VMs in this subnet will only be assigned IPv4 addresses.\n \"IPV6_ONLY\" - New VMs in this subnet will only be assigned IPv6 addresses.", - "enum": [ - "IPV4_ONLY", - "IPV4_IPV6", - "IPV6_ONLY" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "project": { - "description": "Project is the name of the project to deploy the cluster to.", - "type": "string" - }, - "region": { - "description": "The GCP Region the cluster lives in.", - "type": "string" - }, - "resourceManagerTags": { - "description": "ResourceManagerTags is an optional set of tags to apply to GCP resources managed\nby the GCP provider. GCP supports a maximum of 50 tags per resource.", - "items": { - "description": "ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.", - "properties": { - "key": { - "description": "Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot\nbe empty. Tag key must begin and end with an alphanumeric character, and must contain\nonly uppercase, lowercase alphanumeric characters, and the following special\ncharacters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", - "type": "string" - }, - "parentID": { - "description": "ParentID is the ID of the hierarchical resource where the tags are defined\ne.g. at the Organization or the Project level. To find the Organization or Project ID ref\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,\nnumbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "value": { - "description": "Value is the value part of the tag. A tag value can have a maximum of 63 characters and\ncannot be empty. Tag value must begin and end with an alphanumeric character, and must\ncontain only uppercase, lowercase alphanumeric characters, and the following special\ncharacters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "key", - "parentID", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "serviceEndpoints": { - "description": "ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.\nFor instance, the user can specify a new endpoint for the compute service.", - "properties": { - "compute": { - "description": "ComputeServiceEndpoint is the custom endpoint url for the Compute Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "container": { - "description": "ContainerServiceEndpoint is the custom endpoint url for the Container Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "iam": { - "description": "IAMServiceEndpoint is the custom endpoint url for the IAM Service", - "format": "uri", - "pattern": "^https://", + "timeout": { + "description": "Sets the timeout between remediation retries.", "type": "string" }, - "resourceManager": { - "description": "ResourceManagerServiceEndpoint is the custom endpoint url for the Resource Manager Service", - "format": "uri", - "pattern": "^https://", + "type": { + "description": "Type of remediation.", "type": "string" } }, "type": "object" } }, - "required": [ - "project", - "region" - ], "type": "object" } }, @@ -95360,6 +89384,34 @@ "template" ], "type": "object" + }, + "status": { + "description": "Metal3RemediationTemplateStatus defines the observed state of Metal3RemediationTemplate.", + "properties": { + "status": { + "description": "Metal3RemediationStatus defines the observed state of Metal3Remediation", + "properties": { + "lastRemediated": { + "description": "LastRemediated identifies when the host was last remediated", + "format": "date-time", + "type": "string" + }, + "phase": { + "description": "Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc.", + "type": "string" + }, + "retryCount": { + "description": "RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc.", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "status" + ], + "type": "object" } }, "required": [], @@ -95367,13 +89419,13 @@ "x-kubernetes-group-version-kind": [ { "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPClusterTemplate", + "kind": "Metal3RemediationTemplate", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPClusterTemplateList": { - "description": "GCPClusterTemplateList is a list of GCPClusterTemplate", + "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationTemplateList": { + "description": "Metal3RemediationTemplateList is a list of Metal3RemediationTemplate", "namespaced": true, "properties": { "apiVersion": { @@ -95381,9 +89433,9 @@ "type": "string" }, "items": { - "description": "List of gcpclustertemplates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of metal3remediationtemplates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPClusterTemplate" + "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplate" }, "type": "array" }, @@ -95407,13 +89459,13 @@ "x-kubernetes-group-version-kind": [ { "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPClusterTemplateList", + "kind": "Metal3RemediationTemplateList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPMachine": { - "description": "GCPMachine is the Schema for the gcpmachines API.", + "ingress.operator.openshift.io/v1/DNSRecord": { + "description": "DNSRecord is a DNS record managed in the zones defined by\ndns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource\nis only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible\nfor managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -95433,397 +89485,467 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPMachineSpec defines the desired state of GCPMachine.", + "description": "spec is the specification of the desired behavior of the dnsRecord.", + "properties": { + "dnsManagementPolicy": { + "default": "Managed", + "description": "dnsManagementPolicy denotes the current policy applied on the DNS\nrecord. Records that have policy set as \"Unmanaged\" are ignored by\nthe ingress operator. This means that the DNS record on the cloud\nprovider is not managed by the operator, and the \"Published\" status\ncondition will be updated to \"Unknown\" status, since it is externally\nmanaged. Any existing record on the cloud provider can be deleted at\nthe discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and\n\"Unmanaged\".", + "enum": [ + "Managed", + "Unmanaged" + ], + "type": "string" + }, + "dnsName": { + "description": "dnsName is the hostname of the DNS record", + "minLength": 1, + "type": "string" + }, + "recordTTL": { + "description": "recordTTL is the record TTL in seconds. If zero, the default is 30.\nRecordTTL will not be used in AWS regions Alias targets, but\nwill be used in CNAME targets, per AWS API contract.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "recordType": { + "description": "recordType is the DNS record type. For example, \"A\" or \"CNAME\".", + "enum": [ + "CNAME", + "A" + ], + "type": "string" + }, + "targets": { + "description": "targets are record targets.", + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "dnsManagementPolicy", + "dnsName", + "recordTTL", + "recordType", + "targets" + ], + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the dnsRecord.", "properties": { - "additionalDisks": { - "description": "AdditionalDisks are optional non-boot attached disks.", + "observedGeneration": { + "description": "observedGeneration is the most recently observed generation of the\nDNSRecord. When the DNSRecord is updated, the controller updates the\ncorresponding record in each managed zone. If an update for a\nparticular zone fails, that failure is recorded in the status\ncondition for the zone so that the controller can determine that it\nneeds to retry the update for that specific zone.", + "format": "int64", + "type": "integer" + }, + "zones": { + "description": "zones are the status of the record in each zone.", "items": { - "description": "AttachedDiskSpec degined GCP machine disk.", + "description": "DNSZoneStatus is the status of a record within a specific zone.", "properties": { - "deviceType": { - "description": "DeviceType is a device type of the attached disk.\nSupported types of non-root attached volumes:\n1. \"pd-standard\" - Standard (HDD) persistent disk\n2. \"pd-ssd\" - SSD persistent disk\n3. \"local-ssd\" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd).\n4. \"pd-balanced\" - Balanced Persistent Disk\n5. \"hyperdisk-balanced\" - Hyperdisk Balanced\nDefault is \"pd-standard\".", - "type": "string" + "conditions": { + "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be\nset with status \"True\" and upon failure it will be set to \"False\" along\nwith the reason and message describing the cause of the failure.", + "items": { + "description": "DNSZoneCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "minLength": 1, + "type": "string" + }, + "type": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" }, - "encryptionKey": { - "description": "EncryptionKey defines the KMS key to be used to encrypt the disk.", + "dnsZone": { + "description": "dnsZone is the zone where the record is published.", "properties": { - "keyType": { - "description": "KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or\nSupplied, aka Customer-Supplied EncryptionKey (CSEK).", - "enum": [ - "Managed", - "Supplied" - ], - "type": "string" - }, - "kmsKeyServiceAccount": { - "description": "KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key.\nIf absent, the Compute Engine default service account is used. For example:\n\"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com.\nThe maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email\nsuffix (\"iam.gserviceaccount.com\").", - "maxLength": 85, - "pattern": "[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com", + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", "type": "string" }, - "managedKey": { - "description": "ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.", - "properties": { - "kmsKeyName": { - "description": "KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example:\n\"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key", - "maxLength": 160, - "pattern": "projects\\/[-_[A-Za-z0-9]+\\/locations\\/[-_[A-Za-z0-9]+\\/keyRings\\/[-_[A-Za-z0-9]+\\/cryptoKeys\\/[-_[A-Za-z0-9]+", - "type": "string" - } - }, - "required": [ - "kmsKeyName" - ], - "type": "object" - }, - "suppliedKey": { - "description": "SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "rawKey": { - "description": "RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648\nbase64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey.\nFor example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\"", - "format": "byte", - "type": "string" - }, - "rsaEncryptedKey": { - "description": "RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption\nkey to either encrypt or decrypt this resource. You can provide either the rawKey or the\nrsaEncryptedKey.\nFor example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi\nz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi\nD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\"\nThe key must meet the following requirements before you can provide it to Compute Engine:\n1. The key is wrapped using a RSA public key certificate provided by Google.\n2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding.\nGets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem", - "format": "byte", - "type": "string" - } + "tags": { + "additionalProperties": { + "type": "string" }, + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", "type": "object" } }, - "required": [ - "keyType" - ], "type": "object" - }, - "size": { - "description": "Size is the size of the disk in GBs.\nDefaults to 30GB. For \"local-ssd\" size is always 375GB.", - "format": "int64", - "type": "integer" } }, "type": "object" }, "type": "array" - }, - "additionalLabels": { + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ingress.operator.openshift.io", + "kind": "DNSRecord", + "version": "v1" + } + ] + }, + "ingress.operator.openshift.io/v1/DNSRecordList": { + "description": "DNSRecordList is a list of DNSRecord", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of dnsrecords. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.ingress.v1.DNSRecord" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ingress.operator.openshift.io", + "kind": "DNSRecordList", + "version": "v1" + } + ] + }, + "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterInstancetype": { + "description": "VirtualMachineClusterInstancetype is a cluster scoped version of VirtualMachineInstancetype resource.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Required spec describing the instancetype", + "properties": { + "annotations": { "additionalProperties": { "type": "string" }, - "description": "AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the\nGCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the\nGCPMachine's value takes precedence.", + "description": "Optionally defines the required Annotations to be used by the instance type and applied to the VirtualMachineInstance", + "type": "object" + }, + "cpu": { + "description": "Required CPU related attributes of the instancetype.", + "properties": { + "dedicatedCPUPlacement": { + "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", + "type": "boolean" + }, + "guest": { + "description": "Required number of vCPUs to expose to the guest.\n\nThe resulting CPU topology being derived from the optional PreferredCPUTopology attribute of CPUPreferences that itself defaults to PreferSockets.", + "format": "int32", + "type": "integer" + }, + "isolateEmulatorThread": { + "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", + "type": "boolean" + }, + "maxSockets": { + "description": "MaxSockets specifies the maximum amount of sockets that can be hotplugged", + "format": "int32", + "type": "integer" + }, + "model": { + "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", + "type": "string" + }, + "numa": { + "description": "NUMA allows specifying settings for the guest NUMA topology", + "properties": { + "guestMappingPassthrough": { + "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", + "type": "object" + } + }, + "type": "object" + }, + "realtime": { + "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", + "properties": { + "mask": { + "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "guest" + ], "type": "object" }, - "additionalMetadata": { - "description": "AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the\nGCP provider.", + "gpus": { + "description": "Optionally defines any GPU devices associated with the instancetype.", "items": { - "description": "MetadataItem defines a single piece of metadata associated with an instance.", "properties": { - "key": { - "description": "Key is the identifier for the metadata entry.", + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", "type": "string" }, - "value": { - "description": "Value is the value of the metadata entry.", + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "description": "Name of the GPU device as exposed by a device plugin", + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", "type": "string" + }, + "virtualGPUOptions": { + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" } }, "required": [ - "key" + "name" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" - }, - "additionalNetworkTags": { - "description": "AdditionalNetworkTags is a list of network tags that should be applied to the\ninstance. These tags are set in addition to any network tags defined\nat the cluster level or in the actuator.", - "items": { - "type": "string" - }, - "type": "array" - }, - "confidentialCompute": { - "description": "ConfidentialCompute Defines whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice.\nIf Disabled, the machine will not be configured to be a confidential computing instance.\nIf Enabled, confidential computing will be configured and AMD Secure Encrypted Virtualization will be configured by default. That is subject to change over time. If using AMD Secure Encrypted Virtualization is vital, use AMDEncryptedVirtualization explicitly instead.\nIf AMDEncryptedVirtualization, it will configure AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology.\nIf AMDEncryptedVirtualizationNestedPaging, it will configure AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology.\nIf IntelTrustedDomainExtensions, it will configure Intel TDX as the confidential computing technology.\nIf enabled (any value other than Disabled) OnHostMaintenance is required to be set to \"Terminate\".\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is false.", - "enum": [ - "Enabled", - "Disabled", - "AMDEncryptedVirtualization", - "AMDEncryptedVirtualizationNestedPaging", - "IntelTrustedDomainExtensions" - ], - "type": "string" - }, - "image": { - "description": "Image is the full reference to a valid image to be used for this machine.\nTakes precedence over ImageFamily.", - "type": "string" - }, - "imageFamily": { - "description": "ImageFamily is the full reference to a valid image family to be used for this machine.", - "type": "string" - }, - "instanceType": { - "description": "InstanceType is the type of instance to create. Example: n1.standard-2", - "type": "string" - }, - "ipForwarding": { - "default": "Enabled", - "description": "IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs.\nThis is required if you plan to use this instance to forward routes. Defaults to enabled.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" - }, - "onHostMaintenance": { - "description": "OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", - "enum": [ - "Migrate", - "Terminate" - ], - "type": "string" - }, - "preemptible": { - "description": "Preemptible defines if instance is preemptible", - "type": "boolean" - }, - "providerID": { - "description": "ProviderID is the unique identifier as specified by the cloud provider.", - "type": "string" - }, - "provisioningModel": { - "description": "ProvisioningModel defines if instance is spot.\nIf set to \"Standard\" while preemptible is true, then the VM will be of type \"Preemptible\".\nIf \"Spot\", VM type is \"Spot\". When unspecified, defaults to \"Standard\".", - "enum": [ - "Standard", - "Spot" - ], - "type": "string" - }, - "publicIP": { - "description": "PublicIP specifies whether the instance should get a public IP.\nSet this to true if you don't have a NAT instances or Cloud Nat setup.", - "type": "boolean" + "x-kubernetes-list-type": "atomic" }, - "resourceManagerTags": { - "description": "ResourceManagerTags is an optional set of tags to apply to GCP resources managed\nby the GCP provider. GCP supports a maximum of 50 tags per resource.", + "hostDevices": { + "description": "Optionally defines any HostDevices associated with the instancetype.", "items": { - "description": "ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.", "properties": { - "key": { - "description": "Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot\nbe empty. Tag key must begin and end with an alphanumeric character, and must contain\nonly uppercase, lowercase alphanumeric characters, and the following special\ncharacters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", "type": "string" }, - "parentID": { - "description": "ParentID is the ID of the hierarchical resource where the tags are defined\ne.g. at the Organization or the Project level. To find the Organization or Project ID ref\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,\nnumbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", "type": "string" }, - "value": { - "description": "Value is the value part of the tag. A tag value can have a maximum of 63 characters and\ncannot be empty. Tag value must begin and end with an alphanumeric character, and must\ncontain only uppercase, lowercase alphanumeric characters, and the following special\ncharacters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", + "name": { + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", "type": "string" } }, "required": [ - "key", - "parentID", - "value" + "name" ], "type": "object" }, - "type": "array" - }, - "rootDeviceSize": { - "description": "RootDeviceSize is the size of the root volume in GB.\nDefaults to 30.", - "format": "int64", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "rootDeviceType": { - "description": "RootDeviceType is the type of the root volume.\nSupported types of root volumes:\n1. \"pd-standard\" - Standard (HDD) persistent disk\n2. \"pd-ssd\" - SSD persistent disk\n3. \"pd-balanced\" - Balanced Persistent Disk\n4. \"hyperdisk-balanced\" - Hyperdisk Balanced\nDefault is \"pd-standard\".", + "ioThreadsPolicy": { + "description": "Optionally defines the IOThreadsPolicy to be used by the instancetype.", "type": "string" }, - "rootDiskEncryptionKey": { - "description": "RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk.", + "launchSecurity": { + "description": "Optionally defines the LaunchSecurity to be used by the instancetype.", "properties": { - "keyType": { - "description": "KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or\nSupplied, aka Customer-Supplied EncryptionKey (CSEK).", - "enum": [ - "Managed", - "Supplied" - ], - "type": "string" - }, - "kmsKeyServiceAccount": { - "description": "KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key.\nIf absent, the Compute Engine default service account is used. For example:\n\"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com.\nThe maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email\nsuffix (\"iam.gserviceaccount.com\").", - "maxLength": 85, - "pattern": "[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com", - "type": "string" - }, - "managedKey": { - "description": "ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.", - "properties": { - "kmsKeyName": { - "description": "KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example:\n\"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key", - "maxLength": 160, - "pattern": "projects\\/[-_[A-Za-z0-9]+\\/locations\\/[-_[A-Za-z0-9]+\\/keyRings\\/[-_[A-Za-z0-9]+\\/cryptoKeys\\/[-_[A-Za-z0-9]+", - "type": "string" - } - }, - "required": [ - "kmsKeyName" - ], - "type": "object" - }, - "suppliedKey": { - "description": "SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.", - "maxProperties": 1, - "minProperties": 1, + "sev": { + "description": "AMD Secure Encrypted Virtualization (SEV).", "properties": { - "rawKey": { - "description": "RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648\nbase64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey.\nFor example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\"", - "format": "byte", + "attestation": { + "description": "If specified, run the attestation process for a vmi.", + "type": "object" + }, + "dhCert": { + "description": "Base64 encoded guest owner's Diffie-Hellman key.", "type": "string" }, - "rsaEncryptedKey": { - "description": "RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption\nkey to either encrypt or decrypt this resource. You can provide either the rawKey or the\nrsaEncryptedKey.\nFor example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi\nz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi\nD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\"\nThe key must meet the following requirements before you can provide it to Compute Engine:\n1. The key is wrapped using a RSA public key certificate provided by Google.\n2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding.\nGets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem", - "format": "byte", + "policy": { + "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", + "properties": { + "encryptedState": { + "description": "SEV-ES is required.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "session": { + "description": "Base64 encoded session blob.", "type": "string" } }, "type": "object" } }, - "required": [ - "keyType" - ], "type": "object" }, - "serviceAccounts": { - "description": "ServiceAccount specifies the service account email and which scopes to assign to the machine.\nDefaults to: email: \"default\", scope: []{compute.CloudPlatformScope}", + "memory": { + "description": "Required Memory related attributes of the instancetype.", "properties": { - "email": { - "description": "Email: Email address of the service account.", - "type": "string" + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Required amount of memory which is visible inside the guest OS.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "scopes": { - "description": "Scopes: The list of scopes to be made available for this service\naccount.", - "items": { - "type": "string" + "hugepages": { + "description": "Optionally enables the use of hugepages for the VirtualMachineInstance instead of regular memory.", + "properties": { + "pageSize": { + "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "type": "string" + } }, - "type": "array" - } - }, - "type": "object" - }, - "shieldedInstanceConfig": { - "description": "ShieldedInstanceConfig is the Shielded VM configuration for this machine", - "properties": { - "integrityMonitoring": { - "description": "IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity.\nCompares the most recent boot measurements to the integrity policy baseline and return\na pair of pass/fail results depending on whether they match or not.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" + "type": "object" }, - "secureBoot": { - "description": "SecureBoot Defines whether the instance should have secure boot enabled.\nSecure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - "enum": [ - "Enabled", - "Disabled" + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } ], - "type": "string" + "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "virtualizedTrustedPlatformModule": { - "description": "VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline.\nThe integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" + "overcommitPercent": { + "description": "OvercommitPercent is the percentage of the guest memory which will be overcommitted.\nThis means that the VMIs parent pod (virt-launcher) will request less\nphysical memory by a factor specified by the OvercommitPercent.\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 0", + "maximum": 100, + "minimum": 0, + "type": "integer" } }, + "required": [ + "guest" + ], + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\nNodeSelector is the name of the custom node selector for the instancetype.", "type": "object" }, - "subnet": { - "description": "Subnet is a reference to the subnetwork to use for this instance. If not specified,\nthe first subnetwork retrieved from the Cluster Region and Network is picked.", + "schedulerName": { + "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.\n\nSchedulerName is the name of the custom K8s scheduler for the instancetype.", "type": "string" } }, "required": [ - "instanceType" + "cpu", + "memory" ], "type": "object" - }, - "status": { - "description": "GCPMachineStatus defines the observed state of GCPMachine.", - "properties": { - "addresses": { - "description": "Addresses contains the GCP instance associated addresses.", - "items": { - "description": "NodeAddress contains information for the node's address.", - "properties": { - "address": { - "description": "The node address.", - "type": "string" - }, - "type": { - "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", - "type": "string" - } - }, - "required": [ - "address", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "failureMessage": { - "description": "FailureMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", - "type": "string" - }, - "failureReason": { - "description": "FailureReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", - "type": "string" - }, - "instanceState": { - "description": "InstanceStatus is the status of the GCP instance for this machine.", - "type": "string" - }, - "ready": { - "description": "Ready is true when the provider resource is ready.", - "type": "boolean" - } - }, - "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPMachine", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineClusterInstancetype", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPMachineList": { - "description": "GCPMachineList is a list of GCPMachine", + "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterInstancetypeList": { + "description": "VirtualMachineClusterInstancetypeList is a list of VirtualMachineClusterInstancetype", "namespaced": true, "properties": { "apiVersion": { @@ -95831,9 +89953,9 @@ "type": "string" }, "items": { - "description": "List of gcpmachines. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of virtualmachineclusterinstancetypes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPMachine" + "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineClusterInstancetype" }, "type": "array" }, @@ -95856,15 +89978,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPMachineList", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineClusterInstancetypeList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPMachineTemplate": { - "description": "GCPMachineTemplate is the Schema for the gcpmachinetemplates API.", - "namespaced": true, + "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterPreference": { + "description": "VirtualMachineClusterPreference is a cluster scoped version of the VirtualMachinePreference resource.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -95883,391 +90005,677 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPMachineTemplateSpec defines the desired state of GCPMachineTemplate.", + "description": "Required spec describing the preferences", "properties": { - "template": { - "description": "GCPMachineTemplateResource describes the data needed to create am GCPMachine from a template.", + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Optionally defines preferred Annotations to be applied to the VirtualMachineInstance", + "type": "object" + }, + "clock": { + "description": "Clock optionally defines preferences associated with the Clock attribute of a VirtualMachineInstance DomainSpec", "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "preferredClockOffset": { + "description": "ClockOffset allows specifying the UTC offset or the timezone of the guest clock.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" + "timezone": { + "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", + "type": "string" }, - "labels": { - "additionalProperties": { - "type": "string" + "utc": { + "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", + "properties": { + "offsetSeconds": { + "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", + "type": "integer" + } }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" } }, "type": "object" }, - "spec": { - "description": "Spec is the specification of the desired behavior of the machine.", + "preferredTimer": { + "description": "Timer specifies whih timers are attached to the vmi.", "properties": { - "additionalDisks": { - "description": "AdditionalDisks are optional non-boot attached disks.", - "items": { - "description": "AttachedDiskSpec degined GCP machine disk.", - "properties": { - "deviceType": { - "description": "DeviceType is a device type of the attached disk.\nSupported types of non-root attached volumes:\n1. \"pd-standard\" - Standard (HDD) persistent disk\n2. \"pd-ssd\" - SSD persistent disk\n3. \"local-ssd\" - Local SSD disk (https://cloud.google.com/compute/docs/disks/local-ssd).\n4. \"pd-balanced\" - Balanced Persistent Disk\n5. \"hyperdisk-balanced\" - Hyperdisk Balanced\nDefault is \"pd-standard\".", - "type": "string" - }, - "encryptionKey": { - "description": "EncryptionKey defines the KMS key to be used to encrypt the disk.", - "properties": { - "keyType": { - "description": "KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or\nSupplied, aka Customer-Supplied EncryptionKey (CSEK).", - "enum": [ - "Managed", - "Supplied" - ], - "type": "string" - }, - "kmsKeyServiceAccount": { - "description": "KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key.\nIf absent, the Compute Engine default service account is used. For example:\n\"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com.\nThe maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email\nsuffix (\"iam.gserviceaccount.com\").", - "maxLength": 85, - "pattern": "[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com", - "type": "string" - }, - "managedKey": { - "description": "ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.", - "properties": { - "kmsKeyName": { - "description": "KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example:\n\"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key", - "maxLength": 160, - "pattern": "projects\\/[-_[A-Za-z0-9]+\\/locations\\/[-_[A-Za-z0-9]+\\/keyRings\\/[-_[A-Za-z0-9]+\\/cryptoKeys\\/[-_[A-Za-z0-9]+", - "type": "string" - } - }, - "required": [ - "kmsKeyName" - ], - "type": "object" - }, - "suppliedKey": { - "description": "SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "rawKey": { - "description": "RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648\nbase64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey.\nFor example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\"", - "format": "byte", - "type": "string" - }, - "rsaEncryptedKey": { - "description": "RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption\nkey to either encrypt or decrypt this resource. You can provide either the rawKey or the\nrsaEncryptedKey.\nFor example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi\nz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi\nD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\"\nThe key must meet the following requirements before you can provide it to Compute Engine:\n1. The key is wrapped using a RSA public key certificate provided by Google.\n2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding.\nGets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem", - "format": "byte", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "keyType" - ], - "type": "object" - }, - "size": { - "description": "Size is the size of the disk in GBs.\nDefaults to 30GB. For \"local-ssd\" size is always 375GB.", - "format": "int64", - "type": "integer" - } + "hpet": { + "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" }, - "type": "object" + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", + "type": "string" + } }, - "type": "array" + "type": "object" }, - "additionalLabels": { - "additionalProperties": { - "type": "string" + "hyperv": { + "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } }, - "description": "AdditionalLabels is an optional set of tags to add to an instance, in addition to the ones added by default by the\nGCP provider. If both the GCPCluster and the GCPMachine specify the same tag name with different values, the\nGCPMachine's value takes precedence.", "type": "object" }, - "additionalMetadata": { - "description": "AdditionalMetadata is an optional set of metadata to add to an instance, in addition to the ones added by default by the\nGCP provider.", - "items": { - "description": "MetadataItem defines a single piece of metadata associated with an instance.", - "properties": { - "key": { - "description": "Key is the identifier for the metadata entry.", - "type": "string" - }, - "value": { - "description": "Value is the value of the metadata entry.", - "type": "string" - } + "kvm": { + "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "pit": { + "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" }, - "required": [ - "key" - ], - "type": "object" + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "additionalNetworkTags": { - "description": "AdditionalNetworkTags is a list of network tags that should be applied to the\ninstance. These tags are set in addition to any network tags defined\nat the cluster level or in the actuator.", - "items": { + "rtc": { + "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", + "type": "string" + }, + "track": { + "description": "Track the guest or the wall clock.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "cpu": { + "description": "CPU optionally defines preferences associated with the CPU attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredCPUFeatures": { + "description": "PreferredCPUFeatures optionally defines a slice of preferred CPU features.", + "items": { + "description": "CPUFeature allows specifying a CPU feature.", + "properties": { + "name": { + "description": "Name of the CPU feature", "type": "string" }, - "type": "array" - }, - "confidentialCompute": { - "description": "ConfidentialCompute Defines whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice.\nIf Disabled, the machine will not be configured to be a confidential computing instance.\nIf Enabled, confidential computing will be configured and AMD Secure Encrypted Virtualization will be configured by default. That is subject to change over time. If using AMD Secure Encrypted Virtualization is vital, use AMDEncryptedVirtualization explicitly instead.\nIf AMDEncryptedVirtualization, it will configure AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology.\nIf AMDEncryptedVirtualizationNestedPaging, it will configure AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology.\nIf IntelTrustedDomainExtensions, it will configure Intel TDX as the confidential computing technology.\nIf enabled (any value other than Disabled) OnHostMaintenance is required to be set to \"Terminate\".\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is false.", - "enum": [ - "Enabled", - "Disabled", - "AMDEncryptedVirtualization", - "AMDEncryptedVirtualizationNestedPaging", - "IntelTrustedDomainExtensions" - ], - "type": "string" - }, - "image": { - "description": "Image is the full reference to a valid image to be used for this machine.\nTakes precedence over ImageFamily.", - "type": "string" - }, - "imageFamily": { - "description": "ImageFamily is the full reference to a valid image family to be used for this machine.", - "type": "string" + "policy": { + "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", + "type": "string" + } }, - "instanceType": { - "description": "InstanceType is the type of instance to create. Example: n1.standard-2", + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "preferredCPUTopology": { + "description": "PreferredCPUTopology optionally defines the preferred guest visible CPU topology, defaults to PreferSockets.", + "type": "string" + }, + "spreadOptions": { + "properties": { + "across": { + "description": "Across optionally defines how to spread vCPUs across the guest visible topology.\nDefault: SocketsCores", "type": "string" }, - "ipForwarding": { - "default": "Enabled", - "description": "IPForwarding Allows this instance to send and receive packets with non-matching destination or source IPs.\nThis is required if you plan to use this instance to forward routes. Defaults to enabled.", - "enum": [ - "Enabled", - "Disabled" + "ratio": { + "description": "Ratio optionally defines the ratio to spread vCPUs across the guest visible topology:\n\nCoresThreads - 1:2 - Controls the ratio of cores to threads. Only a ratio of 2 is currently accepted.\nSocketsCores - 1:N - Controls the ratio of socket to cores.\nSocketsCoresThreads - 1:N:2 - Controls the ratio of socket to cores. Each core providing 2 threads.\n\nDefault: 2", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "devices": { + "description": "Devices optionally defines preferences associated with the Devices attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredAutoattachGraphicsDevice": { + "description": "PreferredAutoattachGraphicsDevice optionally defines the preferred value of AutoattachGraphicsDevice", + "type": "boolean" + }, + "preferredAutoattachInputDevice": { + "description": "PreferredAutoattachInputDevice optionally defines the preferred value of AutoattachInputDevice", + "type": "boolean" + }, + "preferredAutoattachMemBalloon": { + "description": "PreferredAutoattachMemBalloon optionally defines the preferred value of AutoattachMemBalloon", + "type": "boolean" + }, + "preferredAutoattachPodInterface": { + "description": "PreferredAutoattachPodInterface optionally defines the preferred value of AutoattachPodInterface", + "type": "boolean" + }, + "preferredAutoattachSerialConsole": { + "description": "PreferredAutoattachSerialConsole optionally defines the preferred value of AutoattachSerialConsole", + "type": "boolean" + }, + "preferredBlockMultiQueue": { + "description": "PreferredBlockMultiQueue optionally enables the vhost multiqueue feature for virtio disks.", + "type": "boolean" + }, + "preferredCdromBus": { + "description": "PreferredCdromBus optionally defines the preferred bus for Cdrom Disk devices.", + "type": "string" + }, + "preferredDisableHotplug": { + "description": "PreferredDisableHotplug optionally defines the preferred value of DisableHotplug", + "type": "boolean" + }, + "preferredDiskBlockSize": { + "description": "PreferredBlockSize optionally defines the block size of Disk devices.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" ], - "type": "string" + "type": "object" }, - "onHostMaintenance": { - "description": "OnHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", - "enum": [ - "Migrate", - "Terminate" - ], - "type": "string" + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "preferredDiskBus": { + "description": "PreferredDiskBus optionally defines the preferred bus for Disk Disk devices.", + "type": "string" + }, + "preferredDiskCache": { + "description": "PreferredCache optionally defines the DriverCache to be used by Disk devices.", + "type": "string" + }, + "preferredDiskDedicatedIoThread": { + "description": "PreferredDedicatedIoThread optionally enables dedicated IO threads for Disk devices using the virtio bus.", + "type": "boolean" + }, + "preferredDiskIO": { + "description": "PreferredIo optionally defines the QEMU disk IO mode to be used by Disk devices.", + "type": "string" + }, + "preferredInputBus": { + "description": "PreferredInputBus optionally defines the preferred bus for Input devices.", + "type": "string" + }, + "preferredInputType": { + "description": "PreferredInputType optionally defines the preferred type for Input devices.", + "type": "string" + }, + "preferredInterfaceMasquerade": { + "description": "PreferredInterfaceMasquerade optionally defines the preferred masquerade configuration to use with each network interface.", + "type": "object" + }, + "preferredInterfaceModel": { + "description": "PreferredInterfaceModel optionally defines the preferred model to be used by Interface devices.", + "type": "string" + }, + "preferredLunBus": { + "description": "PreferredLunBus optionally defines the preferred bus for Lun Disk devices.", + "type": "string" + }, + "preferredNetworkInterfaceMultiQueue": { + "description": "PreferredNetworkInterfaceMultiQueue optionally enables the vhost multiqueue feature for virtio interfaces.", + "type": "boolean" + }, + "preferredPanicDeviceModel": { + "description": "PreferredPanicDeviceModel optionally defines the preferred panic device model to use with panic devices.", + "type": "string" + }, + "preferredRng": { + "description": "PreferredRng optionally defines the preferred rng device to be used.", + "type": "object" + }, + "preferredSoundModel": { + "description": "PreferredSoundModel optionally defines the preferred model for Sound devices.", + "type": "string" + }, + "preferredTPM": { + "description": "PreferredTPM optionally defines the preferred TPM device to be used.", + "properties": { + "enabled": { + "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", + "type": "boolean" }, - "preemptible": { - "description": "Preemptible defines if instance is preemptible", + "persistent": { + "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredUseVirtioTransitional": { + "description": "PreferredUseVirtioTransitional optionally defines the preferred value of UseVirtioTransitional", + "type": "boolean" + }, + "preferredVirtualGPUOptions": { + "description": "PreferredVirtualGPUOptions optionally defines the preferred value of VirtualGPUOptions", + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "features": { + "description": "Features optionally defines preferences associated with the Features attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredAcpi": { + "description": "PreferredAcpi optionally enables the ACPI feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredApic": { + "description": "PreferredApic optionally enables and configures the APIC feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", "type": "boolean" }, - "providerID": { - "description": "ProviderID is the unique identifier as specified by the cloud provider.", - "type": "string" + "endOfInterrupt": { + "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredHyperv": { + "description": "PreferredHyperv optionally enables and configures HyperV features", + "properties": { + "evmcs": { + "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "provisioningModel": { - "description": "ProvisioningModel defines if instance is spot.\nIf set to \"Standard\" while preemptible is true, then the VM will be of type \"Preemptible\".\nIf \"Spot\", VM type is \"Spot\". When unspecified, defaults to \"Standard\".", - "enum": [ - "Standard", - "Spot" - ], - "type": "string" + "frequencies": { + "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "publicIP": { - "description": "PublicIP specifies whether the instance should get a public IP.\nSet this to true if you don't have a NAT instances or Cloud Nat setup.", - "type": "boolean" + "ipi": { + "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "resourceManagerTags": { - "description": "ResourceManagerTags is an optional set of tags to apply to GCP resources managed\nby the GCP provider. GCP supports a maximum of 50 tags per resource.", - "items": { - "description": "ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.", - "properties": { - "key": { - "description": "Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot\nbe empty. Tag key must begin and end with an alphanumeric character, and must contain\nonly uppercase, lowercase alphanumeric characters, and the following special\ncharacters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", - "type": "string" - }, - "parentID": { - "description": "ParentID is the ID of the hierarchical resource where the tags are defined\ne.g. at the Organization or the Project level. To find the Organization or Project ID ref\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,\nnumbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "value": { - "description": "Value is the value part of the tag. A tag value can have a maximum of 63 characters and\ncannot be empty. Tag value must begin and end with an alphanumeric character, and must\ncontain only uppercase, lowercase alphanumeric characters, and the following special\ncharacters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "key", - "parentID", - "value" - ], - "type": "object" + "reenlightenment": { + "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "type": "array" + "type": "object" }, - "rootDeviceSize": { - "description": "RootDeviceSize is the size of the root volume in GB.\nDefaults to 30.", - "format": "int64", - "type": "integer" + "relaxed": { + "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "rootDeviceType": { - "description": "RootDeviceType is the type of the root volume.\nSupported types of root volumes:\n1. \"pd-standard\" - Standard (HDD) persistent disk\n2. \"pd-ssd\" - SSD persistent disk\n3. \"pd-balanced\" - Balanced Persistent Disk\n4. \"hyperdisk-balanced\" - Hyperdisk Balanced\nDefault is \"pd-standard\".", - "type": "string" + "reset": { + "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "rootDiskEncryptionKey": { - "description": "RootDiskEncryptionKey defines the KMS key to be used to encrypt the root disk.", + "runtime": { + "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", "properties": { - "keyType": { - "description": "KeyType is the type of encryption key. Must be either Managed, aka Customer-Managed Encryption Key (CMEK) or\nSupplied, aka Customer-Supplied EncryptionKey (CSEK).", - "enum": [ - "Managed", - "Supplied" - ], - "type": "string" - }, - "kmsKeyServiceAccount": { - "description": "KMSKeyServiceAccount is the service account being used for the encryption request for the given KMS key.\nIf absent, the Compute Engine default service account is used. For example:\n\"kmsKeyServiceAccount\": \"name@project_id.iam.gserviceaccount.com.\nThe maximum length is based on the Service Account ID (max 30), Project (max 30), and a valid gcloud email\nsuffix (\"iam.gserviceaccount.com\").", - "maxLength": 85, - "pattern": "[-_[A-Za-z0-9]+@[-_[A-Za-z0-9]+.iam.gserviceaccount.com", - "type": "string" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "spinlocks": { + "description": "Spinlocks allows to configure the spinlock retry attempts.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" }, - "managedKey": { - "description": "ManagedKey references keys managed by the Cloud Key Management Service. This should be set when KeyType is Managed.", + "spinlocks": { + "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "synic": { + "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "synictimer": { + "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", + "properties": { + "direct": { + "description": "Represents if a feature is enabled or disabled.", "properties": { - "kmsKeyName": { - "description": "KMSKeyName is the name of the encryption key that is stored in Google Cloud KMS. For example:\n\"kmsKeyName\": \"projects/kms_project_id/locations/region/keyRings/key_region/cryptoKeys/key", - "maxLength": 160, - "pattern": "projects\\/[-_[A-Za-z0-9]+\\/locations\\/[-_[A-Za-z0-9]+\\/keyRings\\/[-_[A-Za-z0-9]+\\/cryptoKeys\\/[-_[A-Za-z0-9]+", - "type": "string" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" } }, - "required": [ - "kmsKeyName" - ], "type": "object" }, - "suppliedKey": { - "description": "SuppliedKey provides the key used to create or manage a disk. This should be set when KeyType is Managed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "rawKey": { - "description": "RawKey specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648\nbase64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey.\nFor example: \"rawKey\": \"SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=\"", - "format": "byte", - "type": "string" - }, - "rsaEncryptedKey": { - "description": "RSAEncryptedKey specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption\nkey to either encrypt or decrypt this resource. You can provide either the rawKey or the\nrsaEncryptedKey.\nFor example: \"rsaEncryptedKey\": \"ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHi\nz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDi\nD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==\"\nThe key must meet the following requirements before you can provide it to Compute Engine:\n1. The key is wrapped using a RSA public key certificate provided by Google.\n2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding.\nGets the RSA public key certificate provided by Google at: https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem", - "format": "byte", - "type": "string" - } - }, - "type": "object" + "enabled": { + "type": "boolean" } }, - "required": [ - "keyType" - ], "type": "object" }, - "serviceAccounts": { - "description": "ServiceAccount specifies the service account email and which scopes to assign to the machine.\nDefaults to: email: \"default\", scope: []{compute.CloudPlatformScope}", + "tlbflush": { + "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", "properties": { - "email": { - "description": "Email: Email address of the service account.", - "type": "string" - }, - "scopes": { - "description": "Scopes: The list of scopes to be made available for this service\naccount.", - "items": { - "type": "string" - }, - "type": "array" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" } }, "type": "object" }, - "shieldedInstanceConfig": { - "description": "ShieldedInstanceConfig is the Shielded VM configuration for this machine", + "vapic": { + "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", "properties": { - "integrityMonitoring": { - "description": "IntegrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity.\nCompares the most recent boot measurements to the integrity policy baseline and return\na pair of pass/fail results depending on whether they match or not.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" - }, - "secureBoot": { - "description": "SecureBoot Defines whether the instance should have secure boot enabled.\nSecure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vendorid": { + "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" }, - "virtualizedTrustedPlatformModule": { - "description": "VirtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline.\nThe integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "enum": [ - "Enabled", - "Disabled" - ], + "vendorid": { + "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", "type": "string" } }, "type": "object" }, - "subnet": { - "description": "Subnet is a reference to the subnetwork to use for this instance. If not specified,\nthe first subnetwork retrieved from the Cluster Region and Network is picked.", - "type": "string" + "vpindex": { + "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "preferredKvm": { + "description": "PreferredKvm optionally enables and configures KVM features", + "properties": { + "hidden": { + "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredPvspinlock": { + "description": "PreferredPvspinlock optionally enables the Pvspinlock feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredSmm": { + "description": "PreferredSmm optionally enables the SMM feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "firmware": { + "description": "Firmware optionally defines preferences associated with the Firmware attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredEfi": { + "description": "PreferredEfi optionally enables EFI", + "properties": { + "persistent": { + "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", + "type": "boolean" + }, + "secureBoot": { + "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredUseBios": { + "description": "PreferredUseBios optionally enables BIOS", + "type": "boolean" + }, + "preferredUseBiosSerial": { + "description": "PreferredUseBiosSerial optionally transmitts BIOS output over the serial.\n\nRequires PreferredUseBios to be enabled.", + "type": "boolean" + }, + "preferredUseEfi": { + "description": "PreferredUseEfi optionally enables EFI\n\nDeprecated: Will be removed with v1beta2 or v1", + "type": "boolean" + }, + "preferredUseSecureBoot": { + "description": "PreferredUseSecureBoot optionally enables SecureBoot and the OVMF roms will be swapped for SecureBoot-enabled ones.\n\nRequires PreferredUseEfi and PreferredSmm to be enabled.\n\nDeprecated: Will be removed with v1beta2 or v1", + "type": "boolean" + } + }, + "type": "object" + }, + "machine": { + "description": "Machine optionally defines preferences associated with the Machine attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredMachineType": { + "description": "PreferredMachineType optionally defines the preferred machine type to use.", + "type": "string" + } + }, + "type": "object" + }, + "preferSpreadSocketToCoreRatio": { + "description": "PreferSpreadSocketToCoreRatio defines the ratio to spread vCPUs between cores and sockets, it defaults to 2.", + "format": "int32", + "type": "integer" + }, + "preferredSubdomain": { + "description": "Subdomain of the VirtualMachineInstance", + "type": "string" + }, + "preferredTerminationGracePeriodSeconds": { + "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", + "format": "int64", + "type": "integer" + }, + "requirements": { + "description": "Requirements defines the minium amount of instance type defined resources required by a set of preferences", + "properties": { + "cpu": { + "description": "Required CPU related attributes of the instancetype.", + "properties": { + "guest": { + "description": "Minimal number of vCPUs required by the preference.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "guest" + ], + "type": "object" + }, + "memory": { + "description": "Required Memory related attributes of the instancetype.", + "properties": { + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Minimal amount of memory required by the preference.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true } }, "required": [ - "instanceType" + "guest" ], "type": "object" } }, - "required": [ - "spec" - ], + "type": "object" + }, + "volumes": { + "description": "Volumes optionally defines preferences associated with the Volumes attribute of a VirtualMachineInstace DomainSpec", + "properties": { + "preferredStorageClassName": { + "description": "PreffereedStorageClassName optionally defines the preferred storageClass", + "type": "string" + } + }, "type": "object" } }, - "required": [ - "template" - ], "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPMachineTemplate", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineClusterPreference", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPMachineTemplateList": { - "description": "GCPMachineTemplateList is a list of GCPMachineTemplate", + "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterPreferenceList": { + "description": "VirtualMachineClusterPreferenceList is a list of VirtualMachineClusterPreference", "namespaced": true, "properties": { "apiVersion": { @@ -96275,9 +90683,9 @@ "type": "string" }, "items": { - "description": "List of gcpmachinetemplates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of virtualmachineclusterpreferences. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPMachineTemplate" + "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineClusterPreference" }, "type": "array" }, @@ -96300,14 +90708,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPMachineTemplateList", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineClusterPreferenceList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedCluster": { - "description": "GCPManagedCluster is the Schema for the gcpmanagedclusters API.", + "instancetype.kubevirt.io/v1beta1/VirtualMachineInstancetype": { + "description": "VirtualMachineInstancetype resource contains quantitative and resource related VirtualMachine configuration\nthat can be used by multiple VirtualMachine resources.", "namespaced": true, "properties": { "apiVersion": { @@ -96327,408 +90735,277 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPManagedClusterSpec defines the desired state of GCPManagedCluster.", + "description": "Required spec describing the instancetype", "properties": { - "additionalLabels": { + "annotations": { "additionalProperties": { "type": "string" }, - "description": "AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the\nones added by default.", + "description": "Optionally defines the required Annotations to be used by the instance type and applied to the VirtualMachineInstance", "type": "object" }, - "controlPlaneEndpoint": { - "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", + "cpu": { + "description": "Required CPU related attributes of the instancetype.", "properties": { - "host": { - "description": "The hostname on which the API server is serving.", - "type": "string" + "dedicatedCPUPlacement": { + "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", + "type": "boolean" }, - "port": { - "description": "The port on which the API server is serving.", + "guest": { + "description": "Required number of vCPUs to expose to the guest.\n\nThe resulting CPU topology being derived from the optional PreferredCPUTopology attribute of CPUPreferences that itself defaults to PreferSockets.", "format": "int32", "type": "integer" - } - }, - "required": [ - "host", - "port" - ], - "type": "object" - }, - "credentialsRef": { - "description": "CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this cluster. If not\nsupplied then the credentials of the controller will be used.", - "properties": { - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "loadBalancer": { - "description": "LoadBalancerSpec contains configuration for one or more LoadBalancers.", - "properties": { - "apiServerInstanceGroupTagOverride": { - "description": "APIServerInstanceGroupTagOverride overrides the default setting for the\ntag used when creating the API Server Instance Group.", - "maxLength": 16, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "internalLoadBalancer": { - "description": "InternalLoadBalancer is the configuration for an Internal Passthrough Network Load Balancer.", - "properties": { - "name": { - "description": "Name is the name of the Load Balancer. If not set a default name\nwill be used. For an Internal Load Balancer service the default\nname is \"api-internal\".", - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "subnet": { - "description": "Subnet is the name of the subnet to use for a regional Load Balancer. A subnet is\nrequired for the Load Balancer, if not defined the first configured subnet will be\nused.", - "type": "string" - } - }, - "type": "object" }, - "loadBalancerType": { - "description": "LoadBalancerType defines the type of Load Balancer that should be created.\nIf not set, a Global External Proxy Load Balancer will be created by default.", - "type": "string" - } - }, - "type": "object" - }, - "network": { - "description": "NetworkSpec encapsulates all things related to the GCP network.", - "properties": { - "autoCreateSubnetworks": { - "description": "AutoCreateSubnetworks: When set to true, the VPC network is created\nin \"auto\" mode. When set to false, the VPC network is created in\n\"custom\" mode.\n\nAn auto mode VPC network starts with one subnet per region. Each\nsubnet has a predetermined range as described in Auto mode VPC\nnetwork IP ranges.\n\nDefaults to true.", + "isolateEmulatorThread": { + "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", "type": "boolean" }, - "hostProject": { - "description": "HostProject is the name of the project hosting the shared VPC network resources.", - "type": "string" - }, - "loadBalancerBackendPort": { - "description": "Allow for configuration of load balancer backend (useful for changing apiserver port)", + "maxSockets": { + "description": "MaxSockets specifies the maximum amount of sockets that can be hotplugged", "format": "int32", "type": "integer" }, - "mtu": { - "default": 1460, - "description": "Mtu: Maximum Transmission Unit in bytes. The minimum value for this field is\n1300 and the maximum value is 8896. The suggested value is 1500, which is\nthe default MTU used on the Internet, or 8896 if you want to use Jumbo\nframes. If unspecified, the value defaults to 1460.\nMore info: https://pkg.go.dev/google.golang.org/api/compute/v1#Network", - "format": "int64", - "maximum": 8896, - "minimum": 1300, - "type": "integer" - }, - "name": { - "description": "Name is the name of the network to be used.", + "model": { + "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", "type": "string" }, - "subnets": { - "description": "Subnets configuration.", - "items": { - "description": "SubnetSpec configures an GCP Subnet.", - "properties": { - "cidrBlock": { - "description": "CidrBlock is the range of internal addresses that are owned by this\nsubnetwork. Provide this property when you create the subnetwork. For\nexample, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported. This field\ncan be set only at resource creation time.", - "type": "string" - }, - "description": { - "description": "Description is an optional description associated with the resource.", - "type": "string" - }, - "enableFlowLogs": { - "description": "EnableFlowLogs: Whether to enable flow logging for this subnetwork.\nIf this field is not explicitly set, it will not appear in get\nlistings. If not set the default behavior is to disable flow logging.", - "type": "boolean" - }, - "name": { - "description": "Name defines a unique identifier to reference this resource.", - "type": "string" - }, - "privateGoogleAccess": { - "description": "PrivateGoogleAccess defines whether VMs in this subnet can access\nGoogle services without assigning external IP addresses", - "type": "boolean" - }, - "purpose": { - "default": "PRIVATE_RFC_1918", - "description": "Purpose: The purpose of the resource.\nIf unspecified, the purpose defaults to PRIVATE_RFC_1918.\nThe enableFlowLogs field isn't supported with the purpose field set to INTERNAL_HTTPS_LOAD_BALANCER.\n\nPossible values:\n \"INTERNAL_HTTPS_LOAD_BALANCER\" - Subnet reserved for Internal\nHTTP(S) Load Balancing.\n \"PRIVATE\" - Regular user created or automatically created subnet.\n \"PRIVATE_RFC_1918\" - Regular user created or automatically created\nsubnet.\n \"PRIVATE_SERVICE_CONNECT\" - Subnetworks created for Private Service\nConnect in the producer network.\n \"REGIONAL_MANAGED_PROXY\" - Subnetwork used for Regional\nInternal/External HTTP(S) Load Balancing.", - "enum": [ - "INTERNAL_HTTPS_LOAD_BALANCER", - "PRIVATE_RFC_1918", - "PRIVATE", - "PRIVATE_SERVICE_CONNECT", - "REGIONAL_MANAGED_PROXY" - ], - "type": "string" - }, - "region": { - "description": "Region is the name of the region where the Subnetwork resides.", - "type": "string" - }, - "secondaryCidrBlocks": { - "additionalProperties": { - "type": "string" - }, - "description": "SecondaryCidrBlocks defines secondary CIDR ranges,\nfrom which secondary IP ranges of a VM may be allocated", - "type": "object" - }, - "stackType": { - "default": "IPV4_ONLY", - "description": "StackType: The stack type for the subnet. If set to IPV4_ONLY, new VMs in\nthe subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in\nthe subnet can be assigned both IPv4 and IPv6 addresses. If not specified,\nIPV4_ONLY is used. This field can be both set at resource creation time and\nupdated using patch.\n\nPossible values:\n \"IPV4_IPV6\" - New VMs in this subnet can have both IPv4 and IPv6\naddresses.\n \"IPV4_ONLY\" - New VMs in this subnet will only be assigned IPv4 addresses.\n \"IPV6_ONLY\" - New VMs in this subnet will only be assigned IPv6 addresses.", - "enum": [ - "IPV4_ONLY", - "IPV4_IPV6", - "IPV6_ONLY" - ], - "type": "string" - } - }, - "type": "object" + "numa": { + "description": "NUMA allows specifying settings for the guest NUMA topology", + "properties": { + "guestMappingPassthrough": { + "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", + "type": "object" + } }, - "type": "array" + "type": "object" + }, + "realtime": { + "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", + "properties": { + "mask": { + "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", + "type": "string" + } + }, + "type": "object" } }, + "required": [ + "guest" + ], "type": "object" }, - "project": { - "description": "Project is the name of the project to deploy the cluster to.", - "type": "string" - }, - "region": { - "description": "The GCP Region the cluster lives in.", - "type": "string" - }, - "resourceManagerTags": { - "description": "ResourceManagerTags is an optional set of tags to apply to GCP resources managed\nby the GCP provider. GCP supports a maximum of 50 tags per resource.", + "gpus": { + "description": "Optionally defines any GPU devices associated with the instancetype.", "items": { - "description": "ResourceManagerTag is a tag to apply to GCP resources managed by the GCP provider.", "properties": { - "key": { - "description": "Key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot\nbe empty. Tag key must begin and end with an alphanumeric character, and must contain\nonly uppercase, lowercase alphanumeric characters, and the following special\ncharacters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", "type": "string" }, - "parentID": { - "description": "ParentID is the ID of the hierarchical resource where the tags are defined\ne.g. at the Organization or the Project level. To find the Organization or Project ID ref\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters,\nnumbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", "type": "string" }, - "value": { - "description": "Value is the value part of the tag. A tag value can have a maximum of 63 characters and\ncannot be empty. Tag value must begin and end with an alphanumeric character, and must\ncontain only uppercase, lowercase alphanumeric characters, and the following special\ncharacters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", + "name": { + "description": "Name of the GPU device as exposed by a device plugin", + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", "type": "string" + }, + "virtualGPUOptions": { + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" } }, "required": [ - "key", - "parentID", - "value" + "name" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "serviceEndpoints": { - "description": "ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.\nFor instance, the user can specify a new endpoint for the compute service.", - "properties": { - "compute": { - "description": "ComputeServiceEndpoint is the custom endpoint url for the Compute Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "container": { - "description": "ContainerServiceEndpoint is the custom endpoint url for the Container Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "iam": { - "description": "IAMServiceEndpoint is the custom endpoint url for the IAM Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - }, - "resourceManager": { - "description": "ResourceManagerServiceEndpoint is the custom endpoint url for the Resource Manager Service", - "format": "uri", - "pattern": "^https://", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "project", - "region" - ], - "type": "object" - }, - "status": { - "description": "GCPManagedClusterStatus defines the observed state of GCPManagedCluster.", - "properties": { - "conditions": { - "description": "Conditions specifies the conditions for the managed control plane", + "hostDevices": { + "description": "Optionally defines any HostDevices associated with the instancetype.", "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", "type": "string" }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", "type": "string" }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "name": { "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", "type": "string" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "name" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "failureDomains": { - "additionalProperties": { - "description": "FailureDomainSpec is the Schema for Cluster API failure domains.\nIt allows controllers to understand how many failure domains a cluster can optionally span across.", - "properties": { - "attributes": { - "additionalProperties": { + "ioThreadsPolicy": { + "description": "Optionally defines the IOThreadsPolicy to be used by the instancetype.", + "type": "string" + }, + "launchSecurity": { + "description": "Optionally defines the LaunchSecurity to be used by the instancetype.", + "properties": { + "sev": { + "description": "AMD Secure Encrypted Virtualization (SEV).", + "properties": { + "attestation": { + "description": "If specified, run the attestation process for a vmi.", + "type": "object" + }, + "dhCert": { + "description": "Base64 encoded guest owner's Diffie-Hellman key.", "type": "string" }, - "description": "attributes is a free form map of attributes an infrastructure provider might use or require.", - "type": "object" + "policy": { + "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", + "properties": { + "encryptedState": { + "description": "SEV-ES is required.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "session": { + "description": "Base64 encoded session blob.", + "type": "string" + } }, - "controlPlane": { - "description": "controlPlane determines if this failure domain is suitable for use by control plane machines.", - "type": "boolean" - } - }, - "type": "object" + "type": "object" + } }, - "description": "FailureDomains is a slice of FailureDomains.", "type": "object" }, - "network": { - "description": "Network encapsulates GCP networking resources.", + "memory": { + "description": "Required Memory related attributes of the instancetype.", "properties": { - "apiInternalBackendService": { - "description": "APIInternalBackendService is the full reference to the backend service\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalForwardingRule": { - "description": "APIInternalForwardingRule is the full reference to the forwarding rule\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalHealthCheck": { - "description": "APIInternalHealthCheck is the full reference to the health check\ncreated for the internal Load Balancer.", - "type": "string" - }, - "apiInternalIpAddress": { - "description": "APIInternalAddress is the IPV4 regional address assigned to the\ninternal Load Balancer.", - "type": "string" - }, - "apiServerBackendService": { - "description": "APIServerBackendService is the full reference to the backend service\ncreated for the API Server.", - "type": "string" + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Required amount of memory which is visible inside the guest OS.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "apiServerForwardingRule": { - "description": "APIServerForwardingRule is the full reference to the forwarding rule\ncreated for the API Server.", - "type": "string" + "hugepages": { + "description": "Optionally enables the use of hugepages for the VirtualMachineInstance instead of regular memory.", + "properties": { + "pageSize": { + "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "type": "string" + } + }, + "type": "object" }, - "apiServerHealthCheck": { - "description": "APIServerHealthCheck is the full reference to the health check\ncreated for the API Server.", - "type": "string" - }, - "apiServerInstanceGroups": { - "additionalProperties": { - "type": "string" - }, - "description": "APIServerInstanceGroups is a map from zone to the full reference\nto the instance groups created for the control plane nodes created in the same zone.", - "type": "object" - }, - "apiServerIpAddress": { - "description": "APIServerAddress is the IPV4 global address assigned to the load balancer\ncreated for the API Server.", - "type": "string" - }, - "apiServerTargetProxy": { - "description": "APIServerTargetProxy is the full reference to the target proxy\ncreated for the API Server.", - "type": "string" - }, - "firewallRules": { - "additionalProperties": { - "type": "string" - }, - "description": "FirewallRules is a map from the name of the rule to its full reference.", - "type": "object" - }, - "router": { - "description": "Router is the full reference to the router created within the network\nit'll contain the cloud nat gateway", - "type": "string" + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "selfLink": { - "description": "SelfLink is the link to the Network used for this cluster.", - "type": "string" + "overcommitPercent": { + "description": "OvercommitPercent is the percentage of the guest memory which will be overcommitted.\nThis means that the VMIs parent pod (virt-launcher) will request less\nphysical memory by a factor specified by the OvercommitPercent.\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 0", + "maximum": 100, + "minimum": 0, + "type": "integer" } }, + "required": [ + "guest" + ], "type": "object" }, - "ready": { - "type": "boolean" + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\nNodeSelector is the name of the custom node selector for the instancetype.", + "type": "object" + }, + "schedulerName": { + "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.\n\nSchedulerName is the name of the custom K8s scheduler for the instancetype.", + "type": "string" } }, "required": [ - "ready" + "cpu", + "memory" ], "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedCluster", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineInstancetype", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedClusterList": { - "description": "GCPManagedClusterList is a list of GCPManagedCluster", + "instancetype.kubevirt.io/v1beta1/VirtualMachineInstancetypeList": { + "description": "VirtualMachineInstancetypeList is a list of VirtualMachineInstancetype", "namespaced": true, "properties": { "apiVersion": { @@ -96736,9 +91013,9 @@ "type": "string" }, "items": { - "description": "List of gcpmanagedclusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of virtualmachineinstancetypes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedCluster" + "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineInstancetype" }, "type": "array" }, @@ -96761,14 +91038,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedClusterList", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachineInstancetypeList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedControlPlane": { - "description": "GCPManagedControlPlane is the Schema for the gcpmanagedcontrolplanes API.", + "instancetype.kubevirt.io/v1beta1/VirtualMachinePreference": { + "description": "VirtualMachinePreference resource contains optional preferences related to the VirtualMachine.", "namespaced": true, "properties": { "apiVersion": { @@ -96788,622 +91065,677 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "GCPManagedControlPlaneSpec defines the desired state of GCPManagedControlPlane.", + "description": "Required spec describing the preferences", "properties": { - "clusterName": { - "description": "ClusterName allows you to specify the name of the GKE cluster.\nIf you don't specify a name then a default name will be created\nbased on the namespace and name of the managed control plane.", - "type": "string" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Optionally defines preferred Annotations to be applied to the VirtualMachineInstance", + "type": "object" }, - "clusterNetwork": { - "description": "ClusterNetwork define the cluster network.", + "clock": { + "description": "Clock optionally defines preferences associated with the Clock attribute of a VirtualMachineInstance DomainSpec", "properties": { - "pod": { - "description": "Pod defines the range of CIDRBlock list from where it gets the IP address.", + "preferredClockOffset": { + "description": "ClockOffset allows specifying the UTC offset or the timezone of the guest clock.", "properties": { - "cidrBlock": { - "description": "CidrBlock is where all pods in the cluster are assigned an IP address from this range. Enter a range\n(in CIDR notation) within a network range, a mask, or leave this field blank to use a default range.\nThis setting is permanent.", + "timezone": { + "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", "type": "string" + }, + "utc": { + "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", + "properties": { + "offsetSeconds": { + "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", + "type": "integer" + } + }, + "type": "object" } }, "type": "object" }, - "privateCluster": { - "description": "PrivateCluster defines the private cluster spec.", + "preferredTimer": { + "description": "Timer specifies whih timers are attached to the vmi.", "properties": { - "controlPlaneCidrBlock": { - "description": "ControlPlaneCidrBlock is the IP range in CIDR notation to use for the hosted master network. This range must not\noverlap with any other ranges in use within the cluster's network. Honored when enabled is true.", - "type": "string" + "hpet": { + "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", + "type": "string" + } + }, + "type": "object" }, - "controlPlaneGlobalAccess": { - "description": "ControlPlaneGlobalAccess is whenever master is accessible globally or not. Honored when enabled is true.", - "type": "boolean" + "hyperv": { + "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "disableDefaultSNAT": { - "description": "DisableDefaultSNAT disables cluster default sNAT rules. Honored when enabled is true.", - "type": "boolean" + "kvm": { + "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "enablePrivateEndpoint": { - "description": "EnablePrivateEndpoint: Whether the master's internal IP\naddress is used as the cluster endpoint.", - "type": "boolean" + "pit": { + "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", + "type": "string" + } + }, + "type": "object" }, - "enablePrivateNodes": { - "description": "EnablePrivateNodes: Whether nodes have internal IP\naddresses only. If enabled, all nodes are given only RFC\n1918 private addresses and communicate with the master via\nprivate networking.", - "type": "boolean" - } - }, - "type": "object" - }, - "service": { - "description": "Service defines the range of CIDRBlock list from where it gets the IP address.", - "properties": { - "cidrBlock": { - "description": "CidrBlock is where cluster services will be assigned an IP address from this IP address range. Enter a range\n(in CIDR notation) within a network range, a mask, or leave this field blank to use a default range.\nThis setting is permanent.", - "type": "string" + "rtc": { + "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", + "type": "string" + }, + "track": { + "description": "Track the guest or the wall clock.", + "type": "string" + } + }, + "type": "object" } }, "type": "object" - }, - "useIPAliases": { - "description": "UseIPAliases is whether alias IPs will be used for pod IPs in the cluster. If false, routes will be used for\npod IPs in the cluster.", - "type": "boolean" - } - }, - "type": "object" - }, - "controlPlaneVersion": { - "description": "ControlPlaneVersion represents the control plane version of the GKE cluster.\nIf not specified, the default version currently supported by GKE will be\nused.\n\nDeprecated: This field will soon be removed and you are expected to use Version instead.", - "type": "string" - }, - "description": { - "description": "Description describe the cluster.", - "type": "string" - }, - "enableAutopilot": { - "description": "EnableAutopilot indicates whether to enable autopilot for this GKE cluster.", - "type": "boolean" - }, - "enableIdentityService": { - "description": "EnableIdentityService indicates whether to enable Identity Service component for this GKE cluster.", - "type": "boolean" - }, - "endpoint": { - "description": "Endpoint represents the endpoint used to communicate with the control plane.", - "properties": { - "host": { - "description": "The hostname on which the API server is serving.", - "type": "string" - }, - "port": { - "description": "The port on which the API server is serving.", - "format": "int32", - "type": "integer" } }, - "required": [ - "host", - "port" - ], "type": "object" }, - "location": { - "description": "Location represents the location (region or zone) in which the GKE cluster\nwill be created.", - "type": "string" - }, - "loggingService": { - "description": "LoggingService represents configuration of logging service feature of the GKE cluster.\nPossible values: none, logging.googleapis.com/kubernetes (default).\nValue is ignored when enableAutopilot = true.", - "type": "string" - }, - "master_authorized_networks_config": { - "description": "MasterAuthorizedNetworksConfig represents configuration options for master authorized networks feature of the GKE cluster.\nThis feature is disabled if this field is not specified.", + "cpu": { + "description": "CPU optionally defines preferences associated with the CPU attribute of a VirtualMachineInstance DomainSpec", "properties": { - "cidr_blocks": { - "description": "cidr_blocks define up to 50 external networks that could access\nKubernetes master through HTTPS.", + "preferredCPUFeatures": { + "description": "PreferredCPUFeatures optionally defines a slice of preferred CPU features.", "items": { - "description": "MasterAuthorizedNetworksConfigCidrBlock contains an optional name and one CIDR block.", + "description": "CPUFeature allows specifying a CPU feature.", "properties": { - "cidr_block": { - "description": "cidr_block must be specified in CIDR notation.", - "pattern": "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}(?:\\/([0-9]|[1-2][0-9]|3[0-2]))?$|^([a-fA-F0-9:]+:+)+[a-fA-F0-9]+\\/[0-9]{1,3}$", + "name": { + "description": "Name of the CPU feature", "type": "string" }, - "display_name": { - "description": "display_name is an field for users to identify CIDR blocks.", + "policy": { + "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array" }, - "gcp_public_cidrs_access_enabled": { - "description": "Whether master is accessible via Google Compute Engine Public IP addresses.", - "type": "boolean" + "preferredCPUTopology": { + "description": "PreferredCPUTopology optionally defines the preferred guest visible CPU topology, defaults to PreferSockets.", + "type": "string" + }, + "spreadOptions": { + "properties": { + "across": { + "description": "Across optionally defines how to spread vCPUs across the guest visible topology.\nDefault: SocketsCores", + "type": "string" + }, + "ratio": { + "description": "Ratio optionally defines the ratio to spread vCPUs across the guest visible topology:\n\nCoresThreads - 1:2 - Controls the ratio of cores to threads. Only a ratio of 2 is currently accepted.\nSocketsCores - 1:N - Controls the ratio of socket to cores.\nSocketsCoresThreads - 1:N:2 - Controls the ratio of socket to cores. Each core providing 2 threads.\n\nDefault: 2", + "format": "int32", + "type": "integer" + } + }, + "type": "object" } }, "type": "object" }, - "monitoringService": { - "description": "MonitoringService represents configuration of monitoring service feature of the GKE cluster.\nPossible values: none, monitoring.googleapis.com/kubernetes (default).\nValue is ignored when enableAutopilot = true.", - "type": "string" - }, - "project": { - "description": "Project is the name of the project to deploy the cluster to.", - "type": "string" - }, - "releaseChannel": { - "description": "ReleaseChannel represents the release channel of the GKE cluster.", - "enum": [ - "rapid", - "regular", - "stable" - ], - "type": "string" - }, - "version": { - "description": "Version represents the control plane version of the GKE cluster.\nIf not specified, the default version currently supported by GKE will be\nused.", - "type": "string" - } - }, - "required": [ - "location", - "project" - ], - "type": "object" - }, - "status": { - "description": "GCPManagedControlPlaneStatus defines the observed state of GCPManagedControlPlane.", - "properties": { - "conditions": { - "description": "Conditions specifies the conditions for the managed control plane", - "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" + "devices": { + "description": "Devices optionally defines preferences associated with the Devices attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredAutoattachGraphicsDevice": { + "description": "PreferredAutoattachGraphicsDevice optionally defines the preferred value of AutoattachGraphicsDevice", + "type": "boolean" + }, + "preferredAutoattachInputDevice": { + "description": "PreferredAutoattachInputDevice optionally defines the preferred value of AutoattachInputDevice", + "type": "boolean" + }, + "preferredAutoattachMemBalloon": { + "description": "PreferredAutoattachMemBalloon optionally defines the preferred value of AutoattachMemBalloon", + "type": "boolean" + }, + "preferredAutoattachPodInterface": { + "description": "PreferredAutoattachPodInterface optionally defines the preferred value of AutoattachPodInterface", + "type": "boolean" + }, + "preferredAutoattachSerialConsole": { + "description": "PreferredAutoattachSerialConsole optionally defines the preferred value of AutoattachSerialConsole", + "type": "boolean" + }, + "preferredBlockMultiQueue": { + "description": "PreferredBlockMultiQueue optionally enables the vhost multiqueue feature for virtio disks.", + "type": "boolean" + }, + "preferredCdromBus": { + "description": "PreferredCdromBus optionally defines the preferred bus for Cdrom Disk devices.", + "type": "string" + }, + "preferredDisableHotplug": { + "description": "PreferredDisableHotplug optionally defines the preferred value of DisableHotplug", + "type": "boolean" + }, + "preferredDiskBlockSize": { + "description": "PreferredBlockSize optionally defines the block size of Disk devices.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" + "type": "object" + }, + "preferredDiskBus": { + "description": "PreferredDiskBus optionally defines the preferred bus for Disk Disk devices.", + "type": "string" + }, + "preferredDiskCache": { + "description": "PreferredCache optionally defines the DriverCache to be used by Disk devices.", + "type": "string" + }, + "preferredDiskDedicatedIoThread": { + "description": "PreferredDedicatedIoThread optionally enables dedicated IO threads for Disk devices using the virtio bus.", + "type": "boolean" + }, + "preferredDiskIO": { + "description": "PreferredIo optionally defines the QEMU disk IO mode to be used by Disk devices.", + "type": "string" + }, + "preferredInputBus": { + "description": "PreferredInputBus optionally defines the preferred bus for Input devices.", + "type": "string" + }, + "preferredInputType": { + "description": "PreferredInputType optionally defines the preferred type for Input devices.", + "type": "string" + }, + "preferredInterfaceMasquerade": { + "description": "PreferredInterfaceMasquerade optionally defines the preferred masquerade configuration to use with each network interface.", + "type": "object" + }, + "preferredInterfaceModel": { + "description": "PreferredInterfaceModel optionally defines the preferred model to be used by Interface devices.", + "type": "string" + }, + "preferredLunBus": { + "description": "PreferredLunBus optionally defines the preferred bus for Lun Disk devices.", + "type": "string" + }, + "preferredNetworkInterfaceMultiQueue": { + "description": "PreferredNetworkInterfaceMultiQueue optionally enables the vhost multiqueue feature for virtio interfaces.", + "type": "boolean" + }, + "preferredPanicDeviceModel": { + "description": "PreferredPanicDeviceModel optionally defines the preferred panic device model to use with panic devices.", + "type": "string" + }, + "preferredRng": { + "description": "PreferredRng optionally defines the preferred rng device to be used.", + "type": "object" + }, + "preferredSoundModel": { + "description": "PreferredSoundModel optionally defines the preferred model for Sound devices.", + "type": "string" + }, + "preferredTPM": { + "description": "PreferredTPM optionally defines the preferred TPM device to be used.", + "properties": { + "enabled": { + "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", + "type": "boolean" + }, + "persistent": { + "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", + "type": "boolean" + } }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } + "type": "object" }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "currentVersion": { - "description": "CurrentVersion shows the current version of the GKE control plane.\n\nDeprecated: This field will soon be removed and you are expected to use Version instead.", - "type": "string" - }, - "initialized": { - "description": "Initialized is true when the control plane is available for initial contact.\nThis may occur before the control plane is fully ready.", - "type": "boolean" - }, - "ready": { - "default": false, - "description": "Ready denotes that the GCPManagedControlPlane API Server is ready to\nreceive requests.", - "type": "boolean" - }, - "version": { - "description": "Version represents the version of the GKE control plane.", - "type": "string" - } - }, - "required": [ - "ready" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedControlPlane", - "version": "v1beta1" - } - ] - }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedControlPlaneList": { - "description": "GCPManagedControlPlaneList is a list of GCPManagedControlPlane", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of gcpmanagedcontrolplanes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedControlPlane" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedControlPlaneList", - "version": "v1beta1" - } - ] - }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedMachinePool": { - "description": "GCPManagedMachinePool is the Schema for the gcpmanagedmachinepools API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "GCPManagedMachinePoolSpec defines the desired state of GCPManagedMachinePool.", - "properties": { - "additionalLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the\nones added by default.", - "type": "object" - }, - "diskSizeGB": { - "description": "DiskSizeGB is size of the disk attached to each node,\nspecified in GB.", - "format": "int64", - "minimum": 10, - "type": "integer" - }, - "diskSizeGb": { - "description": "DiskSizeGb is the size of the disk attached to each node, specified in GB.\nThe smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.", - "format": "int32", - "type": "integer" - }, - "diskType": { - "description": "DiskType is type of the disk attached to each node.", - "enum": [ - "pd-standard", - "pd-ssd", - "pd-balanced" - ], - "type": "string" - }, - "imageType": { - "description": "ImageType is image type to use for this nodepool.", - "type": "string" - }, - "instanceType": { - "description": "InstanceType is name of Compute Engine machine type.", - "type": "string" - }, - "kubernetesLabels": { - "additionalProperties": { - "type": "string" + "preferredUseVirtioTransitional": { + "description": "PreferredUseVirtioTransitional optionally defines the preferred value of UseVirtioTransitional", + "type": "boolean" + }, + "preferredVirtualGPUOptions": { + "description": "PreferredVirtualGPUOptions optionally defines the preferred value of VirtualGPUOptions", + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } }, - "description": "KubernetesLabels specifies the labels to apply to the nodes of the node pool.", "type": "object" }, - "kubernetesTaints": { - "description": "KubernetesTaints specifies the taints to apply to the nodes of the node pool.", - "items": { - "description": "Taint represents a Kubernetes taint.", - "properties": { - "effect": { - "description": "Effect specifies the effect for the taint.", - "enum": [ - "NoSchedule", - "NoExecute", - "PreferNoSchedule" - ], - "type": "string" - }, - "key": { - "description": "Key is the key of the taint", - "type": "string" + "features": { + "description": "Features optionally defines preferences associated with the Features attribute of a VirtualMachineInstance DomainSpec", + "properties": { + "preferredAcpi": { + "description": "PreferredAcpi optionally enables the ACPI feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "value": { - "description": "Value is the value of the taint", - "type": "string" - } + "type": "object" }, - "required": [ - "effect", - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "linuxNodeConfig": { - "description": "LinuxNodeConfig specifies the settings for Linux agent nodes.", - "properties": { - "cgroupMode": { - "description": "CgroupMode specifies the cgroup mode for this node pool.", - "format": "int32", - "type": "integer" + "preferredApic": { + "description": "PreferredApic optionally enables and configures the APIC feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "endOfInterrupt": { + "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" }, - "sysctls": { - "description": "Sysctls specifies the sysctl settings for this node pool.", - "items": { - "description": "SysctlConfig specifies the sysctl settings for Linux nodes.", - "properties": { - "parameter": { - "description": "Parameter specifies sysctl parameter name.", - "type": "string" + "preferredHyperv": { + "description": "PreferredHyperv optionally enables and configures HyperV features", + "properties": { + "evmcs": { + "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "value": { - "description": "Value specifies sysctl parameter value.", - "type": "string" - } + "type": "object" }, - "type": "object" + "frequencies": { + "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "ipi": { + "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reenlightenment": { + "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "relaxed": { + "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reset": { + "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime": { + "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "spinlocks": { + "description": "Spinlocks allows to configure the spinlock retry attempts.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "spinlocks": { + "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "synic": { + "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "synictimer": { + "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", + "properties": { + "direct": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "tlbflush": { + "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vapic": { + "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vendorid": { + "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "vendorid": { + "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", + "type": "string" + } + }, + "type": "object" + }, + "vpindex": { + "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } }, - "type": "array" + "type": "object" + }, + "preferredKvm": { + "description": "PreferredKvm optionally enables and configures KVM features", + "properties": { + "hidden": { + "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredPvspinlock": { + "description": "PreferredPvspinlock optionally enables the Pvspinlock feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredSmm": { + "description": "PreferredSmm optionally enables the SMM feature", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" } }, "type": "object" }, - "localSsdCount": { - "description": "LocalSsdCount is the number of local SSD disks to be attached to the node.", - "format": "int32", - "type": "integer" - }, - "machineType": { - "description": "MachineType is the name of a Google Compute Engine [machine\ntype](https://cloud.google.com/compute/docs/machine-types).\nIf unspecified, the default machine type is `e2-medium`.", - "type": "string" - }, - "management": { - "description": "Management specifies the node pool management options.", + "firmware": { + "description": "Firmware optionally defines preferences associated with the Firmware attribute of a VirtualMachineInstance DomainSpec", "properties": { - "autoRepair": { - "description": "AutoRepair specifies whether the node auto-repair is enabled for the node\npool. If enabled, the nodes in this node pool will be monitored and, if\nthey fail health checks too many times, an automatic repair action will be\ntriggered.", + "preferredEfi": { + "description": "PreferredEfi optionally enables EFI", + "properties": { + "persistent": { + "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", + "type": "boolean" + }, + "secureBoot": { + "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", + "type": "boolean" + } + }, + "type": "object" + }, + "preferredUseBios": { + "description": "PreferredUseBios optionally enables BIOS", + "type": "boolean" + }, + "preferredUseBiosSerial": { + "description": "PreferredUseBiosSerial optionally transmitts BIOS output over the serial.\n\nRequires PreferredUseBios to be enabled.", + "type": "boolean" + }, + "preferredUseEfi": { + "description": "PreferredUseEfi optionally enables EFI\n\nDeprecated: Will be removed with v1beta2 or v1", "type": "boolean" }, - "autoUpgrade": { - "description": "AutoUpgrade specifies whether node auto-upgrade is enabled for the node\npool. If enabled, node auto-upgrade helps keep the nodes in your node pool\nup to date with the latest release version of Kubernetes.", + "preferredUseSecureBoot": { + "description": "PreferredUseSecureBoot optionally enables SecureBoot and the OVMF roms will be swapped for SecureBoot-enabled ones.\n\nRequires PreferredUseEfi and PreferredSmm to be enabled.\n\nDeprecated: Will be removed with v1beta2 or v1", "type": "boolean" } }, "type": "object" }, - "maxPodsPerNode": { - "description": "MaxPodsPerNode is constraint enforced on the max num of\npods per node.", - "format": "int64", - "maximum": 256, - "minimum": 8, - "type": "integer" - }, - "nodeLocations": { - "description": "NodeLocations is the list of zones in which the NodePool's\nnodes should be located.", - "items": { - "type": "string" - }, - "type": "array" - }, - "nodeNetwork": { - "description": "NodeNetwork specifies the node network configuration\noptions.", + "machine": { + "description": "Machine optionally defines preferences associated with the Machine attribute of a VirtualMachineInstance DomainSpec", "properties": { - "createPodRange": { - "description": "CreatePodRange specifies whether to create a new range for\npod IPs in this node pool.", - "type": "boolean" - }, - "podRangeCidrBlock": { - "description": "PodRangeCidrBlock is the IP address range for pod IPs in\nthis node pool.", - "type": "string" - }, - "podRangeName": { - "description": "PodRangeName is ID of the secondary range for pod IPs.", + "preferredMachineType": { + "description": "PreferredMachineType optionally defines the preferred machine type to use.", "type": "string" - }, - "tags": { - "description": "Tags is list of instance tags applied to all nodes. Tags\nare used to identify valid sources or targets for network\nfirewalls.", - "items": { - "type": "string" - }, - "type": "array" } }, "type": "object" }, - "nodePoolName": { - "description": "NodePoolName specifies the name of the GKE node pool corresponding to this MachinePool. If you don't specify a name\nthen a default name will be created based on the namespace and name of the managed machine pool.", + "preferSpreadSocketToCoreRatio": { + "description": "PreferSpreadSocketToCoreRatio defines the ratio to spread vCPUs between cores and sockets, it defaults to 2.", + "format": "int32", + "type": "integer" + }, + "preferredSubdomain": { + "description": "Subdomain of the VirtualMachineInstance", "type": "string" }, - "nodeSecurity": { - "description": "NodeSecurity specifies the node security options.", + "preferredTerminationGracePeriodSeconds": { + "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", + "format": "int64", + "type": "integer" + }, + "requirements": { + "description": "Requirements defines the minium amount of instance type defined resources required by a set of preferences", "properties": { - "enableIntegrityMonitoring": { - "description": "EnableIntegrityMonitoring defines whether the instance has\nintegrity monitoring enabled.", - "type": "boolean" - }, - "enableSecureBoot": { - "description": "EnableSecureBoot defines whether the instance has Secure\nBoot enabled.", - "type": "boolean" - }, - "sandboxType": { - "description": "SandboxType is type of the sandbox to use for the node.", - "type": "string" + "cpu": { + "description": "Required CPU related attributes of the instancetype.", + "properties": { + "guest": { + "description": "Minimal number of vCPUs required by the preference.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "guest" + ], + "type": "object" }, - "serviceAccount": { - "description": "ServiceAccount specifies the identity details for node\npool.", + "memory": { + "description": "Required Memory related attributes of the instancetype.", "properties": { - "email": { - "description": "Email is the Google Cloud Platform Service Account to be\nused by the node VMs.", - "type": "string" - }, - "scopes": { - "description": "Scopes is a set of Google API scopes to be made available\non all of the node VMs under the \"default\" service account.", - "items": { - "type": "string" - }, - "type": "array" + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Minimal amount of memory required by the preference.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true } }, + "required": [ + "guest" + ], "type": "object" } }, "type": "object" }, - "providerIDList": { - "description": "ProviderIDList are the provider IDs of instances in the\nmanaged instance group corresponding to the nodegroup represented by this\nmachine pool", - "items": { - "type": "string" - }, - "type": "array" - }, - "scaling": { - "description": "Scaling specifies scaling for the node pool", + "volumes": { + "description": "Volumes optionally defines preferences associated with the Volumes attribute of a VirtualMachineInstace DomainSpec", "properties": { - "enableAutoscaling": { - "description": "Is autoscaling enabled for this node pool. If unspecified, the default value is true.", - "type": "boolean" - }, - "locationPolicy": { - "description": "Location policy used when scaling up a nodepool.", - "enum": [ - "balanced", - "any" - ], + "preferredStorageClassName": { + "description": "PreffereedStorageClassName optionally defines the preferred storageClass", "type": "string" - }, - "maxCount": { - "description": "MaxCount specifies the maximum number of nodes in the node pool", - "format": "int32", - "type": "integer" - }, - "minCount": { - "description": "MinCount specifies the minimum number of nodes in the node pool", - "format": "int32", - "type": "integer" } }, "type": "object" } }, "type": "object" - }, - "status": { - "description": "GCPManagedMachinePoolStatus defines the observed state of GCPManagedMachinePool.", - "properties": { - "conditions": { - "description": "Conditions specifies the cpnditions for the managed machine pool", - "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "ready": { - "default": false, - "description": "Ready denotes that the GCPManagedMachinePool has joined the cluster", - "type": "boolean" - }, - "replicas": { - "description": "Replicas is the most recently observed number of replicas.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "ready" - ], - "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedMachinePool", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachinePreference", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/GCPManagedMachinePoolList": { - "description": "GCPManagedMachinePoolList is a list of GCPManagedMachinePool", + "instancetype.kubevirt.io/v1beta1/VirtualMachinePreferenceList": { + "description": "VirtualMachinePreferenceList is a list of VirtualMachinePreference", "namespaced": true, "properties": { "apiVersion": { @@ -97411,9 +91743,9 @@ "type": "string" }, "items": { - "description": "List of gcpmanagedmachinepools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of virtualmachinepreferences. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.GCPManagedMachinePool" + "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachinePreference" }, "type": "array" }, @@ -97436,3277 +91768,1410 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "GCPManagedMachinePoolList", + "group": "instancetype.kubevirt.io", + "kind": "VirtualMachinePreferenceList", "version": "v1beta1" } ] }, - "infrastructure.cluster.x-k8s.io/v1beta1/Metal3Remediation": { - "description": "Metal3Remediation is the Schema for the metal3remediations API.", - "namespaced": true, + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.apps.v1.DaemonSetSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "minReadySeconds": { + "description": "The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", + "type": "integer" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "revisionHistoryLimit": { + "description": "The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", + "type": "integer" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "selector": { + "description": "matchExpressions key operator values matchLabels.", + "type": "object" }, - "spec": { - "description": "Metal3RemediationSpec defines the desired state of Metal3Remediation.", - "properties": { - "strategy": { - "description": "Strategy field defines remediation strategy.", - "properties": { - "retryLimit": { - "description": "Sets maximum number of remediation retries.", - "type": "integer" - }, - "timeout": { - "description": "Sets the timeout between remediation retries.", - "type": "string" - }, - "type": { - "description": "Type of remediation.", - "type": "string" - } - }, - "type": "object" - } - }, + "template": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", "type": "object" }, - "status": { - "description": "Metal3RemediationStatus defines the observed state of Metal3Remediation.", - "properties": { - "lastRemediated": { - "description": "LastRemediated identifies when the host was last remediated", - "format": "date-time", - "type": "string" - }, - "phase": { - "description": "Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc.", - "type": "string" - }, - "retryCount": { - "description": "RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc.", - "type": "integer" - } - }, + "updateStrategy": { + "description": "rollingUpdate maxSurge maxUnavailable type enum: OnDelete, RollingUpdate.", "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "Metal3Remediation", - "version": "v1beta1" - } - ] + "required": [ + "selector", + "template" + ], + "type": "object" }, - "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationList": { - "description": "Metal3RemediationList is a list of Metal3Remediation", - "namespaced": true, + "io.k8s.api.apps.v1.DaemonSetStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "collisionCount": { + "type": "integer" }, - "items": { - "description": "List of metal3remediations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "conditions": { + "description": "lastTransitionTime message reason status type.", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.Metal3Remediation" + "type": "object" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "currentNumberScheduled": { + "type": "integer" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "desiredNumberScheduled": { + "type": "integer" + }, + "numberAvailable": { + "type": "integer" + }, + "numberMisscheduled": { + "type": "integer" + }, + "numberReady": { + "type": "integer" + }, + "numberUnavailable": { + "type": "integer" + }, + "observedGeneration": { + "type": "integer" + }, + "updatedNumberScheduled": { + "type": "integer" } }, "required": [ - "items" + "currentNumberScheduled", + "desiredNumberScheduled", + "numberMisscheduled", + "numberReady" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "Metal3RemediationList", - "version": "v1beta1" - } - ] + "type": "object" }, - "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationTemplate": { - "description": "Metal3RemediationTemplate is the Schema for the metal3remediationtemplates API.", - "namespaced": true, + "io.k8s.api.apps.v1.DeploymentSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", + "type": "integer" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "paused": { + "description": "Indicates that the deployment is paused.", + "type": "boolean" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "progressDeadlineSeconds": { + "description": "The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.", + "type": "integer" }, - "spec": { - "description": "Metal3RemediationTemplateSpec defines the desired state of Metal3RemediationTemplate.", - "properties": { - "template": { - "description": "Metal3RemediationTemplateResource describes the data needed to create a Metal3Remediation from a template.", - "properties": { - "spec": { - "description": "Spec is the specification of the desired behavior of the Metal3Remediation.", - "properties": { - "strategy": { - "description": "Strategy field defines remediation strategy.", - "properties": { - "retryLimit": { - "description": "Sets maximum number of remediation retries.", - "type": "integer" - }, - "timeout": { - "description": "Sets the timeout between remediation retries.", - "type": "string" - }, - "type": { - "description": "Type of remediation.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "required": [ - "template" - ], + "replicas": { + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "type": "integer" + }, + "revisionHistoryLimit": { + "description": "The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", + "type": "integer" + }, + "selector": { + "description": "matchExpressions key operator values matchLabels.", "type": "object" }, - "status": { - "description": "Metal3RemediationTemplateStatus defines the observed state of Metal3RemediationTemplate.", - "properties": { - "status": { - "description": "Metal3RemediationStatus defines the observed state of Metal3Remediation", - "properties": { - "lastRemediated": { - "description": "LastRemediated identifies when the host was last remediated", - "format": "date-time", - "type": "string" - }, - "phase": { - "description": "Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc.", - "type": "string" - }, - "retryCount": { - "description": "RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc.", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "status" - ], + "strategy": { + "description": "rollingUpdate maxSurge maxUnavailable type enum: Recreate, RollingUpdate.", + "type": "object" + }, + "template": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "Metal3RemediationTemplate", - "version": "v1beta1" - } - ] + "required": [ + "selector", + "template" + ], + "type": "object" }, - "infrastructure.cluster.x-k8s.io/v1beta1/Metal3RemediationTemplateList": { - "description": "Metal3RemediationTemplateList is a list of Metal3RemediationTemplate", - "namespaced": true, + "io.k8s.api.apps.v1.DeploymentStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "availableReplicas": { + "type": "integer" }, - "items": { - "description": "List of metal3remediationtemplates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "collisionCount": { + "type": "integer" + }, + "conditions": { + "description": "lastTransitionTime lastUpdateTime message reason status type.", "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.infrastructure.v1beta1.Metal3RemediationTemplate" + "type": "object" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "observedGeneration": { + "type": "integer" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "readyReplicas": { + "type": "integer" + }, + "replicas": { + "type": "integer" + }, + "terminatingReplicas": { + "type": "integer" + }, + "unavailableReplicas": { + "type": "integer" + }, + "updatedReplicas": { + "type": "integer" } }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "infrastructure.cluster.x-k8s.io", - "kind": "Metal3RemediationTemplateList", - "version": "v1beta1" - } - ] + "required": [], + "type": "object" }, - "ingress.operator.openshift.io/v1/DNSRecord": { - "description": "DNSRecord is a DNS record managed in the zones defined by\ndns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource\nis only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible\nfor managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, + "io.k8s.api.apps.v1.ReplicaSetSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", + "type": "integer" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "replicas": { + "description": "Replicas is the number of desired pods. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset.", + "type": "integer" }, - "spec": { - "description": "spec is the specification of the desired behavior of the dnsRecord.", - "properties": { - "dnsManagementPolicy": { - "default": "Managed", - "description": "dnsManagementPolicy denotes the current policy applied on the DNS\nrecord. Records that have policy set as \"Unmanaged\" are ignored by\nthe ingress operator. This means that the DNS record on the cloud\nprovider is not managed by the operator, and the \"Published\" status\ncondition will be updated to \"Unknown\" status, since it is externally\nmanaged. Any existing record on the cloud provider can be deleted at\nthe discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and\n\"Unmanaged\".", - "enum": [ - "Managed", - "Unmanaged" - ], - "type": "string" - }, - "dnsName": { - "description": "dnsName is the hostname of the DNS record", - "minLength": 1, - "type": "string" - }, - "recordTTL": { - "description": "recordTTL is the record TTL in seconds. If zero, the default is 30.\nRecordTTL will not be used in AWS regions Alias targets, but\nwill be used in CNAME targets, per AWS API contract.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "recordType": { - "description": "recordType is the DNS record type. For example, \"A\" or \"CNAME\".", - "enum": [ - "CNAME", - "A" - ], - "type": "string" - }, - "targets": { - "description": "targets are record targets.", - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "dnsManagementPolicy", - "dnsName", - "recordTTL", - "recordType", - "targets" - ], + "selector": { + "description": "matchExpressions key operator values matchLabels.", "type": "object" }, - "status": { - "description": "status is the most recently observed status of the dnsRecord.", - "properties": { - "observedGeneration": { - "description": "observedGeneration is the most recently observed generation of the\nDNSRecord. When the DNSRecord is updated, the controller updates the\ncorresponding record in each managed zone. If an update for a\nparticular zone fails, that failure is recorded in the status\ncondition for the zone so that the controller can determine that it\nneeds to retry the update for that specific zone.", - "format": "int64", - "type": "integer" - }, - "zones": { - "description": "zones are the status of the record in each zone.", - "items": { - "description": "DNSZoneStatus is the status of a record within a specific zone.", - "properties": { - "conditions": { - "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be\nset with status \"True\" and upon failure it will be set to \"False\" along\nwith the reason and message describing the cause of the failure.", - "items": { - "description": "DNSZoneCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "minLength": 1, - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "dnsZone": { - "description": "dnsZone is the zone where the record is published.", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - } - }, + "template": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ingress.operator.openshift.io", - "kind": "DNSRecord", - "version": "v1" - } - ] + "required": [ + "selector" + ], + "type": "object" }, - "ingress.operator.openshift.io/v1/DNSRecordList": { - "description": "DNSRecordList is a list of DNSRecord", - "namespaced": true, + "io.k8s.api.apps.v1.ReplicaSetStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "availableReplicas": { + "type": "integer" }, - "items": { - "description": "List of dnsrecords. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "conditions": { + "description": "lastTransitionTime message reason status type.", "items": { - "$ref": "#/components/schemas/io.openshift.operator.ingress.v1.DNSRecord" + "type": "object" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "fullyLabeledReplicas": { + "type": "integer" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "observedGeneration": { + "type": "integer" + }, + "readyReplicas": { + "type": "integer" + }, + "replicas": { + "type": "integer" + }, + "terminatingReplicas": { + "type": "integer" } }, "required": [ - "items" + "replicas" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ingress.operator.openshift.io", - "kind": "DNSRecordList", - "version": "v1" - } - ] + "type": "object" }, - "insights.openshift.io/v1alpha1/DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, + "io.k8s.api.apps.v1.StatefulSetSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", + "type": "integer" + }, + "ordinals": { + "description": "ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a \"0\" index to the first replica and increments the index by one for each additional replica requested.", + "type": "object" + }, + "persistentVolumeClaimRetentionPolicy": { + "description": "whenDeleted whenScaled.", + "type": "object" + }, + "podManagementPolicy": { + "description": "podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "replicas": { + "description": "replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.", + "type": "integer" + }, + "revisionHistoryLimit": { + "description": "revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.", + "type": "integer" + }, + "selector": { + "description": "matchExpressions key operator values matchLabels.", + "type": "object" + }, + "serviceName": { + "description": "serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where \"pod-specific-string\" is managed by the StatefulSet controller.", "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "template": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", + "type": "object" }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", - "enum": [ - "", - "ClearText", - "ObfuscateNetworking" - ], - "type": "string" - }, - "gatherers": { - "description": "gatherers is a list of gatherers configurations. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "items": { - "description": "gathererConfig allows to configure specific gatherers", - "properties": { - "name": { - "description": "name is the name of specific gatherer", - "type": "string" - }, - "state": { - "description": "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", - "enum": [ - "", - "Enabled", - "Disabled" - ], - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, + "updateStrategy": { + "description": "rollingUpdate maxUnavailable partition type enum: OnDelete, RollingUpdate.", "type": "object" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "conditions": { - "description": "conditions provide details on the status of the gatherer job.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "dataGatherState": { - "description": "dataGatherState reflects the current state of the data gathering process.", - "enum": [ - "Running", - "Completed", - "Failed", - "Pending" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "dataGatherState cannot transition from Running to Pending", - "rule": "!(oldSelf == 'Running' && self == 'Pending')" - }, - { - "message": "dataGatherState cannot transition from Completed to Pending", - "rule": "!(oldSelf == 'Completed' && self == 'Pending')" - }, - { - "message": "dataGatherState cannot transition from Failed to Pending", - "rule": "!(oldSelf == 'Failed' && self == 'Pending')" - }, - { - "message": "dataGatherState cannot transition from Completed to Running", - "rule": "!(oldSelf == 'Completed' && self == 'Running')" - }, - { - "message": "dataGatherState cannot transition from Failed to Running", - "rule": "!(oldSelf == 'Failed' && self == 'Running')" - } - ] - }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "format": "date-time", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "finishTime is immutable once set", - "rule": "self == oldSelf" - } - ] - }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", - "items": { - "description": "gathererStatus represents information about a particular data gatherer.", - "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "pattern": "^(([0-9]+(?:\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "name": { - "description": "name is the name of the gatherer.", - "maxLength": 256, - "minLength": 5, - "type": "string" - } - }, - "required": [ - "conditions", - "lastGatherDuration", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "format": "date-time", - "type": "string" - }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "items": { - "description": "healthCheck represents an Insights health check attributes.", - "properties": { - "advisorURI": { - "description": "advisorURI provides the URL link to the Insights Advisor.", - "pattern": "^https:\\/\\/\\S+", - "type": "string" - }, - "description": { - "description": "description provides basic description of the healtcheck.", - "maxLength": 2048, - "minLength": 10, - "type": "string" - }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string" - }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", - "format": "int32", - "maximum": 4, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "advisorURI", - "description", - "state", - "totalRisk" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "uri": { - "description": "uri provides the URL link from which the report was downloaded.", - "pattern": "^https:\\/\\/\\S+", - "type": "string" - } - }, - "type": "object" - }, - "insightsRequestID": { - "description": "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "insightsRequestID is immutable once set", - "rule": "self == oldSelf" - } - ] - }, - "relatedObjects": { - "description": "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "group": { - "description": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "name": { - "description": "name of the referent.", - "type": "string" - }, - "namespace": { - "description": "namespace of the referent.", - "type": "string" - }, - "resource": { - "description": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - } - }, - "required": [ - "group", - "name", - "resource" - ], - "type": "object" - }, - "type": "array" - }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "format": "date-time", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "startTime is immutable once set", - "rule": "self == oldSelf" - } - ] - } + "volumeClaimTemplates": { + "description": "apiVersion kind metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName status accessModes allocatedResourceStatuses allocatedResources capacity conditions lastProbeTime lastTransitionTime message reason status type currentVolumeAttributesClassName modifyVolumeStatus status enum: InProgress, Infeasible, Pending targetVolumeAttributesClassName phase enum: Bound, Lost, Pending.", + "items": { + "type": "object" }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "cannot remove insightsRequestID attribute from status", - "rule": "(!has(oldSelf.insightsRequestID) || has(self.insightsRequestID))" - }, - { - "message": "cannot remove startTime attribute from status", - "rule": "(!has(oldSelf.startTime) || has(self.startTime))" - }, - { - "message": "cannot remove finishTime attribute from status", - "rule": "(!has(oldSelf.finishTime) || has(self.finishTime))" - }, - { - "message": "cannot remove dataGatherState attribute from status", - "rule": "(!has(oldSelf.dataGatherState) || has(self.dataGatherState))" - } - ] + "type": "array" } }, "required": [ - "spec" + "selector", + "template" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "insights.openshift.io", - "kind": "DataGather", - "version": "v1alpha1" - } - ] + "type": "object" }, - "insights.openshift.io/v1alpha1/DataGatherList": { - "description": "DataGatherList is a list of DataGather", - "namespaced": true, + "io.k8s.api.apps.v1.StatefulSetStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "availableReplicas": { + "type": "integer" }, - "items": { - "description": "List of datagathers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "collisionCount": { + "type": "integer" + }, + "conditions": { + "description": "lastTransitionTime message reason status type.", "items": { - "$ref": "#/components/schemas/io.openshift.insights.v1alpha1.DataGather" + "type": "object" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "currentReplicas": { + "type": "integer" + }, + "currentRevision": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "observedGeneration": { + "type": "integer" + }, + "readyReplicas": { + "type": "integer" + }, + "replicas": { + "type": "integer" + }, + "updateRevision": { + "type": "string" + }, + "updatedReplicas": { + "type": "integer" } }, "required": [ - "items" + "replicas" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "insights.openshift.io", - "kind": "DataGatherList", - "version": "v1alpha1" - } - ] + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterInstancetype": { - "description": "VirtualMachineClusterInstancetype is a cluster scoped version of VirtualMachineInstancetype resource.", - "namespaced": false, + "io.k8s.api.authentication.v1.SelfSubjectReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.authentication.v1.TokenRequestStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.authentication.v1.TokenReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.authorization.v1.LabelSelectorAttributes": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.authorization.v1.SubjectAccessReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.authorization.v1.SubjectRulesReviewStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v1.ScaleStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.ContainerResourceMetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.ExternalMetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.MetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.MetricValueStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.ObjectMetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.PodsMetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.autoscaling.v2.ResourceMetricStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.batch.v1.CronJobSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "concurrencyPolicy": { "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "failedJobsHistoryLimit": { + "type": "integer" + }, + "jobTemplate": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds backoffLimit backoffLimitPerIndex completionMode enum: Indexed, NonIndexed completions managedBy manualSelector maxFailedIndexes parallelism podFailurePolicy rules action enum: Count, FailIndex, FailJob, Ignore onExitCodes containerName operator enum: In, NotIn values onPodConditions status type podReplacementPolicy enum: Failed, TerminatingOrFailed selector matchExpressions key operator values matchLabels successPolicy rules succeededCount succeededIndexes suspend template metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath ttlSecondsAfterFinished.", + "type": "object" + }, + "schedule": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "startingDeadlineSeconds": { + "type": "integer" }, - "spec": { - "description": "Required spec describing the instancetype", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Optionally defines the required Annotations to be used by the instance type and applied to the VirtualMachineInstance", - "type": "object" - }, - "cpu": { - "description": "Required CPU related attributes of the instancetype.", - "properties": { - "dedicatedCPUPlacement": { - "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", - "type": "boolean" - }, - "guest": { - "description": "Required number of vCPUs to expose to the guest.\n\nThe resulting CPU topology being derived from the optional PreferredCPUTopology attribute of CPUPreferences that itself defaults to PreferSockets.", - "format": "int32", - "type": "integer" - }, - "isolateEmulatorThread": { - "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", - "type": "boolean" - }, - "maxSockets": { - "description": "MaxSockets specifies the maximum amount of sockets that can be hotplugged", - "format": "int32", - "type": "integer" - }, - "model": { - "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", - "type": "string" - }, - "numa": { - "description": "NUMA allows specifying settings for the guest NUMA topology", - "properties": { - "guestMappingPassthrough": { - "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", - "type": "object" - } - }, - "type": "object" - }, - "realtime": { - "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", - "properties": { - "mask": { - "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "gpus": { - "description": "Optionally defines any GPU devices associated with the instancetype.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "description": "Name of the GPU device as exposed by a device plugin", - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - }, - "virtualGPUOptions": { - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "hostDevices": { - "description": "Optionally defines any HostDevices associated with the instancetype.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ioThreadsPolicy": { - "description": "Optionally defines the IOThreadsPolicy to be used by the instancetype.", - "type": "string" - }, - "launchSecurity": { - "description": "Optionally defines the LaunchSecurity to be used by the instancetype.", - "properties": { - "sev": { - "description": "AMD Secure Encrypted Virtualization (SEV).", - "properties": { - "attestation": { - "description": "If specified, run the attestation process for a vmi.", - "type": "object" - }, - "dhCert": { - "description": "Base64 encoded guest owner's Diffie-Hellman key.", - "type": "string" - }, - "policy": { - "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", - "properties": { - "encryptedState": { - "description": "SEV-ES is required.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "session": { - "description": "Base64 encoded session blob.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "memory": { - "description": "Required Memory related attributes of the instancetype.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Required amount of memory which is visible inside the guest OS.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "hugepages": { - "description": "Optionally enables the use of hugepages for the VirtualMachineInstance instead of regular memory.", - "properties": { - "pageSize": { - "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", - "type": "string" - } - }, - "type": "object" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "overcommitPercent": { - "description": "OvercommitPercent is the percentage of the guest memory which will be overcommitted.\nThis means that the VMIs parent pod (virt-launcher) will request less\nphysical memory by a factor specified by the OvercommitPercent.\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 0", - "maximum": 100, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\nNodeSelector is the name of the custom node selector for the instancetype.", - "type": "object" - }, - "schedulerName": { - "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.\n\nSchedulerName is the name of the custom K8s scheduler for the instancetype.", - "type": "string" - } + "successfulJobsHistoryLimit": { + "type": "integer" + }, + "suspend": { + "type": "boolean" + }, + "timeZone": { + "type": "string" + } + }, + "required": [ + "jobTemplate", + "schedule" + ], + "type": "object" + }, + "io.k8s.api.batch.v1.CronJobStatus": { + "properties": { + "active": { + "description": "apiVersion fieldPath kind name namespace resourceVersion uid.", + "items": { + "type": "object" }, - "required": [ - "cpu", - "memory" - ], + "type": "array" + }, + "lastScheduleTime": { + "type": "string" + }, + "lastSuccessfulTime": { + "type": "string" + } + }, + "required": [], + "type": "object" + }, + "io.k8s.api.batch.v1.JobSpec": { + "properties": { + "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", + "type": "integer" + }, + "backoffLimit": { + "description": "Specifies the number of retries before marking this job failed. Defaults to 6.", + "type": "integer" + }, + "backoffLimitPerIndex": { + "description": "Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable.", + "type": "integer" + }, + "completionMode": { + "description": "completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other. `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.", + "type": "string" + }, + "completions": { + "description": "Specifies the desired number of successfully finished pods the job should be run with. Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.", + "type": "integer" + }, + "managedBy": { + "description": "ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first \"/\" must be a valid subdomain as defined by RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 63 characters. This field is immutable. This field is beta-level. The job controller accepts setting the field when the feature gate JobManagedBy is enabled (enabled by default).", + "type": "string" + }, + "manualSelector": { + "description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector.", + "type": "boolean" + }, + "maxFailedIndexes": { + "description": "Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5.", + "type": "integer" + }, + "parallelism": { + "description": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.", + "type": "integer" + }, + "podFailurePolicy": { + "description": "rules action enum: Count, FailIndex, FailJob, Ignore onExitCodes containerName operator enum: In, NotIn values onPodConditions status type.", + "type": "object" + }, + "podReplacementPolicy": { + "description": "podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods when they are terminating (has a metadata.deletionTimestamp) or failed. - Failed means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle. This is on by default.", + "type": "string" + }, + "selector": { + "description": "matchExpressions key operator values matchLabels.", + "type": "object" + }, + "successPolicy": { + "description": "rules succeededCount succeededIndexes.", + "type": "object" + }, + "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.", + "type": "boolean" + }, + "template": { + "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", "type": "object" + }, + "ttlSecondsAfterFinished": { + "description": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.", + "type": "integer" } }, "required": [ - "spec" + "template" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineClusterInstancetype", - "version": "v1beta1" + "type": "object" + }, + "io.k8s.api.batch.v1.JobStatus": { + "properties": { + "active": { + "type": "integer" + }, + "completedIndexes": { + "type": "string" + }, + "completionTime": { + "type": "string" + }, + "conditions": { + "description": "lastProbeTime lastTransitionTime message reason status type.", + "items": { + "type": "object" + }, + "type": "array" + }, + "failed": { + "type": "integer" + }, + "failedIndexes": { + "type": "string" + }, + "ready": { + "type": "integer" + }, + "startTime": { + "type": "string" + }, + "succeeded": { + "type": "integer" + }, + "terminating": { + "type": "integer" + }, + "uncountedTerminatedPods": { + "description": "failed succeeded.", + "type": "object" } - ] + }, + "required": [], + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterInstancetypeList": { - "description": "VirtualMachineClusterInstancetypeList is a list of VirtualMachineClusterInstancetype", - "namespaced": true, + "io.k8s.api.certificates.v1.CertificateSigningRequestStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapData": { + "properties": {}, + "required": [], + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "awsElasticBlockStore": { + "description": "fsType partition readOnly volumeID.", + "type": "object" + }, + "azureDisk": { + "description": "cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly.", + "type": "object" + }, + "azureFile": { + "description": "readOnly secretName shareName.", + "type": "object" + }, + "cephfs": { + "description": "monitors path readOnly secretFile secretRef name user.", + "type": "object" + }, + "cinder": { + "description": "fsType readOnly secretRef name volumeID.", + "type": "object" + }, + "configMap": { + "description": "defaultMode items key mode path name.", + "type": "object" + }, + "csi": { + "description": "driver fsType nodePublishSecretRef name readOnly volumeAttributes.", + "type": "object" + }, + "downwardAPI": { + "description": "defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource.", + "type": "object" + }, + "emptyDir": { + "description": "medium sizeLimit.", + "type": "object" + }, + "ephemeral": { + "description": "volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName.", + "type": "object" + }, + "fc": { + "description": "fsType lun readOnly targetWWNs wwids.", + "type": "object" + }, + "flexVolume": { + "description": "driver fsType options readOnly secretRef name.", + "type": "object" + }, + "flocker": { + "description": "datasetName datasetUUID.", + "type": "object" + }, + "gcePersistentDisk": { + "description": "fsType partition pdName readOnly.", + "type": "object" + }, + "gitRepo": { + "description": "directory repository revision.", + "type": "object" + }, + "glusterfs": { + "description": "endpoints path readOnly.", + "type": "object" + }, + "hostPath": { + "description": "path type enum: \"\", BlockDevice, CharDevice, Directory.", + "type": "object" + }, + "image": { + "description": "pullPolicy enum: Always, IfNotPresent, Never reference.", + "type": "object" + }, + "iscsi": { + "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal.", + "type": "object" + }, + "name": { "type": "string" }, - "items": { - "description": "List of virtualmachineclusterinstancetypes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "nfs": { + "description": "path readOnly server.", + "type": "object" + }, + "persistentVolumeClaim": { + "description": "claimName readOnly.", + "type": "object" + }, + "photonPersistentDisk": { + "description": "fsType pdID.", + "type": "object" + }, + "portworxVolume": { + "description": "fsType readOnly volumeID.", + "type": "object" + }, + "projected": { + "description": "defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path.", + "type": "object" + }, + "quobyte": { + "description": "group readOnly registry tenant user volume.", + "type": "object" + }, + "rbd": { + "description": "fsType image keyring monitors pool readOnly secretRef name user.", + "type": "object" + }, + "scaleIO": { + "description": "fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName.", + "type": "object" + }, + "secret": { + "description": "defaultMode items key mode path optional secretName.", + "type": "object" + }, + "storageos": { + "description": "fsType readOnly secretRef name volumeName volumeNamespace.", + "type": "object" + }, + "vsphereVolume": { + "description": "fsType storagePolicyID storagePolicyName volumePath.", + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Container": { + "properties": { + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", "items": { - "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineClusterInstancetype" + "type": "string" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "envFrom": { + "description": "configMapRef name prefix secretRef name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images.", + "type": "string" + }, + "lifecycle": { + "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", + "type": "object" + }, + "livenessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "type": "string" + }, + "ports": { + "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", + "items": { + "type": "object" + }, + "type": "array" + }, + "readinessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" + }, + "resizePolicy": { + "description": "resourceName restartPolicy.", + "items": { + "type": "object" + }, + "type": "array" + }, + "resources": { + "description": "claims name request limits requests.", + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + "type": "string" + }, + "securityContext": { + "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", + "type": "object" + }, + "startupProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false.", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "devicePath name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "volumeMounts": { + "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", + "items": { + "type": "object" + }, + "type": "array" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } }, "required": [ - "items" + "name" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineClusterInstancetypeList", - "version": "v1beta1" + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" } - ] + }, + "required": [ + "containerPort" + ], + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterPreference": { - "description": "VirtualMachineClusterPreference is a cluster scoped version of the VirtualMachinePreference resource.", - "namespaced": false, + "io.k8s.api.core.v1.ContainerStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "args": { + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "envFrom": { + "description": "configMapRef name prefix secretRef name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "image": { "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "imagePullPolicy": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "lifecycle": { + "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", + "type": "object" }, - "spec": { - "description": "Required spec describing the preferences", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Optionally defines preferred Annotations to be applied to the VirtualMachineInstance", - "type": "object" - }, - "clock": { - "description": "Clock optionally defines preferences associated with the Clock attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredClockOffset": { - "description": "ClockOffset allows specifying the UTC offset or the timezone of the guest clock.", - "properties": { - "timezone": { - "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", - "type": "string" - }, - "utc": { - "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", - "properties": { - "offsetSeconds": { - "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredTimer": { - "description": "Timer specifies whih timers are attached to the vmi.", - "properties": { - "hpet": { - "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "pit": { - "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "rtc": { - "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", - "type": "string" - }, - "track": { - "description": "Track the guest or the wall clock.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "cpu": { - "description": "CPU optionally defines preferences associated with the CPU attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredCPUFeatures": { - "description": "PreferredCPUFeatures optionally defines a slice of preferred CPU features.", - "items": { - "description": "CPUFeature allows specifying a CPU feature.", - "properties": { - "name": { - "description": "Name of the CPU feature", - "type": "string" - }, - "policy": { - "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "preferredCPUTopology": { - "description": "PreferredCPUTopology optionally defines the preferred guest visible CPU topology, defaults to PreferSockets.", - "type": "string" - }, - "spreadOptions": { - "properties": { - "across": { - "description": "Across optionally defines how to spread vCPUs across the guest visible topology.\nDefault: SocketsCores", - "type": "string" - }, - "ratio": { - "description": "Ratio optionally defines the ratio to spread vCPUs across the guest visible topology:\n\nCoresThreads - 1:2 - Controls the ratio of cores to threads. Only a ratio of 2 is currently accepted.\nSocketsCores - 1:N - Controls the ratio of socket to cores.\nSocketsCoresThreads - 1:N:2 - Controls the ratio of socket to cores. Each core providing 2 threads.\n\nDefault: 2", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "devices": { - "description": "Devices optionally defines preferences associated with the Devices attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredAutoattachGraphicsDevice": { - "description": "PreferredAutoattachGraphicsDevice optionally defines the preferred value of AutoattachGraphicsDevice", - "type": "boolean" - }, - "preferredAutoattachInputDevice": { - "description": "PreferredAutoattachInputDevice optionally defines the preferred value of AutoattachInputDevice", - "type": "boolean" - }, - "preferredAutoattachMemBalloon": { - "description": "PreferredAutoattachMemBalloon optionally defines the preferred value of AutoattachMemBalloon", - "type": "boolean" - }, - "preferredAutoattachPodInterface": { - "description": "PreferredAutoattachPodInterface optionally defines the preferred value of AutoattachPodInterface", - "type": "boolean" - }, - "preferredAutoattachSerialConsole": { - "description": "PreferredAutoattachSerialConsole optionally defines the preferred value of AutoattachSerialConsole", - "type": "boolean" - }, - "preferredBlockMultiQueue": { - "description": "PreferredBlockMultiQueue optionally enables the vhost multiqueue feature for virtio disks.", - "type": "boolean" - }, - "preferredCdromBus": { - "description": "PreferredCdromBus optionally defines the preferred bus for Cdrom Disk devices.", - "type": "string" - }, - "preferredDisableHotplug": { - "description": "PreferredDisableHotplug optionally defines the preferred value of DisableHotplug", - "type": "boolean" - }, - "preferredDiskBlockSize": { - "description": "PreferredBlockSize optionally defines the block size of Disk devices.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredDiskBus": { - "description": "PreferredDiskBus optionally defines the preferred bus for Disk Disk devices.", - "type": "string" - }, - "preferredDiskCache": { - "description": "PreferredCache optionally defines the DriverCache to be used by Disk devices.", - "type": "string" - }, - "preferredDiskDedicatedIoThread": { - "description": "PreferredDedicatedIoThread optionally enables dedicated IO threads for Disk devices using the virtio bus.", - "type": "boolean" - }, - "preferredDiskIO": { - "description": "PreferredIo optionally defines the QEMU disk IO mode to be used by Disk devices.", - "type": "string" - }, - "preferredInputBus": { - "description": "PreferredInputBus optionally defines the preferred bus for Input devices.", - "type": "string" - }, - "preferredInputType": { - "description": "PreferredInputType optionally defines the preferred type for Input devices.", - "type": "string" - }, - "preferredInterfaceMasquerade": { - "description": "PreferredInterfaceMasquerade optionally defines the preferred masquerade configuration to use with each network interface.", - "type": "object" - }, - "preferredInterfaceModel": { - "description": "PreferredInterfaceModel optionally defines the preferred model to be used by Interface devices.", - "type": "string" - }, - "preferredLunBus": { - "description": "PreferredLunBus optionally defines the preferred bus for Lun Disk devices.", - "type": "string" - }, - "preferredNetworkInterfaceMultiQueue": { - "description": "PreferredNetworkInterfaceMultiQueue optionally enables the vhost multiqueue feature for virtio interfaces.", - "type": "boolean" - }, - "preferredPanicDeviceModel": { - "description": "PreferredPanicDeviceModel optionally defines the preferred panic device model to use with panic devices.", - "type": "string" - }, - "preferredRng": { - "description": "PreferredRng optionally defines the preferred rng device to be used.", - "type": "object" - }, - "preferredSoundModel": { - "description": "PreferredSoundModel optionally defines the preferred model for Sound devices.", - "type": "string" - }, - "preferredTPM": { - "description": "PreferredTPM optionally defines the preferred TPM device to be used.", - "properties": { - "enabled": { - "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", - "type": "boolean" - }, - "persistent": { - "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredUseVirtioTransitional": { - "description": "PreferredUseVirtioTransitional optionally defines the preferred value of UseVirtioTransitional", - "type": "boolean" - }, - "preferredVirtualGPUOptions": { - "description": "PreferredVirtualGPUOptions optionally defines the preferred value of VirtualGPUOptions", - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "features": { - "description": "Features optionally defines preferences associated with the Features attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredAcpi": { - "description": "PreferredAcpi optionally enables the ACPI feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredApic": { - "description": "PreferredApic optionally enables and configures the APIC feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "endOfInterrupt": { - "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredHyperv": { - "description": "PreferredHyperv optionally enables and configures HyperV features", - "properties": { - "evmcs": { - "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "frequencies": { - "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "ipi": { - "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reenlightenment": { - "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "relaxed": { - "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reset": { - "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "runtime": { - "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "spinlocks": { - "description": "Spinlocks allows to configure the spinlock retry attempts.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "spinlocks": { - "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "synic": { - "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "synictimer": { - "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", - "properties": { - "direct": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "tlbflush": { - "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vapic": { - "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vendorid": { - "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "vendorid": { - "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", - "type": "string" - } - }, - "type": "object" - }, - "vpindex": { - "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredKvm": { - "description": "PreferredKvm optionally enables and configures KVM features", - "properties": { - "hidden": { - "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredPvspinlock": { - "description": "PreferredPvspinlock optionally enables the Pvspinlock feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredSmm": { - "description": "PreferredSmm optionally enables the SMM feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "firmware": { - "description": "Firmware optionally defines preferences associated with the Firmware attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredEfi": { - "description": "PreferredEfi optionally enables EFI", - "properties": { - "persistent": { - "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", - "type": "boolean" - }, - "secureBoot": { - "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredUseBios": { - "description": "PreferredUseBios optionally enables BIOS", - "type": "boolean" - }, - "preferredUseBiosSerial": { - "description": "PreferredUseBiosSerial optionally transmitts BIOS output over the serial.\n\nRequires PreferredUseBios to be enabled.", - "type": "boolean" - }, - "preferredUseEfi": { - "description": "PreferredUseEfi optionally enables EFI\n\nDeprecated: Will be removed with v1beta2 or v1", - "type": "boolean" - }, - "preferredUseSecureBoot": { - "description": "PreferredUseSecureBoot optionally enables SecureBoot and the OVMF roms will be swapped for SecureBoot-enabled ones.\n\nRequires PreferredUseEfi and PreferredSmm to be enabled.\n\nDeprecated: Will be removed with v1beta2 or v1", - "type": "boolean" - } - }, - "type": "object" - }, - "machine": { - "description": "Machine optionally defines preferences associated with the Machine attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredMachineType": { - "description": "PreferredMachineType optionally defines the preferred machine type to use.", - "type": "string" - } - }, - "type": "object" - }, - "preferSpreadSocketToCoreRatio": { - "description": "PreferSpreadSocketToCoreRatio defines the ratio to spread vCPUs between cores and sockets, it defaults to 2.", - "format": "int32", - "type": "integer" - }, - "preferredSubdomain": { - "description": "Subdomain of the VirtualMachineInstance", - "type": "string" - }, - "preferredTerminationGracePeriodSeconds": { - "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", - "format": "int64", - "type": "integer" - }, - "requirements": { - "description": "Requirements defines the minium amount of instance type defined resources required by a set of preferences", - "properties": { - "cpu": { - "description": "Required CPU related attributes of the instancetype.", - "properties": { - "guest": { - "description": "Minimal number of vCPUs required by the preference.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "memory": { - "description": "Required Memory related attributes of the instancetype.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Minimal amount of memory required by the preference.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "guest" - ], - "type": "object" - } - }, - "type": "object" - }, - "volumes": { - "description": "Volumes optionally defines preferences associated with the Volumes attribute of a VirtualMachineInstace DomainSpec", - "properties": { - "preferredStorageClassName": { - "description": "PreffereedStorageClassName optionally defines the preferred storageClass", - "type": "string" - } - }, - "type": "object" - } + "livenessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", + "items": { + "type": "object" + }, + "type": "array" + }, + "readinessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" + }, + "resizePolicy": { + "description": "resourceName restartPolicy.", + "items": { + "type": "object" }, + "type": "array" + }, + "resources": { + "description": "claims name request limits requests.", + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", + "type": "object" + }, + "startupProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "description": "devicePath name.", + "items": { + "type": "object" + }, + "type": "array" + }, + "volumeMounts": { + "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", + "items": { + "type": "object" + }, + "type": "array" + }, + "workingDir": { + "type": "string" } }, "required": [ - "spec" + "name" ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineClusterPreference", - "version": "v1beta1" - } - ] + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineClusterPreferenceList": { - "description": "VirtualMachineClusterPreferenceList is a list of VirtualMachineClusterPreference", - "namespaced": true, + "io.k8s.api.core.v1.LoadBalancerStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.ModifyVolumeStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.NamespaceStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.NodeConfigStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.NodeStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSwapStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachineclusterpreferences. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "accessModes": { "items": { - "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineClusterPreference" + "type": "string" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dataSource": { + "description": "apiGroup kind name.", + "type": "object" + }, + "dataSourceRef": { + "description": "apiGroup kind name namespace.", + "type": "object" + }, + "resources": { + "description": "limits requests.", + "type": "object" + }, + "selector": { + "description": "matchExpressions key operator values matchLabels.", + "type": "object" + }, + "storageClassName": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" } }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineClusterPreferenceList", - "version": "v1beta1" - } - ] + "required": [], + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineInstancetype": { - "description": "VirtualMachineInstancetype resource contains quantitative and resource related VirtualMachine configuration\nthat can be used by multiple VirtualMachine resources.", - "namespaced": true, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "allocatedResourceStatuses": { + "type": "object" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "allocatedResources": { + "type": "object" }, - "spec": { - "description": "Required spec describing the instancetype", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Optionally defines the required Annotations to be used by the instance type and applied to the VirtualMachineInstance", - "type": "object" - }, - "cpu": { - "description": "Required CPU related attributes of the instancetype.", - "properties": { - "dedicatedCPUPlacement": { - "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", - "type": "boolean" - }, - "guest": { - "description": "Required number of vCPUs to expose to the guest.\n\nThe resulting CPU topology being derived from the optional PreferredCPUTopology attribute of CPUPreferences that itself defaults to PreferSockets.", - "format": "int32", - "type": "integer" - }, - "isolateEmulatorThread": { - "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", - "type": "boolean" - }, - "maxSockets": { - "description": "MaxSockets specifies the maximum amount of sockets that can be hotplugged", - "format": "int32", - "type": "integer" - }, - "model": { - "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", - "type": "string" - }, - "numa": { - "description": "NUMA allows specifying settings for the guest NUMA topology", - "properties": { - "guestMappingPassthrough": { - "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", - "type": "object" - } - }, - "type": "object" - }, - "realtime": { - "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", - "properties": { - "mask": { - "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "gpus": { - "description": "Optionally defines any GPU devices associated with the instancetype.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "description": "Name of the GPU device as exposed by a device plugin", - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - }, - "virtualGPUOptions": { - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "hostDevices": { - "description": "Optionally defines any HostDevices associated with the instancetype.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ioThreadsPolicy": { - "description": "Optionally defines the IOThreadsPolicy to be used by the instancetype.", - "type": "string" - }, - "launchSecurity": { - "description": "Optionally defines the LaunchSecurity to be used by the instancetype.", - "properties": { - "sev": { - "description": "AMD Secure Encrypted Virtualization (SEV).", - "properties": { - "attestation": { - "description": "If specified, run the attestation process for a vmi.", - "type": "object" - }, - "dhCert": { - "description": "Base64 encoded guest owner's Diffie-Hellman key.", - "type": "string" - }, - "policy": { - "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", - "properties": { - "encryptedState": { - "description": "SEV-ES is required.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "session": { - "description": "Base64 encoded session blob.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "memory": { - "description": "Required Memory related attributes of the instancetype.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Required amount of memory which is visible inside the guest OS.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "hugepages": { - "description": "Optionally enables the use of hugepages for the VirtualMachineInstance instead of regular memory.", - "properties": { - "pageSize": { - "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", - "type": "string" - } - }, - "type": "object" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "overcommitPercent": { - "description": "OvercommitPercent is the percentage of the guest memory which will be overcommitted.\nThis means that the VMIs parent pod (virt-launcher) will request less\nphysical memory by a factor specified by the OvercommitPercent.\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 0", - "maximum": 100, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\nNodeSelector is the name of the custom node selector for the instancetype.", - "type": "object" - }, - "schedulerName": { - "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.\n\nSchedulerName is the name of the custom K8s scheduler for the instancetype.", - "type": "string" - } + "capacity": { + "type": "object" + }, + "conditions": { + "description": "lastProbeTime lastTransitionTime message reason status type.", + "items": { + "type": "object" }, - "required": [ - "cpu", - "memory" - ], + "type": "array" + }, + "currentVolumeAttributesClassName": { + "type": "string" + }, + "modifyVolumeStatus": { + "description": "status enum: InProgress, Infeasible, Pending targetVolumeAttributesClassName.", "type": "object" + }, + "phase": { + "type": "string" } }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineInstancetype", - "version": "v1beta1" - } - ] + "required": [], + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachineInstancetypeList": { - "description": "VirtualMachineInstancetypeList is a list of VirtualMachineInstancetype", - "namespaced": true, + "io.k8s.api.core.v1.PersistentVolumeSpec": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" }, - "items": { - "description": "List of virtualmachineinstancetypes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "awsElasticBlockStore": { + "description": "fsType partition readOnly volumeID.", + "type": "object" + }, + "azureDisk": { + "description": "cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly.", + "type": "object" + }, + "azureFile": { + "description": "readOnly secretName secretNamespace shareName.", + "type": "object" + }, + "capacity": { + "type": "object" + }, + "cephfs": { + "description": "monitors path readOnly secretFile secretRef name namespace user.", + "type": "object" + }, + "cinder": { + "description": "fsType readOnly secretRef name namespace volumeID.", + "type": "object" + }, + "claimRef": { + "description": "apiVersion fieldPath kind name namespace resourceVersion uid.", + "type": "object" + }, + "csi": { + "description": "controllerExpandSecretRef name namespace controllerPublishSecretRef name namespace driver fsType nodeExpandSecretRef name namespace nodePublishSecretRef name namespace nodeStageSecretRef name namespace readOnly volumeAttributes volumeHandle.", + "type": "object" + }, + "fc": { + "description": "fsType lun readOnly targetWWNs wwids.", + "type": "object" + }, + "flexVolume": { + "description": "driver fsType options readOnly secretRef name namespace.", + "type": "object" + }, + "flocker": { + "description": "datasetName datasetUUID.", + "type": "object" + }, + "gcePersistentDisk": { + "description": "fsType partition pdName readOnly.", + "type": "object" + }, + "glusterfs": { + "description": "endpoints endpointsNamespace path readOnly.", + "type": "object" + }, + "hostPath": { + "description": "path type enum: \"\", BlockDevice, CharDevice, Directory.", + "type": "object" + }, + "iscsi": { + "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name namespace targetPortal.", + "type": "object" + }, + "local": { + "description": "fsType path.", + "type": "object" + }, + "mountOptions": { "items": { - "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachineInstancetype" + "type": "string" }, "type": "array" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "nfs": { + "description": "path readOnly server.", + "type": "object" + }, + "nodeAffinity": { + "description": "required nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values.", + "type": "object" + }, + "persistentVolumeReclaimPolicy": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "photonPersistentDisk": { + "description": "fsType pdID.", + "type": "object" + }, + "portworxVolume": { + "description": "fsType readOnly volumeID.", + "type": "object" + }, + "quobyte": { + "description": "group readOnly registry tenant user volume.", + "type": "object" + }, + "rbd": { + "description": "fsType image keyring monitors pool readOnly secretRef name namespace user.", + "type": "object" + }, + "scaleIO": { + "description": "fsType gateway protectionDomain readOnly secretRef name namespace sslEnabled storageMode storagePool system volumeName.", + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "storageos": { + "description": "fsType readOnly secretRef apiVersion fieldPath kind name namespace resourceVersion uid volumeName volumeNamespace.", + "type": "object" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "vsphereVolume": { + "description": "fsType storagePolicyID storagePolicyName volumePath.", + "type": "object" } }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachineInstancetypeList", - "version": "v1beta1" - } - ] + "required": [], + "type": "object" }, - "instancetype.kubevirt.io/v1beta1/VirtualMachinePreference": { - "description": "VirtualMachinePreference resource contains optional preferences related to the VirtualMachine.", - "namespaced": true, + "io.k8s.api.core.v1.PersistentVolumeStatus": { "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "lastPhaseTransitionTime": { "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "phase": { + "type": "string" }, - "spec": { - "description": "Required spec describing the preferences", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Optionally defines preferred Annotations to be applied to the VirtualMachineInstance", - "type": "object" - }, - "clock": { - "description": "Clock optionally defines preferences associated with the Clock attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredClockOffset": { - "description": "ClockOffset allows specifying the UTC offset or the timezone of the guest clock.", - "properties": { - "timezone": { - "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", - "type": "string" - }, - "utc": { - "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", - "properties": { - "offsetSeconds": { - "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredTimer": { - "description": "Timer specifies whih timers are attached to the vmi.", - "properties": { - "hpet": { - "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "pit": { - "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "rtc": { - "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", - "type": "string" - }, - "track": { - "description": "Track the guest or the wall clock.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "cpu": { - "description": "CPU optionally defines preferences associated with the CPU attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredCPUFeatures": { - "description": "PreferredCPUFeatures optionally defines a slice of preferred CPU features.", - "items": { - "description": "CPUFeature allows specifying a CPU feature.", - "properties": { - "name": { - "description": "Name of the CPU feature", - "type": "string" - }, - "policy": { - "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "preferredCPUTopology": { - "description": "PreferredCPUTopology optionally defines the preferred guest visible CPU topology, defaults to PreferSockets.", - "type": "string" - }, - "spreadOptions": { - "properties": { - "across": { - "description": "Across optionally defines how to spread vCPUs across the guest visible topology.\nDefault: SocketsCores", - "type": "string" - }, - "ratio": { - "description": "Ratio optionally defines the ratio to spread vCPUs across the guest visible topology:\n\nCoresThreads - 1:2 - Controls the ratio of cores to threads. Only a ratio of 2 is currently accepted.\nSocketsCores - 1:N - Controls the ratio of socket to cores.\nSocketsCoresThreads - 1:N:2 - Controls the ratio of socket to cores. Each core providing 2 threads.\n\nDefault: 2", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "devices": { - "description": "Devices optionally defines preferences associated with the Devices attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredAutoattachGraphicsDevice": { - "description": "PreferredAutoattachGraphicsDevice optionally defines the preferred value of AutoattachGraphicsDevice", - "type": "boolean" - }, - "preferredAutoattachInputDevice": { - "description": "PreferredAutoattachInputDevice optionally defines the preferred value of AutoattachInputDevice", - "type": "boolean" - }, - "preferredAutoattachMemBalloon": { - "description": "PreferredAutoattachMemBalloon optionally defines the preferred value of AutoattachMemBalloon", - "type": "boolean" - }, - "preferredAutoattachPodInterface": { - "description": "PreferredAutoattachPodInterface optionally defines the preferred value of AutoattachPodInterface", - "type": "boolean" - }, - "preferredAutoattachSerialConsole": { - "description": "PreferredAutoattachSerialConsole optionally defines the preferred value of AutoattachSerialConsole", - "type": "boolean" - }, - "preferredBlockMultiQueue": { - "description": "PreferredBlockMultiQueue optionally enables the vhost multiqueue feature for virtio disks.", - "type": "boolean" - }, - "preferredCdromBus": { - "description": "PreferredCdromBus optionally defines the preferred bus for Cdrom Disk devices.", - "type": "string" - }, - "preferredDisableHotplug": { - "description": "PreferredDisableHotplug optionally defines the preferred value of DisableHotplug", - "type": "boolean" - }, - "preferredDiskBlockSize": { - "description": "PreferredBlockSize optionally defines the block size of Disk devices.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredDiskBus": { - "description": "PreferredDiskBus optionally defines the preferred bus for Disk Disk devices.", - "type": "string" - }, - "preferredDiskCache": { - "description": "PreferredCache optionally defines the DriverCache to be used by Disk devices.", - "type": "string" - }, - "preferredDiskDedicatedIoThread": { - "description": "PreferredDedicatedIoThread optionally enables dedicated IO threads for Disk devices using the virtio bus.", - "type": "boolean" - }, - "preferredDiskIO": { - "description": "PreferredIo optionally defines the QEMU disk IO mode to be used by Disk devices.", - "type": "string" - }, - "preferredInputBus": { - "description": "PreferredInputBus optionally defines the preferred bus for Input devices.", - "type": "string" - }, - "preferredInputType": { - "description": "PreferredInputType optionally defines the preferred type for Input devices.", - "type": "string" - }, - "preferredInterfaceMasquerade": { - "description": "PreferredInterfaceMasquerade optionally defines the preferred masquerade configuration to use with each network interface.", - "type": "object" - }, - "preferredInterfaceModel": { - "description": "PreferredInterfaceModel optionally defines the preferred model to be used by Interface devices.", - "type": "string" - }, - "preferredLunBus": { - "description": "PreferredLunBus optionally defines the preferred bus for Lun Disk devices.", - "type": "string" - }, - "preferredNetworkInterfaceMultiQueue": { - "description": "PreferredNetworkInterfaceMultiQueue optionally enables the vhost multiqueue feature for virtio interfaces.", - "type": "boolean" - }, - "preferredPanicDeviceModel": { - "description": "PreferredPanicDeviceModel optionally defines the preferred panic device model to use with panic devices.", - "type": "string" - }, - "preferredRng": { - "description": "PreferredRng optionally defines the preferred rng device to be used.", - "type": "object" - }, - "preferredSoundModel": { - "description": "PreferredSoundModel optionally defines the preferred model for Sound devices.", - "type": "string" - }, - "preferredTPM": { - "description": "PreferredTPM optionally defines the preferred TPM device to be used.", - "properties": { - "enabled": { - "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", - "type": "boolean" - }, - "persistent": { - "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredUseVirtioTransitional": { - "description": "PreferredUseVirtioTransitional optionally defines the preferred value of UseVirtioTransitional", - "type": "boolean" - }, - "preferredVirtualGPUOptions": { - "description": "PreferredVirtualGPUOptions optionally defines the preferred value of VirtualGPUOptions", - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "features": { - "description": "Features optionally defines preferences associated with the Features attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredAcpi": { - "description": "PreferredAcpi optionally enables the ACPI feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredApic": { - "description": "PreferredApic optionally enables and configures the APIC feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "endOfInterrupt": { - "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredHyperv": { - "description": "PreferredHyperv optionally enables and configures HyperV features", - "properties": { - "evmcs": { - "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "frequencies": { - "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "ipi": { - "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reenlightenment": { - "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "relaxed": { - "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reset": { - "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "runtime": { - "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "spinlocks": { - "description": "Spinlocks allows to configure the spinlock retry attempts.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "spinlocks": { - "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "synic": { - "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "synictimer": { - "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", - "properties": { - "direct": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "tlbflush": { - "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vapic": { - "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vendorid": { - "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "vendorid": { - "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", - "type": "string" - } - }, - "type": "object" - }, - "vpindex": { - "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "preferredKvm": { - "description": "PreferredKvm optionally enables and configures KVM features", - "properties": { - "hidden": { - "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredPvspinlock": { - "description": "PreferredPvspinlock optionally enables the Pvspinlock feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredSmm": { - "description": "PreferredSmm optionally enables the SMM feature", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "firmware": { - "description": "Firmware optionally defines preferences associated with the Firmware attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredEfi": { - "description": "PreferredEfi optionally enables EFI", - "properties": { - "persistent": { - "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", - "type": "boolean" - }, - "secureBoot": { - "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", - "type": "boolean" - } - }, - "type": "object" - }, - "preferredUseBios": { - "description": "PreferredUseBios optionally enables BIOS", - "type": "boolean" - }, - "preferredUseBiosSerial": { - "description": "PreferredUseBiosSerial optionally transmitts BIOS output over the serial.\n\nRequires PreferredUseBios to be enabled.", - "type": "boolean" - }, - "preferredUseEfi": { - "description": "PreferredUseEfi optionally enables EFI\n\nDeprecated: Will be removed with v1beta2 or v1", - "type": "boolean" - }, - "preferredUseSecureBoot": { - "description": "PreferredUseSecureBoot optionally enables SecureBoot and the OVMF roms will be swapped for SecureBoot-enabled ones.\n\nRequires PreferredUseEfi and PreferredSmm to be enabled.\n\nDeprecated: Will be removed with v1beta2 or v1", - "type": "boolean" - } - }, - "type": "object" - }, - "machine": { - "description": "Machine optionally defines preferences associated with the Machine attribute of a VirtualMachineInstance DomainSpec", - "properties": { - "preferredMachineType": { - "description": "PreferredMachineType optionally defines the preferred machine type to use.", - "type": "string" - } - }, - "type": "object" - }, - "preferSpreadSocketToCoreRatio": { - "description": "PreferSpreadSocketToCoreRatio defines the ratio to spread vCPUs between cores and sockets, it defaults to 2.", - "format": "int32", - "type": "integer" - }, - "preferredSubdomain": { - "description": "Subdomain of the VirtualMachineInstance", - "type": "string" - }, - "preferredTerminationGracePeriodSeconds": { - "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", - "format": "int64", - "type": "integer" - }, - "requirements": { - "description": "Requirements defines the minium amount of instance type defined resources required by a set of preferences", - "properties": { - "cpu": { - "description": "Required CPU related attributes of the instancetype.", - "properties": { - "guest": { - "description": "Minimal number of vCPUs required by the preference.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "guest" - ], - "type": "object" - }, - "memory": { - "description": "Required Memory related attributes of the instancetype.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Minimal amount of memory required by the preference.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "guest" - ], - "type": "object" - } - }, - "type": "object" - }, - "volumes": { - "description": "Volumes optionally defines preferences associated with the Volumes attribute of a VirtualMachineInstace DomainSpec", - "properties": { - "preferredStorageClassName": { - "description": "PreffereedStorageClassName optionally defines the preferred storageClass", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachinePreference", - "version": "v1beta1" - } - ] - }, - "instancetype.kubevirt.io/v1beta1/VirtualMachinePreferenceList": { - "description": "VirtualMachinePreferenceList is a list of VirtualMachinePreference", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachinepreferences. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.instancetype.v1beta1.VirtualMachinePreference" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "instancetype.kubevirt.io", - "kind": "VirtualMachinePreferenceList", - "version": "v1beta1" - } - ] + "required": [], + "type": "object" }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus": { + "io.k8s.api.core.v1.PodResourceClaimStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.apps.v1.DaemonSetSpec": { + "io.k8s.api.core.v1.PodSpec": { "properties": { - "minReadySeconds": { - "description": "The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", - "type": "integer" - }, - "revisionHistoryLimit": { - "description": "The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", "type": "integer" }, - "selector": { - "description": "matchExpressions key operator values matchLabels.", - "type": "object" - }, - "template": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", + "affinity": { + "description": "nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey.", "type": "object" }, - "updateStrategy": { - "description": "rollingUpdate maxSurge maxUnavailable type enum: OnDelete, RollingUpdate.", - "type": "object" - } - }, - "required": [ - "selector", - "template" - ], - "type": "object" - }, - "io.k8s.api.apps.v1.DaemonSetStatus": { - "properties": { - "collisionCount": { - "type": "integer" + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" }, - "conditions": { - "description": "lastTransitionTime message reason status type.", + "containers": { + "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", "items": { "type": "object" }, "type": "array" }, - "currentNumberScheduled": { - "type": "integer" - }, - "desiredNumberScheduled": { - "type": "integer" - }, - "numberAvailable": { - "type": "integer" - }, - "numberMisscheduled": { - "type": "integer" - }, - "numberReady": { - "type": "integer" - }, - "numberUnavailable": { - "type": "integer" - }, - "observedGeneration": { - "type": "integer" + "dnsConfig": { + "description": "nameservers options name value searches.", + "type": "object" }, - "updatedNumberScheduled": { - "type": "integer" - } - }, - "required": [ - "currentNumberScheduled", - "desiredNumberScheduled", - "numberMisscheduled", - "numberReady" - ], - "type": "object" - }, - "io.k8s.api.apps.v1.DeploymentSpec": { - "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", - "type": "integer" + "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", + "type": "string" }, - "paused": { - "description": "Indicates that the deployment is paused.", + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", "type": "boolean" }, - "progressDeadlineSeconds": { - "description": "The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.", - "type": "integer" + "ephemeralContainers": { + "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", + "items": { + "type": "object" + }, + "type": "array" }, - "replicas": { - "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", - "type": "integer" + "hostAliases": { + "description": "hostnames ip.", + "items": { + "type": "object" + }, + "type": "array" }, - "revisionHistoryLimit": { - "description": "The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.", - "type": "integer" + "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", + "type": "boolean" }, - "selector": { - "description": "matchExpressions key operator values matchLabels.", - "type": "object" + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.", + "type": "boolean" }, - "strategy": { - "description": "rollingUpdate maxSurge maxUnavailable type enum: Recreate, RollingUpdate.", - "type": "object" + "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", + "type": "boolean" }, - "template": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" - } - }, - "required": [ - "selector", - "template" - ], - "type": "object" - }, - "io.k8s.api.apps.v1.DeploymentStatus": { - "properties": { - "availableReplicas": { - "type": "integer" + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" }, - "collisionCount": { - "type": "integer" + "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" }, - "conditions": { - "description": "lastTransitionTime lastUpdateTime message reason status type.", + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod.", "items": { "type": "object" }, "type": "array" }, - "observedGeneration": { - "type": "integer" + "initContainers": { + "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", + "items": { + "type": "object" + }, + "type": "array" }, - "readyReplicas": { - "type": "integer" + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename.", + "type": "string" }, - "replicas": { - "type": "integer" + "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/.", + "type": "object" }, - "terminatingReplicas": { - "type": "integer" + "os": { + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup.", + "type": "object" }, - "unavailableReplicas": { - "type": "integer" + "overhead": { + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md.", + "type": "object" }, - "updatedReplicas": { - "type": "integer" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.apps.v1.ReplicaSetSpec": { - "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", - "type": "integer" + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", + "type": "string" }, - "replicas": { - "description": "Replicas is the number of desired pods. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset.", + "priority": { + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", "type": "integer" }, - "selector": { - "description": "matchExpressions key operator values matchLabels.", - "type": "object" - }, - "template": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" - } - }, - "required": [ - "selector" - ], - "type": "object" - }, - "io.k8s.api.apps.v1.ReplicaSetStatus": { - "properties": { - "availableReplicas": { - "type": "integer" + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "type": "string" }, - "conditions": { - "description": "lastTransitionTime message reason status type.", + "readinessGates": { + "description": "conditionType.", "items": { "type": "object" }, "type": "array" }, - "fullyLabeledReplicas": { - "type": "integer" + "resourceClaims": { + "description": "name resourceClaimName resourceClaimTemplateName.", + "items": { + "type": "object" + }, + "type": "array" }, - "observedGeneration": { - "type": "integer" + "resources": { + "description": "claims name request limits requests.", + "type": "object" }, - "readyReplicas": { - "type": "integer" + "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy.", + "type": "string" }, - "replicas": { - "type": "integer" + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class.", + "type": "string" }, - "terminatingReplicas": { - "type": "integer" - } - }, - "required": [ - "replicas" - ], - "type": "object" - }, - "io.k8s.api.apps.v1.StatefulSetSpec": { - "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).", - "type": "integer" + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", + "type": "string" }, - "ordinals": { - "description": "ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a \"0\" index to the first replica and increments the index by one for each additional replica requested.", - "type": "object" + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "items": { + "type": "object" + }, + "type": "array" }, - "persistentVolumeClaimRetentionPolicy": { - "description": "whenDeleted whenScaled.", + "securityContext": { + "description": "appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", "type": "object" }, - "podManagementPolicy": { - "description": "podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.", + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", "type": "string" }, - "replicas": { - "description": "replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.", - "type": "integer" + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.", + "type": "string" }, - "revisionHistoryLimit": { - "description": "revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.", - "type": "integer" + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", + "type": "boolean" }, - "selector": { - "description": "matchExpressions key operator values matchLabels.", - "type": "object" + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", + "type": "boolean" }, - "serviceName": { - "description": "serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where \"pod-specific-string\" is managed by the StatefulSet controller.", + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", "type": "string" }, - "template": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "type": "integer" }, - "updateStrategy": { - "description": "rollingUpdate maxUnavailable partition type enum: OnDelete, RollingUpdate.", - "type": "object" + "tolerations": { + "description": "effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value.", + "items": { + "type": "object" + }, + "type": "array" }, - "volumeClaimTemplates": { - "description": "apiVersion kind metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName status accessModes allocatedResourceStatuses allocatedResources capacity conditions lastProbeTime lastTransitionTime message reason status type currentVolumeAttributesClassName modifyVolumeStatus status enum: InProgress, Infeasible, Pending targetVolumeAttributesClassName phase enum: Bound, Lost, Pending.", + "topologySpreadConstraints": { + "description": "labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway.", + "items": { + "type": "object" + }, + "type": "array" + }, + "volumes": { + "description": "awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", "items": { "type": "object" }, @@ -100714,296 +93179,231 @@ } }, "required": [ - "selector", - "template" + "containers" ], "type": "object" }, - "io.k8s.api.apps.v1.StatefulSetStatus": { + "io.k8s.api.core.v1.PodStatus": { "properties": { - "availableReplicas": { - "type": "integer" - }, - "collisionCount": { - "type": "integer" - }, "conditions": { - "description": "lastTransitionTime message reason status type.", + "description": "lastProbeTime lastTransitionTime message observedGeneration reason status type.", "items": { "type": "object" }, "type": "array" }, - "currentReplicas": { - "type": "integer" + "containerStatuses": { + "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", + "items": { + "type": "object" + }, + "type": "array" }, - "currentRevision": { + "ephemeralContainerStatuses": { + "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", + "items": { + "type": "object" + }, + "type": "array" + }, + "hostIP": { + "type": "string" + }, + "hostIPs": { + "items": { + "type": "object" + }, + "type": "array" + }, + "initContainerStatuses": { + "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", + "items": { + "type": "object" + }, + "type": "array" + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { "type": "string" }, "observedGeneration": { "type": "integer" }, - "readyReplicas": { - "type": "integer" + "phase": { + "type": "string" }, - "replicas": { - "type": "integer" + "podIP": { + "type": "string" }, - "updateRevision": { + "podIPs": { + "items": { + "type": "object" + }, + "type": "array" + }, + "qosClass": { "type": "string" }, - "updatedReplicas": { - "type": "integer" + "reason": { + "type": "string" + }, + "resize": { + "type": "string" + }, + "resourceClaimStatuses": { + "description": "name resourceClaimName.", + "items": { + "type": "object" + }, + "type": "array" + }, + "startTime": { + "type": "string" } }, - "required": [ - "replicas" - ], - "type": "object" - }, - "io.k8s.api.authentication.v1.SelfSubjectReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.authentication.v1.TokenRequestStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.authentication.v1.TokenReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.authorization.v1.LabelSelectorAttributes": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.authorization.v1.SubjectAccessReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.authorization.v1.SubjectRulesReviewStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v1.HorizontalPodAutoscalerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v1.ScaleStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v2.ContainerResourceMetricStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v2.ExternalMetricStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v2.MetricStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.autoscaling.v2.MetricValueStatus": { - "additionalProperties": true, + "required": [], "type": "object" }, - "io.k8s.api.autoscaling.v2.ObjectMetricStatus": { + "io.k8s.api.core.v1.PortStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.autoscaling.v2.PodsMetricStatus": { + "io.k8s.api.core.v1.ReplicationControllerStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.autoscaling.v2.ResourceMetricStatus": { + "io.k8s.api.core.v1.ResourceQuotaStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.batch.v1.CronJobSpec": { + "io.k8s.api.core.v1.ResourceRequirements": { "properties": { - "concurrencyPolicy": { - "type": "string" - }, - "failedJobsHistoryLimit": { - "type": "integer" - }, - "jobTemplate": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds backoffLimit backoffLimitPerIndex completionMode enum: Indexed, NonIndexed completions managedBy manualSelector maxFailedIndexes parallelism podFailurePolicy rules action enum: Count, FailIndex, FailJob, Ignore onExitCodes containerName operator enum: In, NotIn values onPodConditions status type podReplacementPolicy enum: Failed, TerminatingOrFailed selector matchExpressions key operator values matchLabels successPolicy rules succeededCount succeededIndexes suspend template metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath ttlSecondsAfterFinished.", - "type": "object" - }, - "schedule": { - "type": "string" - }, - "startingDeadlineSeconds": { - "type": "integer" + "args": { + "items": { + "type": "string" + }, + "type": "array" }, - "successfulJobsHistoryLimit": { - "type": "integer" + "command": { + "items": { + "type": "string" + }, + "type": "array" }, - "suspend": { - "type": "boolean" + "env": { + "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", + "items": { + "type": "object" + }, + "type": "array" }, - "timeZone": { - "type": "string" - } - }, - "required": [ - "jobTemplate", - "schedule" - ], - "type": "object" - }, - "io.k8s.api.batch.v1.CronJobStatus": { - "properties": { - "active": { - "description": "apiVersion fieldPath kind name namespace resourceVersion uid.", + "envFrom": { + "description": "configMapRef name prefix secretRef name.", "items": { "type": "object" }, "type": "array" }, - "lastScheduleTime": { + "image": { "type": "string" }, - "lastSuccessfulTime": { + "imagePullPolicy": { "type": "string" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.batch.v1.JobSpec": { - "properties": { - "activeDeadlineSeconds": { - "description": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", - "type": "integer" - }, - "backoffLimit": { - "description": "Specifies the number of retries before marking this job failed. Defaults to 6.", - "type": "integer" - }, - "backoffLimitPerIndex": { - "description": "Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable.", - "type": "integer" }, - "completionMode": { - "description": "completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other. `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.", - "type": "string" + "lifecycle": { + "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", + "type": "object" }, - "completions": { - "description": "Specifies the desired number of successfully finished pods the job should be run with. Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.", - "type": "integer" + "livenessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" }, - "managedBy": { - "description": "ManagedBy field indicates the controller that manages a Job. The k8s Job controller reconciles jobs which don't have this field at all or the field value is the reserved string `kubernetes.io/job-controller`, but skips reconciling Jobs with a custom value for this field. The value must be a valid domain-prefixed path (e.g. acme.io/foo) - all characters before the first \"/\" must be a valid subdomain as defined by RFC 1123. All characters trailing the first \"/\" must be valid HTTP Path characters as defined by RFC 3986. The value cannot exceed 63 characters. This field is immutable. This field is beta-level. The job controller accepts setting the field when the feature gate JobManagedBy is enabled (enabled by default).", + "name": { "type": "string" }, - "manualSelector": { - "description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector.", - "type": "boolean" + "ports": { + "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", + "items": { + "type": "object" + }, + "type": "array" }, - "maxFailedIndexes": { - "description": "Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5.", - "type": "integer" + "readinessProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", + "type": "object" }, - "parallelism": { - "description": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.", - "type": "integer" + "resizePolicy": { + "description": "resourceName restartPolicy.", + "items": { + "type": "object" + }, + "type": "array" }, - "podFailurePolicy": { - "description": "rules action enum: Count, FailIndex, FailJob, Ignore onExitCodes containerName operator enum: In, NotIn values onPodConditions status type.", + "resources": { + "description": "claims name request limits requests.", "type": "object" }, - "podReplacementPolicy": { - "description": "podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods when they are terminating (has a metadata.deletionTimestamp) or failed. - Failed means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod. When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle. This is on by default.", + "restartPolicy": { "type": "string" }, - "selector": { - "description": "matchExpressions key operator values matchLabels.", + "securityContext": { + "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", "type": "object" }, - "successPolicy": { - "description": "rules succeededCount succeededIndexes.", + "startupProbe": { + "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", "type": "object" }, - "suspend": { - "description": "suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.", + "stdin": { "type": "boolean" }, - "template": { - "description": "metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec activeDeadlineSeconds affinity nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey automountServiceAccountToken containers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir dnsConfig nameservers options name value searches dnsPolicy enum: ClusterFirst, ClusterFirstWithHostNet, Default, None enableServiceLinks ephemeralContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir hostAliases hostnames ip hostIPC hostNetwork hostPID hostUsers hostname imagePullSecrets name initContainers args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir nodeName nodeSelector os name overhead preemptionPolicy enum: Never, PreemptLowerPriority priority priorityClassName readinessGates conditionType resourceClaims name resourceClaimName resourceClaimTemplateName resources claims name request limits requests restartPolicy enum: Always, Never, OnFailure runtimeClassName schedulerName schedulingGates name securityContext appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName serviceAccount serviceAccountName setHostnameAsFQDN shareProcessNamespace subdomain terminationGracePeriodSeconds tolerations effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value topologySpreadConstraints labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway volumes awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" - }, - "ttlSecondsAfterFinished": { - "description": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.", - "type": "integer" - } - }, - "required": [ - "template" - ], - "type": "object" - }, - "io.k8s.api.batch.v1.JobStatus": { - "properties": { - "active": { - "type": "integer" + "stdinOnce": { + "type": "boolean" }, - "completedIndexes": { + "terminationMessagePath": { "type": "string" }, - "completionTime": { + "terminationMessagePolicy": { "type": "string" }, - "conditions": { - "description": "lastProbeTime lastTransitionTime message reason status type.", + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "description": "devicePath name.", "items": { "type": "object" }, "type": "array" }, - "failed": { - "type": "integer" - }, - "failedIndexes": { - "type": "string" - }, - "ready": { - "type": "integer" + "volumeMounts": { + "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", + "items": { + "type": "object" + }, + "type": "array" }, - "startTime": { + "workingDir": { "type": "string" - }, - "succeeded": { - "type": "integer" - }, - "terminating": { - "type": "integer" - }, - "uncountedTerminatedPods": { - "description": "failed succeeded.", - "type": "object" } }, - "required": [], + "required": [ + "name" + ], "type": "object" }, - "io.k8s.api.certificates.v1.CertificateSigningRequestStatus": { + "io.k8s.api.core.v1.ResourceStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.core.v1.ConfigMapData": { + "io.k8s.api.core.v1.SecretData": { "properties": {}, "required": [], "type": "object" }, - "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "io.k8s.api.core.v1.SecretVolumeSource": { "properties": { "awsElasticBlockStore": { "description": "fsType partition readOnly volumeID.", @@ -101134,17 +93534,15 @@ ], "type": "object" }, - "io.k8s.api.core.v1.Container": { + "io.k8s.api.core.v1.SecurityContext": { "properties": { "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", "items": { "type": "string" }, "type": "array" }, "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", "items": { "type": "string" }, @@ -101165,11 +93563,9 @@ "type": "array" }, "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images.", "type": "string" }, "lifecycle": { @@ -101181,7 +93577,6 @@ "type": "object" }, "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { @@ -101207,7 +93602,6 @@ "type": "object" }, "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", "type": "string" }, "securityContext": { @@ -101219,23 +93613,18 @@ "type": "object" }, "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false.", "type": "boolean" }, "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { @@ -101253,7 +93642,6 @@ "type": "array" }, "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, @@ -101262,259 +93650,126 @@ ], "type": "object" }, - "io.k8s.api.core.v1.ContainerPort": { + "io.k8s.api.core.v1.ServiceSpec": { "properties": { - "containerPort": { - "type": "integer" - }, - "hostIP": { - "type": "string" - }, - "hostPort": { - "type": "integer" + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", + "type": "boolean" }, - "name": { + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", "type": "string" }, - "protocol": { - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "io.k8s.api.core.v1.ContainerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.EnvVar": { - "properties": { - "args": { + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", "items": { "type": "string" }, "type": "array" }, - "command": { + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", "items": { "type": "string" }, "type": "array" }, - "env": { - "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "description": "configMapRef name prefix secretRef name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "image": { + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", "type": "string" }, - "imagePullPolicy": { + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.", "type": "string" }, - "lifecycle": { - "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", - "type": "object" - }, - "livenessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", + "type": "integer" }, - "name": { + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", "type": "string" }, - "ports": { - "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", - "items": { - "type": "object" - }, - "type": "array" - }, - "readinessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "resizePolicy": { - "description": "resourceName restartPolicy.", + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", "items": { - "type": "object" + "type": "string" }, "type": "array" }, - "resources": { - "description": "claims name request limits requests.", - "type": "object" - }, - "restartPolicy": { + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.", "type": "string" }, - "securityContext": { - "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", - "type": "object" - }, - "startupProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", "type": "string" }, - "terminationMessagePolicy": { + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", "type": "string" }, - "tty": { - "type": "boolean" - }, - "volumeDevices": { - "description": "devicePath name.", + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/.", "items": { - "type": "object" + "type": "string" }, "type": "array" }, - "volumeMounts": { - "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", + "ports": { + "description": "appProtocol name nodePort port protocol enum: SCTP, TCP, UDP targetPort.", "items": { "type": "object" }, "type": "array" }, - "workingDir": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.core.v1.LoadBalancerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.ModifyVolumeStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.NamespaceStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.NodeConfigStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.NodeStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.NodeSwapStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "apiGroup kind name.", - "type": "object" - }, - "dataSourceRef": { - "description": "apiGroup kind name namespace.", - "type": "object" - }, - "resources": { - "description": "limits requests.", - "type": "object" + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" }, "selector": { - "description": "matchExpressions key operator values matchLabels.", + "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/.", "type": "object" }, - "storageClassName": { + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", "type": "string" }, - "volumeAttributesClassName": { - "type": "string" + "sessionAffinityConfig": { + "description": "clientIP timeoutSeconds.", + "type": "object" }, - "volumeMode": { + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", "type": "string" }, - "volumeName": { + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types.", "type": "string" } }, "required": [], "type": "object" }, - "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "io.k8s.api.core.v1.ServiceStatus": { "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array" - }, - "allocatedResourceStatuses": { - "type": "object" - }, - "allocatedResources": { - "type": "object" - }, - "capacity": { - "type": "object" - }, "conditions": { - "description": "lastProbeTime lastTransitionTime message reason status type.", + "description": "lastTransitionTime message observedGeneration reason status type.", "items": { "type": "object" }, "type": "array" }, - "currentVolumeAttributesClassName": { - "type": "string" - }, - "modifyVolumeStatus": { - "description": "status enum: InProgress, Infeasible, Pending targetVolumeAttributesClassName.", + "loadBalancer": { + "description": "ingress hostname ip ipMode ports error port protocol enum: SCTP, TCP, UDP.", "type": "object" - }, - "phase": { - "type": "string" } }, "required": [], "type": "object" }, - "io.k8s.api.core.v1.PersistentVolumeSpec": { + "io.k8s.api.core.v1.Volume": { "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array" - }, "awsElasticBlockStore": { "description": "fsType partition readOnly volumeID.", "type": "object" @@ -101524,26 +93779,35 @@ "type": "object" }, "azureFile": { - "description": "readOnly secretName secretNamespace shareName.", - "type": "object" - }, - "capacity": { + "description": "readOnly secretName shareName.", "type": "object" }, "cephfs": { - "description": "monitors path readOnly secretFile secretRef name namespace user.", + "description": "monitors path readOnly secretFile secretRef name user.", "type": "object" }, "cinder": { - "description": "fsType readOnly secretRef name namespace volumeID.", + "description": "fsType readOnly secretRef name volumeID.", "type": "object" }, - "claimRef": { - "description": "apiVersion fieldPath kind name namespace resourceVersion uid.", + "configMap": { + "description": "defaultMode items key mode path name.", "type": "object" }, "csi": { - "description": "controllerExpandSecretRef name namespace controllerPublishSecretRef name namespace driver fsType nodeExpandSecretRef name namespace nodePublishSecretRef name namespace nodeStageSecretRef name namespace readOnly volumeAttributes volumeHandle.", + "description": "driver fsType nodePublishSecretRef name readOnly volumeAttributes.", + "type": "object" + }, + "downwardAPI": { + "description": "defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource.", + "type": "object" + }, + "emptyDir": { + "description": "medium sizeLimit.", + "type": "object" + }, + "ephemeral": { + "description": "volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName.", "type": "object" }, "fc": { @@ -101551,7 +93815,7 @@ "type": "object" }, "flexVolume": { - "description": "driver fsType options readOnly secretRef name namespace.", + "description": "driver fsType options readOnly secretRef name.", "type": "object" }, "flocker": { @@ -101562,39 +93826,37 @@ "description": "fsType partition pdName readOnly.", "type": "object" }, + "gitRepo": { + "description": "directory repository revision.", + "type": "object" + }, "glusterfs": { - "description": "endpoints endpointsNamespace path readOnly.", + "description": "endpoints path readOnly.", "type": "object" }, "hostPath": { "description": "path type enum: \"\", BlockDevice, CharDevice, Directory.", "type": "object" }, - "iscsi": { - "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name namespace targetPortal.", + "image": { + "description": "pullPolicy enum: Always, IfNotPresent, Never reference.", "type": "object" }, - "local": { - "description": "fsType path.", + "iscsi": { + "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal.", "type": "object" }, - "mountOptions": { - "items": { - "type": "string" - }, - "type": "array" + "name": { + "type": "string" }, "nfs": { "description": "path readOnly server.", "type": "object" }, - "nodeAffinity": { - "description": "required nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values.", + "persistentVolumeClaim": { + "description": "claimName readOnly.", "type": "object" }, - "persistentVolumeReclaimPolicy": { - "type": "string" - }, "photonPersistentDisk": { "description": "fsType pdID.", "type": "object" @@ -101603,358 +93865,41 @@ "description": "fsType readOnly volumeID.", "type": "object" }, + "projected": { + "description": "defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path.", + "type": "object" + }, "quobyte": { "description": "group readOnly registry tenant user volume.", "type": "object" }, "rbd": { - "description": "fsType image keyring monitors pool readOnly secretRef name namespace user.", + "description": "fsType image keyring monitors pool readOnly secretRef name user.", "type": "object" }, "scaleIO": { - "description": "fsType gateway protectionDomain readOnly secretRef name namespace sslEnabled storageMode storagePool system volumeName.", + "description": "fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName.", "type": "object" }, - "storageClassName": { - "type": "string" + "secret": { + "description": "defaultMode items key mode path optional secretName.", + "type": "object" }, "storageos": { - "description": "fsType readOnly secretRef apiVersion fieldPath kind name namespace resourceVersion uid volumeName volumeNamespace.", + "description": "fsType readOnly secretRef name volumeName volumeNamespace.", "type": "object" }, - "volumeAttributesClassName": { - "type": "string" - }, - "volumeMode": { - "type": "string" - }, "vsphereVolume": { "description": "fsType storagePolicyID storagePolicyName volumePath.", "type": "object" } }, - "required": [], - "type": "object" - }, - "io.k8s.api.core.v1.PersistentVolumeStatus": { - "properties": { - "lastPhaseTransitionTime": { - "type": "string" - }, - "message": { - "type": "string" - }, - "phase": { - "type": "string" - }, - "reason": { - "type": "string" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.core.v1.PodResourceClaimStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.PodSpec": { - "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", - "type": "integer" - }, - "affinity": { - "description": "nodeAffinity preferredDuringSchedulingIgnoredDuringExecution preference matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values weight requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key operator enum: DoesNotExist, Exists, Gt, In, .... values matchFields key operator enum: DoesNotExist, Exists, Gt, In, .... values podAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey podAntiAffinity preferredDuringSchedulingIgnoredDuringExecution podAffinityTerm labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey weight requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key operator values matchLabels matchLabelKeys mismatchLabelKeys namespaceSelector matchExpressions key operator values matchLabels namespaces topologyKey.", - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", - "items": { - "type": "object" - }, - "type": "array" - }, - "dnsConfig": { - "description": "nameservers options name value searches.", - "type": "object" - }, - "dnsPolicy": { - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", - "type": "string" - }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", - "type": "boolean" - }, - "ephemeralContainers": { - "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce targetContainerName terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", - "items": { - "type": "object" - }, - "type": "array" - }, - "hostAliases": { - "description": "hostnames ip.", - "items": { - "type": "object" - }, - "type": "array" - }, - "hostIPC": { - "description": "Use the host's ipc namespace. Optional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.", - "type": "boolean" - }, - "hostPID": { - "description": "Use the host's pid namespace. Optional: Default to false.", - "type": "boolean" - }, - "hostUsers": { - "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" - }, - "hostname": { - "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod.", - "items": { - "type": "object" - }, - "type": "array" - }, - "initContainers": { - "description": "args command env name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name envFrom configMapRef name prefix secretRef name image imagePullPolicy enum: Always, IfNotPresent, Never lifecycle postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... livenessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds name ports containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP readinessProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds resizePolicy resourceName restartPolicy resources claims name request limits requests restartPolicy securityContext allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName startupProbe exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds stdin stdinOnce terminationMessagePath terminationMessagePolicy enum: FallbackToLogsOnError, File tty volumeDevices devicePath name volumeMounts mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr workingDir.", - "items": { - "type": "object" - }, - "type": "array" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename.", - "type": "string" - }, - "nodeSelector": { - "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/.", - "type": "object" - }, - "os": { - "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup.", - "type": "object" - }, - "overhead": { - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md.", - "type": "object" - }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", - "type": "string" - }, - "priority": { - "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", - "type": "integer" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", - "type": "string" - }, - "readinessGates": { - "description": "conditionType.", - "items": { - "type": "object" - }, - "type": "array" - }, - "resourceClaims": { - "description": "name resourceClaimName resourceClaimTemplateName.", - "items": { - "type": "object" - }, - "type": "array" - }, - "resources": { - "description": "claims name request limits requests.", - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy.", - "type": "string" - }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class.", - "type": "string" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", - "type": "string" - }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. SchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "items": { - "type": "object" - }, - "type": "array" - }, - "securityContext": { - "description": "appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined fsGroup fsGroupChangePolicy enum: Always, OnRootMismatch runAsGroup runAsNonRoot runAsUser seLinuxChangePolicy seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined supplementalGroups supplementalGroupsPolicy enum: Merge, Strict sysctls name value windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", - "type": "object" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", - "type": "boolean" - }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", - "type": "integer" - }, - "tolerations": { - "description": "effect enum: NoExecute, NoSchedule, PreferNoSchedule key operator enum: Equal, Exists tolerationSeconds value.", - "items": { - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "labelSelector matchExpressions key operator values matchLabels matchLabelKeys maxSkew minDomains nodeAffinityPolicy enum: Honor, Ignore nodeTaintsPolicy enum: Honor, Ignore topologyKey whenUnsatisfiable enum: DoNotSchedule, ScheduleAnyway.", - "items": { - "type": "object" - }, - "type": "array" - }, - "volumes": { - "description": "awsElasticBlockStore fsType partition readOnly volumeID azureDisk cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly azureFile readOnly secretName shareName cephfs monitors path readOnly secretFile secretRef name user cinder fsType readOnly secretRef name volumeID configMap defaultMode items key mode path name csi driver fsType nodePublishSecretRef name readOnly volumeAttributes downwardAPI defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource emptyDir medium sizeLimit ephemeral volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName fc fsType lun readOnly targetWWNs wwids flexVolume driver fsType options readOnly secretRef name flocker datasetName datasetUUID gcePersistentDisk fsType partition pdName readOnly gitRepo directory repository revision glusterfs endpoints path readOnly hostPath path type enum: \"\", BlockDevice, CharDevice, Directory, .... image pullPolicy enum: Always, IfNotPresent, Never reference iscsi chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal name nfs path readOnly server persistentVolumeClaim claimName readOnly photonPersistentDisk fsType pdID portworxVolume fsType readOnly volumeID projected defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path quobyte group readOnly registry tenant user volume rbd fsType image keyring monitors pool readOnly secretRef name user scaleIO fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName secret defaultMode items key mode path optional secretName storageos fsType readOnly secretRef name volumeName volumeNamespace vsphereVolume fsType storagePolicyID storagePolicyName volumePath.", - "items": { - "type": "object" - }, - "type": "array" - } - }, "required": [ - "containers" + "name" ], "type": "object" }, - "io.k8s.api.core.v1.PodStatus": { - "properties": { - "conditions": { - "description": "lastProbeTime lastTransitionTime message observedGeneration reason status type.", - "items": { - "type": "object" - }, - "type": "array" - }, - "containerStatuses": { - "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", - "items": { - "type": "object" - }, - "type": "array" - }, - "ephemeralContainerStatuses": { - "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", - "items": { - "type": "object" - }, - "type": "array" - }, - "hostIP": { - "type": "string" - }, - "hostIPs": { - "items": { - "type": "object" - }, - "type": "array" - }, - "initContainerStatuses": { - "description": "allocatedResources allocatedResourcesStatus name resources health resourceID containerID image imageID lastState running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason name ready resources claims name request limits requests restartCount started state running startedAt terminated containerID exitCode finishedAt message reason signal startedAt waiting message reason stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD, .... user linux gid supplementalGroups uid volumeMounts mountPath name readOnly recursiveReadOnly.", - "items": { - "type": "object" - }, - "type": "array" - }, - "message": { - "type": "string" - }, - "nominatedNodeName": { - "type": "string" - }, - "observedGeneration": { - "type": "integer" - }, - "phase": { - "type": "string" - }, - "podIP": { - "type": "string" - }, - "podIPs": { - "items": { - "type": "object" - }, - "type": "array" - }, - "qosClass": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "resize": { - "type": "string" - }, - "resourceClaimStatuses": { - "description": "name resourceClaimName.", - "items": { - "type": "object" - }, - "type": "array" - }, - "startTime": { - "type": "string" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.core.v1.PortStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.ReplicationControllerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.ResourceQuotaStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.core.v1.ResourceRequirements": { + "io.k8s.api.core.v1.VolumeMount": { "properties": { "args": { "items": { @@ -102070,666 +94015,45 @@ ], "type": "object" }, - "io.k8s.api.core.v1.ResourceStatus": { + "io.k8s.api.core.v1.VolumeMountStatus": { "additionalProperties": true, "type": "object" }, - "io.k8s.api.core.v1.SecretData": { - "properties": {}, - "required": [], + "io.k8s.api.extensions.v1beta1.ScaleStatus": { + "additionalProperties": true, "type": "object" }, - "io.k8s.api.core.v1.SecretVolumeSource": { + "io.k8s.api.flowcontrol.v1.FlowSchemaStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.flowcontrol.v1.PriorityLevelConfigurationStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressLoadBalancerStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressPortStatus": { + "additionalProperties": true, + "type": "object" + }, + "io.k8s.api.networking.v1.IngressSpec": { "properties": { - "awsElasticBlockStore": { - "description": "fsType partition readOnly volumeID.", - "type": "object" - }, - "azureDisk": { - "description": "cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly.", + "defaultBackend": { + "description": "resource apiGroup kind name service name port name number.", "type": "object" }, - "azureFile": { - "description": "readOnly secretName shareName.", - "type": "object" + "ingressClassName": { + "type": "string" }, - "cephfs": { - "description": "monitors path readOnly secretFile secretRef name user.", - "type": "object" - }, - "cinder": { - "description": "fsType readOnly secretRef name volumeID.", - "type": "object" - }, - "configMap": { - "description": "defaultMode items key mode path name.", - "type": "object" - }, - "csi": { - "description": "driver fsType nodePublishSecretRef name readOnly volumeAttributes.", - "type": "object" - }, - "downwardAPI": { - "description": "defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource.", - "type": "object" - }, - "emptyDir": { - "description": "medium sizeLimit.", - "type": "object" - }, - "ephemeral": { - "description": "volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName.", - "type": "object" - }, - "fc": { - "description": "fsType lun readOnly targetWWNs wwids.", - "type": "object" - }, - "flexVolume": { - "description": "driver fsType options readOnly secretRef name.", - "type": "object" - }, - "flocker": { - "description": "datasetName datasetUUID.", - "type": "object" - }, - "gcePersistentDisk": { - "description": "fsType partition pdName readOnly.", - "type": "object" - }, - "gitRepo": { - "description": "directory repository revision.", - "type": "object" - }, - "glusterfs": { - "description": "endpoints path readOnly.", - "type": "object" - }, - "hostPath": { - "description": "path type enum: \"\", BlockDevice, CharDevice, Directory.", - "type": "object" - }, - "image": { - "description": "pullPolicy enum: Always, IfNotPresent, Never reference.", - "type": "object" - }, - "iscsi": { - "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal.", - "type": "object" - }, - "name": { - "type": "string" - }, - "nfs": { - "description": "path readOnly server.", - "type": "object" - }, - "persistentVolumeClaim": { - "description": "claimName readOnly.", - "type": "object" - }, - "photonPersistentDisk": { - "description": "fsType pdID.", - "type": "object" - }, - "portworxVolume": { - "description": "fsType readOnly volumeID.", - "type": "object" - }, - "projected": { - "description": "defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path.", - "type": "object" - }, - "quobyte": { - "description": "group readOnly registry tenant user volume.", - "type": "object" - }, - "rbd": { - "description": "fsType image keyring monitors pool readOnly secretRef name user.", - "type": "object" - }, - "scaleIO": { - "description": "fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName.", - "type": "object" - }, - "secret": { - "description": "defaultMode items key mode path optional secretName.", - "type": "object" - }, - "storageos": { - "description": "fsType readOnly secretRef name volumeName volumeNamespace.", - "type": "object" - }, - "vsphereVolume": { - "description": "fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.core.v1.SecurityContext": { - "properties": { - "args": { - "items": { - "type": "string" - }, - "type": "array" - }, - "command": { - "items": { - "type": "string" - }, - "type": "array" - }, - "env": { - "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "description": "configMapRef name prefix secretRef name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "lifecycle": { - "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", - "type": "object" - }, - "livenessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "name": { - "type": "string" - }, - "ports": { - "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", - "items": { - "type": "object" - }, - "type": "array" - }, - "readinessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "resizePolicy": { - "description": "resourceName restartPolicy.", - "items": { - "type": "object" - }, - "type": "array" - }, - "resources": { - "description": "claims name request limits requests.", - "type": "object" - }, - "restartPolicy": { - "type": "string" - }, - "securityContext": { - "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", - "type": "object" - }, - "startupProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { - "type": "string" - }, - "terminationMessagePolicy": { - "type": "string" - }, - "tty": { - "type": "boolean" - }, - "volumeDevices": { - "description": "devicePath name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "volumeMounts": { - "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", - "items": { - "type": "object" - }, - "type": "array" - }, - "workingDir": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.core.v1.ServiceSpec": { - "properties": { - "allocateLoadBalancerNodePorts": { - "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", - "type": "boolean" - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", - "type": "string" - }, - "clusterIPs": { - "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalName": { - "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", - "type": "integer" - }, - "internalTrafficPolicy": { - "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", - "type": "string" - }, - "ipFamilies": { - "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ipFamilyPolicy": { - "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.", - "type": "string" - }, - "loadBalancerClass": { - "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ports": { - "description": "appProtocol name nodePort port protocol enum: SCTP, TCP, UDP targetPort.", - "items": { - "type": "object" - }, - "type": "array" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", - "type": "boolean" - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/.", - "type": "object" - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies.", - "type": "string" - }, - "sessionAffinityConfig": { - "description": "clientIP timeoutSeconds.", - "type": "object" - }, - "trafficDistribution": { - "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", - "type": "string" - }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types.", - "type": "string" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.core.v1.ServiceStatus": { - "properties": { - "conditions": { - "description": "lastTransitionTime message observedGeneration reason status type.", - "items": { - "type": "object" - }, - "type": "array" - }, - "loadBalancer": { - "description": "ingress hostname ip ipMode ports error port protocol enum: SCTP, TCP, UDP.", - "type": "object" - } - }, - "required": [], - "type": "object" - }, - "io.k8s.api.core.v1.Volume": { - "properties": { - "awsElasticBlockStore": { - "description": "fsType partition readOnly volumeID.", - "type": "object" - }, - "azureDisk": { - "description": "cachingMode enum: None, ReadOnly, ReadWrite diskName diskURI fsType kind enum: Dedicated, Managed, Shared readOnly.", - "type": "object" - }, - "azureFile": { - "description": "readOnly secretName shareName.", - "type": "object" - }, - "cephfs": { - "description": "monitors path readOnly secretFile secretRef name user.", - "type": "object" - }, - "cinder": { - "description": "fsType readOnly secretRef name volumeID.", - "type": "object" - }, - "configMap": { - "description": "defaultMode items key mode path name.", - "type": "object" - }, - "csi": { - "description": "driver fsType nodePublishSecretRef name readOnly volumeAttributes.", - "type": "object" - }, - "downwardAPI": { - "description": "defaultMode items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource.", - "type": "object" - }, - "emptyDir": { - "description": "medium sizeLimit.", - "type": "object" - }, - "ephemeral": { - "description": "volumeClaimTemplate metadata annotations creationTimestamp deletionGracePeriodSeconds deletionTimestamp finalizers generateName generation labels managedFields apiVersion fieldsType fieldsV1 manager operation subresource time name namespace ownerReferences apiVersion blockOwnerDeletion controller kind name uid resourceVersion selfLink uid spec accessModes dataSource apiGroup kind name dataSourceRef apiGroup kind name namespace resources limits requests selector matchExpressions key operator values matchLabels storageClassName volumeAttributesClassName volumeMode enum: Block, Filesystem volumeName.", - "type": "object" - }, - "fc": { - "description": "fsType lun readOnly targetWWNs wwids.", - "type": "object" - }, - "flexVolume": { - "description": "driver fsType options readOnly secretRef name.", - "type": "object" - }, - "flocker": { - "description": "datasetName datasetUUID.", - "type": "object" - }, - "gcePersistentDisk": { - "description": "fsType partition pdName readOnly.", - "type": "object" - }, - "gitRepo": { - "description": "directory repository revision.", - "type": "object" - }, - "glusterfs": { - "description": "endpoints path readOnly.", - "type": "object" - }, - "hostPath": { - "description": "path type enum: \"\", BlockDevice, CharDevice, Directory.", - "type": "object" - }, - "image": { - "description": "pullPolicy enum: Always, IfNotPresent, Never reference.", - "type": "object" - }, - "iscsi": { - "description": "chapAuthDiscovery chapAuthSession fsType initiatorName iqn iscsiInterface lun portals readOnly secretRef name targetPortal.", - "type": "object" - }, - "name": { - "type": "string" - }, - "nfs": { - "description": "path readOnly server.", - "type": "object" - }, - "persistentVolumeClaim": { - "description": "claimName readOnly.", - "type": "object" - }, - "photonPersistentDisk": { - "description": "fsType pdID.", - "type": "object" - }, - "portworxVolume": { - "description": "fsType readOnly volumeID.", - "type": "object" - }, - "projected": { - "description": "defaultMode sources clusterTrustBundle labelSelector matchExpressions key operator values matchLabels name path signerName configMap items key mode path name downwardAPI items fieldRef apiVersion fieldPath mode path resourceFieldRef containerName divisor resource secret items key mode path name serviceAccountToken audience expirationSeconds path.", - "type": "object" - }, - "quobyte": { - "description": "group readOnly registry tenant user volume.", - "type": "object" - }, - "rbd": { - "description": "fsType image keyring monitors pool readOnly secretRef name user.", - "type": "object" - }, - "scaleIO": { - "description": "fsType gateway protectionDomain readOnly secretRef name sslEnabled storageMode storagePool system volumeName.", - "type": "object" - }, - "secret": { - "description": "defaultMode items key mode path optional secretName.", - "type": "object" - }, - "storageos": { - "description": "fsType readOnly secretRef name volumeName volumeNamespace.", - "type": "object" - }, - "vsphereVolume": { - "description": "fsType storagePolicyID storagePolicyName volumePath.", - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.core.v1.VolumeMount": { - "properties": { - "args": { - "items": { - "type": "string" - }, - "type": "array" - }, - "command": { - "items": { - "type": "string" - }, - "type": "array" - }, - "env": { - "description": "name value valueFrom configMapKeyRef key name fieldRef apiVersion fieldPath resourceFieldRef containerName divisor resource secretKeyRef key name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "description": "configMapRef name prefix secretRef name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "lifecycle": { - "description": "postStart exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port preStop exec command httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS sleep seconds tcpSocket host port stopSignal enum: SIGABRT, SIGALRM, SIGBUS, SIGCHLD.", - "type": "object" - }, - "livenessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "name": { - "type": "string" - }, - "ports": { - "description": "containerPort hostIP hostPort name protocol enum: SCTP, TCP, UDP.", - "items": { - "type": "object" - }, - "type": "array" - }, - "readinessProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "resizePolicy": { - "description": "resourceName restartPolicy.", - "items": { - "type": "object" - }, - "type": "array" - }, - "resources": { - "description": "claims name request limits requests.", - "type": "object" - }, - "restartPolicy": { - "type": "string" - }, - "securityContext": { - "description": "allowPrivilegeEscalation appArmorProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined capabilities add drop privileged procMount enum: Default, Unmasked readOnlyRootFilesystem runAsGroup runAsNonRoot runAsUser seLinuxOptions level role type user seccompProfile localhostProfile type enum: Localhost, RuntimeDefault, Unconfined windowsOptions gmsaCredentialSpec gmsaCredentialSpecName hostProcess runAsUserName.", - "type": "object" - }, - "startupProbe": { - "description": "exec command failureThreshold grpc port service httpGet host httpHeaders name value path port scheme enum: HTTP, HTTPS initialDelaySeconds periodSeconds successThreshold tcpSocket host port terminationGracePeriodSeconds timeoutSeconds.", - "type": "object" - }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { - "type": "string" - }, - "terminationMessagePolicy": { - "type": "string" - }, - "tty": { - "type": "boolean" - }, - "volumeDevices": { - "description": "devicePath name.", - "items": { - "type": "object" - }, - "type": "array" - }, - "volumeMounts": { - "description": "mountPath mountPropagation enum: Bidirectional, HostToContainer, None name readOnly recursiveReadOnly subPath subPathExpr.", - "items": { - "type": "object" - }, - "type": "array" - }, - "workingDir": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "io.k8s.api.core.v1.VolumeMountStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.extensions.v1beta1.ScaleStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.flowcontrol.v1.FlowSchemaStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.flowcontrol.v1.PriorityLevelConfigurationStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.networking.v1.IngressLoadBalancerStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.networking.v1.IngressPortStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.networking.v1.IngressSpec": { - "properties": { - "defaultBackend": { - "description": "resource apiGroup kind name service name port name number.", - "type": "object" - }, - "ingressClassName": { - "type": "string" - }, - "rules": { - "description": "host http paths backend resource apiGroup kind name service name port name number path pathType enum: Exact, ImplementationSpecific, Prefix.", - "items": { - "type": "object" - }, - "type": "array" + "rules": { + "description": "host http paths backend resource apiGroup kind name service name port name number path pathType enum: Exact, ImplementationSpecific, Prefix.", + "items": { + "type": "object" + }, + "type": "array" }, "tls": { "description": "hosts secretName.", @@ -102792,14 +94116,6 @@ "additionalProperties": true, "type": "object" }, - "io.k8s.api.resource.v1beta1.AllocatedDeviceStatus": { - "additionalProperties": true, - "type": "object" - }, - "io.k8s.api.resource.v1beta1.ResourceClaimStatus": { - "additionalProperties": true, - "type": "object" - }, "io.k8s.api.storage.v1.VolumeAttachmentStatus": { "additionalProperties": true, "type": "object" @@ -103714,13 +95030,78 @@ "type": "object" }, "status": { + "description": "IPAMClaimStatus contains the observed status of the IPAMClaim.", "properties": { + "conditions": { + "description": "Conditions contains details for one aspect of the current state of this API Resource", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, "ips": { "description": "The list of IP addresses (v4, v6) that were allocated for the pod interface", "items": { "type": "string" }, "type": "array" + }, + "ownerPod": { + "description": "The name of the pod holding the IPAMClaim", + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" } }, "required": [ @@ -104159,6 +95540,43 @@ "layer2": { "description": "Layer2 is the Layer2 topology configuration.", "properties": { + "defaultGatewayIPs": { + "description": "defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.\n\nDual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.\nThis field is only allowed for \"Primary\" network.\nIt is not recommended to set this field without explicit need and understanding of the OVN network topology.\nWhen omitted, an IP from the subnets field is used.", + "items": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "IP is invalid", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "When 2 IPs are set, they must be from different IP families", + "rule": "size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) || ip(self[0]).family() != ip(self[1]).family()" + } + ] + }, + "infrastructureSubnets": { + "description": "infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.\nAny IP addresses within these ranges cannot be assigned to workloads.\nWhen omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.\nWhen there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.\nWhen `reservedSubnets` is also specified the CIDRs cannot overlap.\nWhen `defaultGatewayIPs` is also specified, the default gateway IPs must belong to one of the infrastructure subnet CIDRs.\nEach item should be in range of the specified CIDR(s) in `subnets`.\nThe maximum number of entries allowed is 4.\nThe format should match standard CIDR notation (for example, \"10.128.0.0/16\").\nThis field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.", + "items": { + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "CIDR is invalid", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 4, + "minItems": 1, + "type": "array" + }, "ipam": { "description": "IPAM section contains IPAM-related configuration for the network.", "minProperties": 1, @@ -104216,6 +95634,22 @@ "minimum": 576, "type": "integer" }, + "reservedSubnets": { + "description": "reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.\nreservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.\nIPs from these ranges can still be requested through static IP assignment.\nEach item should be in range of the specified CIDR(s) in `subnets`.\nThe maximum number of entries allowed is 25.\nThe format should match standard CIDR notation (for example, \"10.128.0.0/16\").\nThis field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.", + "items": { + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "CIDR is invalid", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 25, + "minItems": 1, + "type": "array" + }, "role": { "description": "Role describes the network role in the pod.\n\nAllowed value is \"Secondary\".\nSecondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network.", "enum": [ @@ -104271,6 +95705,60 @@ { "message": "MTU should be greater than or equal to 1280 when IPv6 subnet is used", "rule": "!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280" + }, + { + "message": "defaultGatewayIPs is only supported for Primary network", + "rule": "!has(self.defaultGatewayIPs) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "defaultGatewayIPs must belong to one of the subnets specified in the subnets field", + "rule": "!has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))" + }, + { + "message": "defaultGatewayIPs must be specified for all IP families", + "rule": "!has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs) == size(self.subnets)" + }, + { + "message": "reservedSubnets must be unset when subnets is unset", + "rule": "!has(self.reservedSubnets) || has(self.subnets)" + }, + { + "message": "reservedSubnets is only supported for Primary network", + "rule": "!has(self.reservedSubnets) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "infrastructureSubnets must be unset when subnets is unset", + "rule": "!has(self.infrastructureSubnets) || has(self.subnets)" + }, + { + "message": "infrastructureSubnets is only supported for Primary network", + "rule": "!has(self.infrastructureSubnets) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "defaultGatewayIPs have to belong to infrastructureSubnets", + "rule": "!has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet, cidr(subnet).containsIP(ip)))" + }, + { + "fieldPath": ".reservedSubnets", + "message": "reservedSubnets must be subnetworks of the networks specified in the subnets field", + "rule": "!has(self.reservedSubnets) || self.reservedSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))" + }, + { + "fieldPath": ".infrastructureSubnets", + "message": "infrastructureSubnets must be subnetworks of the networks specified in the subnets field", + "rule": "!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))" + }, + { + "message": "infrastructureSubnets and reservedSubnets must not overlap", + "rule": "!has(self.infrastructureSubnets) || !has(self.reservedSubnets) || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved, cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))" + }, + { + "message": "infrastructureSubnets must be a masked network address (no host bits set)", + "rule": "!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())" + }, + { + "message": "reservedSubnets must be a masked network address (no host bits set)", + "rule": "!has(self.reservedSubnets) || self.reservedSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())" } ] }, @@ -105494,6 +96982,43 @@ "layer2": { "description": "Layer2 is the Layer2 topology configuration.", "properties": { + "defaultGatewayIPs": { + "description": "defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.\n\nDual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.\nThis field is only allowed for \"Primary\" network.\nIt is not recommended to set this field without explicit need and understanding of the OVN network topology.\nWhen omitted, an IP from the subnets field is used.", + "items": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "IP is invalid", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "When 2 IPs are set, they must be from different IP families", + "rule": "size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) || ip(self[0]).family() != ip(self[1]).family()" + } + ] + }, + "infrastructureSubnets": { + "description": "infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.\nAny IP addresses within these ranges cannot be assigned to workloads.\nWhen omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.\nWhen there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.\nWhen `reservedSubnets` is also specified the CIDRs cannot overlap.\nWhen `defaultGatewayIPs` is also specified, the default gateway IPs must belong to one of the infrastructure subnet CIDRs.\nEach item should be in range of the specified CIDR(s) in `subnets`.\nThe maximum number of entries allowed is 4.\nThe format should match standard CIDR notation (for example, \"10.128.0.0/16\").\nThis field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.", + "items": { + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "CIDR is invalid", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 4, + "minItems": 1, + "type": "array" + }, "ipam": { "description": "IPAM section contains IPAM-related configuration for the network.", "minProperties": 1, @@ -105551,6 +97076,22 @@ "minimum": 576, "type": "integer" }, + "reservedSubnets": { + "description": "reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.\nreservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.\nIPs from these ranges can still be requested through static IP assignment.\nEach item should be in range of the specified CIDR(s) in `subnets`.\nThe maximum number of entries allowed is 25.\nThe format should match standard CIDR notation (for example, \"10.128.0.0/16\").\nThis field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.", + "items": { + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "CIDR is invalid", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 25, + "minItems": 1, + "type": "array" + }, "role": { "description": "Role describes the network role in the pod.\n\nAllowed value is \"Secondary\".\nSecondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network.", "enum": [ @@ -105606,6 +97147,60 @@ { "message": "MTU should be greater than or equal to 1280 when IPv6 subent is used", "rule": "!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280" + }, + { + "message": "defaultGatewayIPs is only supported for Primary network", + "rule": "!has(self.defaultGatewayIPs) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "defaultGatewayIPs must belong to one of the subnets specified in the subnets field", + "rule": "!has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))" + }, + { + "message": "defaultGatewayIPs must be specified for all IP families", + "rule": "!has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs) == size(self.subnets)" + }, + { + "message": "reservedSubnets must be unset when subnets is unset", + "rule": "!has(self.reservedSubnets) || has(self.subnets)" + }, + { + "message": "reservedSubnets is only supported for Primary network", + "rule": "!has(self.reservedSubnets) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "infrastructureSubnets must be unset when subnets is unset", + "rule": "!has(self.infrastructureSubnets) || has(self.subnets)" + }, + { + "message": "infrastructureSubnets is only supported for Primary network", + "rule": "!has(self.infrastructureSubnets) || has(self.role) && self.role == 'Primary'" + }, + { + "message": "defaultGatewayIPs have to belong to infrastructureSubnets", + "rule": "!has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet, cidr(subnet).containsIP(ip)))" + }, + { + "fieldPath": ".reservedSubnets", + "message": "reservedSubnets must be subnetworks of the networks specified in the subnets field", + "rule": "!has(self.reservedSubnets) || self.reservedSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))" + }, + { + "fieldPath": ".infrastructureSubnets", + "message": "infrastructureSubnets must be subnetworks of the networks specified in the subnets field", + "rule": "!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e, self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))" + }, + { + "message": "infrastructureSubnets and reservedSubnets must not overlap", + "rule": "!has(self.infrastructureSubnets) || !has(self.reservedSubnets) || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved, cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))" + }, + { + "message": "infrastructureSubnets must be a masked network address (no host bits set)", + "rule": "!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())" + }, + { + "message": "reservedSubnets must be a masked network address (no host bits set)", + "rule": "!has(self.reservedSubnets) || self.reservedSubnets.all(s, isCIDR(s) && cidr(s) == cidr(s).masked())" } ] }, @@ -106217,6 +97812,7 @@ }, "memoryOvercommit": { "description": "MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount\ngiven to its parent pod (virt-launcher). For example, a value of 102 means the VMI will\n\"see\" 2% more memory than its parent pod. Values under 100 are effectively \"undercommits\".\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 100", + "minimum": 10, "type": "integer" }, "minimumClusterTSCFrequency": { @@ -109235,6 +100831,16 @@ "description": "ImageStream is the name of image stream for import", "type": "string" }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, "pullMethod": { "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", "type": "string" @@ -109300,6 +100906,10 @@ "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", "type": "string" }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, "initImageURL": { "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", "type": "string" @@ -109574,7 +101184,7 @@ "type": "object" }, "runStrategy": { - "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", + "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running\nFollowing are allowed values:\n- \"Always\": VMI should always be running.\n- \"Halted\": VMI should never be running.\n- \"Manual\": VMI can be started/stopped using API endpoints.\n- \"RerunOnFailure\": VMI will initially be running and restarted if a failure occurs, but will not be restarted upon successful completion.\n- \"Once\": VMI will run once and not be restarted upon completion regardless if the completion is of phase Failure or Success.", "type": "string" }, "running": { @@ -123160,6 +114770,7 @@ }, "memoryOvercommit": { "description": "MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount\ngiven to its parent pod (virt-launcher). For example, a value of 102 means the VMI will\n\"see\" 2% more memory than its parent pod. Values under 100 are effectively \"undercommits\".\nOvercommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.\nDefaults to 100", + "minimum": 10, "type": "integer" }, "minimumClusterTSCFrequency": { @@ -126178,6 +117789,16 @@ "description": "ImageStream is the name of image stream for import", "type": "string" }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, "pullMethod": { "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", "type": "string" @@ -126243,6 +117864,10 @@ "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", "type": "string" }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, "initImageURL": { "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", "type": "string" @@ -126517,7 +118142,7 @@ "type": "object" }, "runStrategy": { - "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", + "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running\nFollowing are allowed values:\n- \"Always\": VMI should always be running.\n- \"Halted\": VMI should never be running.\n- \"Manual\": VMI can be started/stopped using API endpoints.\n- \"RerunOnFailure\": VMI will initially be running and restarted if a failure occurs, but will not be restarted upon successful completion.\n- \"Once\": VMI will run once and not be restarted upon completion regardless if the completion is of phase Failure or Success.", "type": "string" }, "running": { @@ -139745,8 +131370,8 @@ } ] }, - "leaderworkerset.x-k8s.io/v1/LeaderWorkerSet": { - "description": "LeaderWorkerSet is the Schema for the leaderworkersets API", + "local.storage.openshift.io/v1/LocalVolume": { + "description": "LocalVolume is the Schema for the localvolumes API", "namespaced": true, "properties": { "apiVersion": { @@ -139766,1636 +131391,1273 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "One group consists of a single leader and M workers, and the total number of pods in a group is M+1.\nLeaderWorkerSet will create N replicas of leader-worker pod groups (hereinafter referred to as group).\n\nEach group has a unique index between 0 and N-1. We call this the leaderIndex.\nThe leaderIndex is used to uniquely name the leader pod of each group in the following format:\nleaderWorkerSetName-leaderIndex. This is considered as the name of the group too.\n\nEach worker pod in the group has a unique workerIndex between 1 and M. The leader also\ngets a workerIndex, and it is always set to 0.\nWorker pods are named using the format: leaderWorkerSetName-leaderIndex-workerIndex.", + "description": "LocalVolumeSpec defines the desired state of LocalVolume", "properties": { - "leaderWorkerTemplate": { - "description": "LeaderWorkerTemplate defines the template for leader/worker pods", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "nodeSelector": { + "description": "Nodes on which the provisoner must run", "properties": { - "leaderTemplate": { - "description": "LeaderTemplate defines the pod template for leader pods.", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", - "format": "int64", - "type": "integer" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassDevices": { + "description": "List of storage class and devices they can match", + "items": { + "description": "StorageClassDevice returns device configuration", + "properties": { + "devicePaths": { + "description": "A list of device paths which would be chosen for local storage.\nFor example - [\"/dev/sda\", \"/dev/sdb\", \"/dev/disk/by-id/ata-crucial\"]", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceWipeDevicesAndDestroyAllData": { + "description": "This option will destroy all leftover data on the devices before they're used as PersistentVolumes. Use with care.", + "type": "boolean" + }, + "fsType": { + "description": "File system type", + "type": "string" + }, + "storageClassName": { + "description": "StorageClass name to use for set of matched devices", + "type": "string" + }, + "volumeMode": { + "description": "Volume mode. Raw or with file system", + "type": "string" + } + }, + "required": [ + "storageClassName" + ], + "type": "object" + }, + "type": "array" + }, + "tolerations": { + "description": "If specified, a list of tolerations to pass to the diskmaker and provisioner DaemonSets.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "LocalVolumeStatus defines the observed state of LocalVolume", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions and their status.", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array" + }, + "managementState": { + "description": "state indicates what the operator has observed to be its current operational status.", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the last generation of this object that\nthe operator has acted on.", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "readyReplicas" + ], + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolume", + "version": "v1" + } + ] + }, + "local.storage.openshift.io/v1/LocalVolumeList": { + "description": "LocalVolumeList is a list of LocalVolume", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of localvolumes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.local.v1.LocalVolume" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeList", + "version": "v1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeDiscovery": { + "description": "LocalVolumeDiscovery is the Schema for the localvolumediscoveries API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "LocalVolumeDiscoverySpec defines the desired state of LocalVolumeDiscovery", + "properties": { + "nodeSelector": { + "description": "Nodes on which the automatic detection policies must run.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tolerations": { + "description": "If specified tolerations is the list of toleration that is passed to the\nLocalVolumeDiscovery Daemon", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "LocalVolumeDiscoveryStatus defines the observed state of LocalVolumeDiscovery", + "properties": { + "conditions": { + "description": "Conditions are the list of conditions and their status.", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change the operator has dealt with", + "format": "int64", + "type": "integer" + }, + "phase": { + "description": "Phase represents the current phase of discovery process\nThis is used by the OLM UI to provide status information\nto the user", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeDiscovery", + "version": "v1alpha1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryList": { + "description": "LocalVolumeDiscoveryList is a list of LocalVolumeDiscovery", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of localvolumediscoveries. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeDiscovery" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeDiscoveryList", + "version": "v1alpha1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryResult": { + "description": "LocalVolumeDiscoveryResult is the Schema for the localvolumediscoveryresults API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "LocalVolumeDiscoveryResultSpec defines the desired state of LocalVolumeDiscoveryResult", + "properties": { + "nodeName": { + "description": "Node on which the devices are discovered", + "type": "string" + } + }, + "required": [ + "nodeName" + ], + "type": "object" + }, + "status": { + "description": "LocalVolumeDiscoveryResultStatus defines the observed state of LocalVolumeDiscoveryResult", + "properties": { + "discoveredDevices": { + "description": "DiscoveredDevices contains the list of devices on which LSO\nis capable of creating LocalPVs\nThe devices in this list qualify these following conditions.\n- it should be a non-removable device.\n- it should not be a read-only device.\n- it should not be mounted anywhere\n- it should not be a boot device\n- it should not have child partitions", + "items": { + "description": "DiscoveredDevice shows the list of discovered devices with their properties", + "properties": { + "deviceID": { + "description": "DeviceID represents the persistent name of the device. For eg, /dev/disk/by-id/...", + "type": "string" + }, + "fstype": { + "description": "FSType represents the filesystem available on the device", + "type": "string" + }, + "model": { + "description": "Model of the discovered device", + "type": "string" + }, + "path": { + "description": "Path represents the device path. For eg, /dev/sdb", + "type": "string" + }, + "property": { + "description": "Property represents whether the device type is rotational or not", + "type": "string" + }, + "serial": { + "description": "Serial number of the disk", + "type": "string" + }, + "size": { + "description": "Size of the discovered device", + "format": "int64", + "type": "integer" + }, + "status": { + "description": "Status defines whether the device is available for use or not", + "properties": { + "state": { + "description": "State shows the availability of the device", + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object" + }, + "type": { + "description": "Type of the discovered device", + "type": "string" + }, + "vendor": { + "description": "Vendor of the discovered device", + "type": "string" + } + }, + "required": [ + "deviceID", + "fstype", + "model", + "path", + "property", + "serial", + "size", + "status", + "type", + "vendor" + ], + "type": "object" + }, + "type": "array" + }, + "discoveredTimeStamp": { + "description": "DiscoveredTimeStamp is the last timestamp when the list of discovered devices was updated", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeDiscoveryResult", + "version": "v1alpha1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryResultList": { + "description": "LocalVolumeDiscoveryResultList is a list of LocalVolumeDiscoveryResult", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of localvolumediscoveryresults. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeDiscoveryResult" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeDiscoveryResultList", + "version": "v1alpha1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeSet": { + "description": "LocalVolumeSet is the Schema for the localvolumesets API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "LocalVolumeSetSpec defines the desired state of LocalVolumeSet", + "properties": { + "deviceInclusionSpec": { + "description": "DeviceInclusionSpec is the filtration rule for including a device in the device discovery", + "properties": { + "deviceMechanicalProperties": { + "description": "DeviceMechanicalProperty denotes whether Rotational or NonRotational disks should be used.\nby default, it selects both", + "items": { + "description": "DeviceMechanicalProperty holds the device's mechanical spec. It can be rotational or nonRotational", + "type": "string" + }, + "type": "array" + }, + "deviceTypes": { + "description": "Devices is the list of devices that should be used for automatic detection.\nThis would be one of the types supported by the local-storage operator.\nCurrently, the supported types are: disk, part, loop, mpath.\nIf the list is empty only `disk` types will be selected.", + "items": { + "description": "DeviceType is the types that will be supported by the LSO.", + "type": "string" + }, + "type": "array" + }, + "maxSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxSize is the maximum size of the device which needs to be included", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "minSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MinSize is the minimum size of the device which needs to be included. Defaults to `1Gi` if empty", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "models": { + "description": "Models is a list of device models. If not empty, the device's model as outputted by lsblk needs\nto contain at least one of these strings.", + "items": { + "type": "string" + }, + "type": "array" + }, + "vendors": { + "description": "Vendors is a list of device vendors. If not empty, the device's model as outputted by lsblk needs\nto contain at least one of these strings.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "fsType": { + "description": "FSType type to create when volumeMode is Filesystem", + "type": "string" + }, + "maxDeviceCount": { + "description": "MaxDeviceCount is the maximum number of Devices that needs to be detected per node.\nIf it is not specified, there will be no limit to the number of provisioned devices.", + "format": "int32", + "type": "integer" + }, + "nodeSelector": { + "description": "Nodes on which the automatic detection policies must run.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "StorageClassName to use for set of matched devices", + "type": "string" + }, + "tolerations": { + "description": "If specified, a list of tolerations to pass to the discovery daemons.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumeMode": { + "description": "VolumeMode determines whether the PV created is Block or Filesystem.\nIt will default to Filesystem.", + "type": "string" + } + }, + "required": [ + "storageClassName" + ], + "type": "object" + }, + "status": { + "description": "LocalVolumeSetStatus defines the observed state of LocalVolumeSet", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions and their status.", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change the operator has dealt with", + "format": "int64", + "type": "integer" + }, + "totalProvisionedDeviceCount": { + "description": "TotalProvisionedDeviceCount is the count of the total devices over which the PVs has been provisioned", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeSet", + "version": "v1alpha1" + } + ] + }, + "local.storage.openshift.io/v1alpha1/LocalVolumeSetList": { + "description": "LocalVolumeSetList is a list of LocalVolumeSet", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of localvolumesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeSet" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "local.storage.openshift.io", + "kind": "LocalVolumeSetList", + "version": "v1alpha1" + } + ] + }, + "machine.openshift.io/v1/ControlPlaneMachineSet": { + "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time.\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", + "properties": { + "machineNamePrefix": { + "description": "machineNamePrefix is the prefix used when creating machine names.\nEach machine name will consist of this prefix, followed by\na randomly generated string of 5 characters, and the index of the machine.\nIt must be a lowercase RFC 1123 subdomain, consisting of lowercase\nalphanumeric characters, hyphens ('-'), and periods ('.').\nEach block, separated by periods, must start and end with an alphanumeric character.\nHyphens are not allowed at the start or end of a block, and consecutive periods are not permitted.\nThe prefix must be between 1 and 245 characters in length.\nFor example, if machineNamePrefix is set to 'control-plane',\nand three machines are created, their names might be:\ncontrol-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", + "maxLength": 245, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + }, + "replicas": { + "default": 3, + "description": "replicas defines how many Control Plane Machines should be\ncreated by this ControlPlaneMachineSet.\nThis field is immutable and cannot be changed after cluster\ninstallation.\nThe ControlPlaneMachineSet only operates with 3 or 5 node control planes,\n3 and 5 are the only valid values for this field.", + "enum": [ + 3, + 5 + ], + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "replicas is immutable", + "rule": "self == oldSelf" + } + ] + }, + "selector": { + "description": "Label selector for Machines. Existing Machines selected by this\nselector will be the ones affected by this ControlPlaneMachineSet.\nIt must match the template's labels.\nThis field is considered immutable after creation of the resource.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "selector is immutable", + "rule": "self == oldSelf" + } + ] + }, + "state": { + "default": "Inactive", + "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive.\nWhen Inactive, the ControlPlaneMachineSet will not take any action on the\nstate of the Machines within the cluster.\nWhen Active, the ControlPlaneMachineSet will reconcile the Machines and\nwill update the Machines as necessary.\nOnce Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent\nfurther action please remove the ControlPlaneMachineSet.", + "enum": [ + "Active", + "Inactive" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "state cannot be changed once Active", + "rule": "oldSelf != 'Active' || self == oldSelf" + } + ] + }, + "strategy": { + "default": { + "type": "RollingUpdate" + }, + "description": "strategy defines how the ControlPlaneMachineSet will update\nMachines when it detects a change to the ProviderSpec.", + "properties": { + "type": { + "default": "RollingUpdate", + "description": "type defines the type of update strategy that should be\nused when updating Machines owned by the ControlPlaneMachineSet.\nValid values are \"RollingUpdate\" and \"OnDelete\".\nThe current default value is \"RollingUpdate\".", + "enum": [ + "RollingUpdate", + "OnDelete" + ], + "type": "string" + } + }, + "type": "object" + }, + "template": { + "description": "template describes the Control Plane Machines that will be created\nby this ControlPlaneMachineSet.", + "properties": { + "machineType": { + "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet.\nCurrently, the only valid value is machines_v1beta1_machine_openshift_io.", + "enum": [ + "machines_v1beta1_machine_openshift_io" + ], + "type": "string" + }, + "machines_v1beta1_machine_openshift_io": { + "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines\nfrom the v1beta1.machine.openshift.io API group.", + "properties": { + "failureDomains": { + "description": "failureDomains is the list of failure domains (sometimes called\navailability zones) in which the ControlPlaneMachineSet should balance\nthe Control Plane Machines.\nThis will be merged into the ProviderSpec given in the template.\nThis field is optional on platforms that do not require placement information.", + "properties": { + "aws": { + "description": "aws configures failure domain information for the AWS platform.", + "items": { + "description": "AWSFailureDomain configures failure domain information for the AWS platform.", + "minProperties": 1, + "properties": { + "placement": { + "description": "placement configures the placement information for this instance.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "availabilityZone": { + "description": "availabilityZone is the availability zone of the instance.", + "type": "string" } }, + "required": [ + "availabilityZone" + ], "type": "object" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "subnet": { + "description": "subnet is a reference to the subnet to use for this instance.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "arn": { + "description": "arn of resource.", + "type": "string" + }, + "filters": { + "description": "filters is a set of filters used to identify a resource.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "AWSResourceFilter is a filter used to identify an AWS resource", "properties": { "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "description": "name of the filter. Filter names are case-sensitive.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "values": { + "description": "values includes one or more filter values. Filter values are case-sensitive.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -141404,432 +132666,190 @@ "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "id": { + "description": "id of resource.", + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "type": { + "description": "type determines how the reference will fetch the AWS resource.", + "enum": [ + "ID", + "ARN", + "Filters" + ], + "type": "string" } }, - "type": "object" + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "id is required when type is ID, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'ID' ? has(self.id) : !has(self.id)" + }, + { + "message": "arn is required when type is ARN, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'ARN' ? has(self.arn) : !has(self.arn)" + }, + { + "message": "filters is required when type is Filters, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Filters' ? has(self.filters) : !has(self.filters)" + } + ] + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "azure": { + "description": "azure configures failure domain information for the Azure platform.", + "items": { + "description": "AzureFailureDomain configures failure domain information for the Azure platform.", + "properties": { + "subnet": { + "description": "subnet is the name of the network subnet in which the VM will be created.\nWhen omitted, the subnet value from the machine providerSpec template will be used.", + "maxLength": 80, + "pattern": "^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$", + "type": "string" }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "zone": { + "description": "Availability Zone for the virtual machine.\nIf nil, the virtual machine should be deployed to no zone.", + "type": "string" + } + }, + "required": [ + "zone" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gcp": { + "description": "gcp configures failure domain information for the GCP platform.", + "items": { + "description": "GCPFailureDomain configures failure domain information for the GCP platform", + "properties": { + "zone": { + "description": "zone is the zone in which the GCP machine provider will create the VM.", + "type": "string" + } + }, + "required": [ + "zone" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nutanix": { + "description": "nutanix configures failure domain information for the Nutanix platform.", + "items": { + "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + "properties": { + "name": { + "description": "name of the failure domain in which the nutanix machine provider will create the VM.\nFailure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + "maxLength": 64, + "minLength": 1, + "pattern": "[a-z0-9]([-a-z0-9]*[a-z0-9])?", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "openstack": { + "description": "openstack configures failure domain information for the OpenStack platform.", + "items": { + "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + "minProperties": 1, + "properties": { + "availabilityZone": { + "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM.\nIf not specified, the VM will be created in the default availability zone specified in the nova configuration.\nAvailability zone names must NOT contain : since it is used by admin users to specify hosts where instances\nare launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs\nto this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.\nThe maximum length of availability zone name is 63 as per labels limits.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[^: ]*$", "type": "string" }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "rootVolume": { + "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM.\nIf not specified, no root volume will be created.", "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "availabilityZone": { + "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created.\nIf not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration.\nIf the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability\nzone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details.\nIf the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same\navailability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone).\nAvailability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure,\nsee kubernetes/cloud-provider-openstack#1379 for further information.\nThe maximum length of availability zone name is 63 as per labels limits.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[^ ]*$", "type": "string" }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" + "volumeType": { + "description": "volumeType specifies the type of the root volume that will be provisioned.\nThe maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "maxLength": 255, + "minLength": 1, + "type": "string" } }, + "required": [ + "volumeType" + ], "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "rootVolume.availabilityZone is required when availabilityZone is set", + "rule": "!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)" + } + ] + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "platform": { + "description": "platform identifies the platform for which the FailureDomain represents.\nCurrently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string" + }, + "vsphere": { + "description": "vsphere configures failure domain information for the VSphere platform.", + "items": { + "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", + "properties": { + "name": { + "description": "name of the failure domain in which the vSphere machine provider will create the VM.\nFailure domains are defined in a cluster's config.openshift.io/Infrastructure resource.\nWhen balancing machines across failure domains, the control plane machine set will inject configuration from the\nInfrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", "type": "string" } }, @@ -141843,77396 +132863,387 @@ "name" ], "x-kubernetes-list-type": "map" + } + }, + "required": [ + "platform" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "aws configuration is required when platform is AWS, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'AWS' ? has(self.aws) : !has(self.aws)" }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "message": "azure configuration is required when platform is Azure, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'Azure' ? has(self.azure) : !has(self.azure)" + }, + { + "message": "gcp configuration is required when platform is GCP, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'GCP' ? has(self.gcp) : !has(self.gcp)" + }, + { + "message": "openstack configuration is required when platform is OpenStack, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'OpenStack' ? has(self.openstack) : !has(self.openstack)" + }, + { + "message": "vsphere configuration is required when platform is VSphere, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'VSphere' ? has(self.vsphere) : !has(self.vsphere)" + }, + { + "message": "nutanix configuration is required when platform is Nutanix, and forbidden otherwise", + "rule": "has(self.platform) && self.platform == 'Nutanix' ? has(self.nutanix) : !has(self.nutanix)" + } + ] + }, + "metadata": { + "description": "ObjectMeta is the standard object metadata\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata\nLabels are required to match the ControlPlaneMachineSet selector.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels.\nThis field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'.\nIt must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", + "type": "object", + "x-kubernetes-validations": [ + { + "message": "label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'", + "rule": "'machine.openshift.io/cluster-api-machine-role' in self && self['machine.openshift.io/cluster-api-machine-role'] == 'master'" + }, + { + "message": "label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'", + "rule": "'machine.openshift.io/cluster-api-machine-type' in self && self['machine.openshift.io/cluster-api-machine-type'] == 'master'" }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + { + "message": "label 'machine.openshift.io/cluster-api-cluster' is required", + "rule": "'machine.openshift.io/cluster-api-cluster' in self" + } + ] + } + }, + "required": [ + "labels" + ], + "type": "object" + }, + "spec": { + "description": "spec contains the desired configuration of the Control Plane Machines.\nThe ProviderSpec within contains platform specific details\nfor creating the Control Plane Machines.\nThe ProviderSe should be complete apart from the platform specific\nfailure domain field. This will be overriden when the Machines\nare created based on the FailureDomains field.", + "properties": { + "lifecycleHooks": { + "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", + "properties": { + "preDrain": { + "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "description": "LifecycleHook represents a single instance of a lifecycle hook", "properties": { "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" }, - "value": { - "description": "Value is this DNS resolver option's value.", + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, "type": "string" } }, + "required": [ + "name", + "owner" + ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "preTerminate": { + "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", "items": { - "type": "string" + "description": "LifecycleHook represents a single instance of a lifecycle hook", + "properties": { + "name": { + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + }, + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, + "type": "string" + } + }, + "required": [ + "name", + "owner" + ], + "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", - "type": "string" - }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", - "type": "boolean" - }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "items": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", + "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "labels": { + "additionalProperties": { "type": "string" }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", + "items": { + "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "apiVersion": { + "description": "API version of the referent.", "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" } }, - "type": "object" + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", + "type": "array", + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "providerID": { + "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", + "type": "string" + }, + "providerSpec": { + "description": "providerSpec details Provider-specific configuration to use during node creation.", + "properties": { + "value": { + "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", + "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", + "properties": { + "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", - "type": "string" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", - "type": "string" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", + "format": "date-time", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "ip": { - "description": "IP address of the host file entry.", + "value": { + "description": "The taint value corresponding to the taint key.", "type": "string" } }, "required": [ - "ip" + "effect", + "key" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "hostIPC": { - "description": "Use the host's ipc namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", - "type": "boolean" - }, - "hostPID": { - "description": "Use the host's pid namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostUsers": { - "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" - }, - "hostname": { - "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "initContainers": { - "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nthat value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "os": { - "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", - "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "overhead": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object" - }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", - "type": "string" - }, - "priority": { - "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", - "format": "int32", - "type": "integer" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", - "items": { - "description": "PodReadinessGate contains the reference to a pod condition", - "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", - "type": "string" - } - }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", - "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", - "type": "string" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", - "type": "string" - }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", - "type": "string" - }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "items": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", - "properties": { - "name": { - "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", - "type": "boolean" - }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "containers" - ], - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "default": "RecreateGroupOnPodRestart", - "description": "RestartPolicy defines the restart policy when pod failures happen.\nThe former named Default policy is deprecated, will be removed in the future,\nreplace with None policy for the same behavior.", - "enum": [ - "Default", - "RecreateGroupOnPodRestart", - "None" - ], - "type": "string" - }, - "size": { - "default": 1, - "description": "Number of pods to create. It is the total number of pods in each group.\nThe minimum is 1 which represent the leader. When set to 1, the leader\npod is created for each group as well as a 0-replica StatefulSet for the workers.\nDefault to 1.", - "format": "int32", - "type": "integer" - }, - "subGroupPolicy": { - "description": "SubGroupPolicy describes the policy that will be applied when creating subgroups\nin each replica.", - "properties": { - "subGroupPolicyType": { - "default": "LeaderWorker", - "description": "Defines what type of Subgroups to create. Defaults to\nLeaderWorker", - "enum": [ - "LeaderWorker", - "LeaderExcluded" - ], - "type": "string" - }, - "subGroupSize": { - "description": "The number of pods per subgroup. This value is immutable,\nand must not be greater than LeaderWorkerSet.Spec.Size.\nSize must be divisible by subGroupSize in which case the\nsubgroups will be of equal size. Or size - 1 is divisible\nby subGroupSize, in which case the leader is considered as\nthe extra pod, and will be part of the first subgroup.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "workerTemplate": { - "description": "WorkerTemplate defines the pod template for worker pods.", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", - "format": "int64", - "type": "integer" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", - "type": "string" - }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", - "type": "boolean" - }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "items": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", - "type": "string" - }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", - "type": "string" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", - "type": "string" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string" - } - }, - "required": [ - "ip" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "hostIPC": { - "description": "Use the host's ipc namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", - "type": "boolean" - }, - "hostPID": { - "description": "Use the host's pid namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostUsers": { - "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" - }, - "hostname": { - "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "initContainers": { - "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nthat value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "os": { - "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", - "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "overhead": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object" - }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", - "type": "string" - }, - "priority": { - "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", - "format": "int32", - "type": "integer" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", - "items": { - "description": "PodReadinessGate contains the reference to a pod condition", - "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", - "type": "string" - } - }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", - "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", - "type": "string" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", - "type": "string" - }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", - "type": "string" - }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "items": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", - "properties": { - "name": { - "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", - "type": "boolean" - }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "containers" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "workerTemplate" - ], - "type": "object" - }, - "networkConfig": { - "description": "NetworkConfig defines the network configuration of the group", - "properties": { - "subdomainPolicy": { - "description": "SubdomainPolicy determines the policy that will be used when creating\nthe headless service, defaults to shared", - "enum": [ - "Shared", - "UniquePerReplica" - ], - "type": "string" - } - }, - "required": [ - "subdomainPolicy" - ], - "type": "object" - }, - "replicas": { - "default": 1, - "description": "Number of leader-workers groups. A scale subresource is available to enable HPA. The\nselector for HPA will be that of the leader pod, and so practically HPA will be looking up the\nleader pod metrics. Note that the leader pod could aggregate metrics from\nthe rest of the group and expose them as a summary custom metric representing the whole\ngroup.\nOn scale down, the leader pod as well as the workers statefulset will be deleted.\nDefault to 1.", - "format": "int32", - "type": "integer" - }, - "rolloutStrategy": { - "description": "RolloutStrategy defines the strategy that will be applied to update replicas\nwhen a revision is made to the leaderWorkerTemplate.", - "properties": { - "rollingUpdateConfiguration": { - "description": "RollingUpdateConfiguration defines the parameters to be used when type is RollingUpdateStrategyType.", - "properties": { - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "default": 0, - "description": "The maximum number of replicas that can be scheduled above the original number of\nreplicas.\nValue can be an absolute number (ex: 5) or a percentage of total replicas at\nthe start of the update (ex: 10%).\nAbsolute number is calculated from percentage by rounding up.\nBy default, a value of 0 is used.\nExample: when this is set to 30%, the new replicas can be scaled up by 30%\nimmediately when the rolling update starts. Once old replicas have been deleted,\nnew replicas can be scaled up further, ensuring that total number of replicas running\nat any time during the update is at most 130% of original replicas.\nWhen rolling update completes, replicas will fall back to the original replicas.", - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "default": 1, - "description": "The maximum number of replicas that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of total replicas at the start of update (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nBy default, a fixed value of 1 is used.\nExample: when this is set to 30%, the old replicas can be scaled down by 30%\nimmediately when the rolling update starts. Once new replicas are ready, old replicas\ncan be scaled down further, followed by scaling up the new replicas, ensuring\nthat at least 70% of original number of replicas are available at all times\nduring the update.", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "type": { - "default": "RollingUpdate", - "description": "Type defines the rollout strategy, it can only be \u201cRollingUpdate\u201d for now.", - "enum": [ - "RollingUpdate" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "startupPolicy": { - "default": "LeaderCreated", - "description": "StartupPolicy determines the startup policy for the worker statefulset.", - "enum": [ - "LeaderCreated", - "LeaderReady" - ], - "type": "string" - } - }, - "required": [ - "leaderWorkerTemplate" - ], - "type": "object" - }, - "status": { - "description": "LeaderWorkerSetStatus defines the observed state of LeaderWorkerSet", - "properties": { - "conditions": { - "description": "Conditions track the condition of the leaderworkerset.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "hpaPodSelector": { - "description": "HPAPodSelector for pods that belong to the LeaderWorkerSet object, this is\nneeded for HPA to know what pods belong to the LeaderWorkerSet object. Here\nwe only select the leader pods.", - "type": "string" - }, - "readyReplicas": { - "description": "ReadyReplicas track the number of groups that are in ready state (updated or not).", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "Replicas track the total number of groups that have been created (updated or not, ready or not)", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "UpdatedReplicas track the number of groups that have been updated (ready or not).", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "leaderworkerset.x-k8s.io", - "kind": "LeaderWorkerSet", - "version": "v1" - } - ] - }, - "leaderworkerset.x-k8s.io/v1/LeaderWorkerSetList": { - "description": "LeaderWorkerSetList is a list of LeaderWorkerSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of leaderworkersets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.x-k8s.leaderworkerset.v1.LeaderWorkerSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "leaderworkerset.x-k8s.io", - "kind": "LeaderWorkerSetList", - "version": "v1" - } - ] - }, - "local.storage.openshift.io/v1/LocalVolume": { - "description": "LocalVolume is the Schema for the localvolumes API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "LocalVolumeSpec defines the desired state of LocalVolume", - "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "nodeSelector": { - "description": "Nodes on which the provisoner must run", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassDevices": { - "description": "List of storage class and devices they can match", - "items": { - "description": "StorageClassDevice returns device configuration", - "properties": { - "devicePaths": { - "description": "A list of device paths which would be chosen for local storage. For example - [\"/dev/sda\", \"/dev/sdb\", \"/dev/disk/by-id/ata-crucial\"]", - "items": { - "type": "string" - }, - "type": "array" - }, - "forceWipeDevicesAndDestroyAllData": { - "description": "This option will destroy all leftover data on the devices before they're used as PersistentVolumes. Use with care.", - "type": "boolean" - }, - "fsType": { - "description": "File system type", - "type": "string" - }, - "storageClassName": { - "description": "StorageClass name to use for set of matched devices", - "type": "string" - }, - "volumeMode": { - "description": "Volume mode. Raw or with file system", - "type": "string" - } - }, - "required": [ - "storageClassName" - ], - "type": "object" - }, - "type": "array" - }, - "tolerations": { - "description": "If specified, a list of tolerations to pass to the diskmaker and provisioner DaemonSets.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "LocalVolumeStatus defines the observed state of LocalVolume", - "properties": { - "conditions": { - "description": "Conditions is a list of conditions and their status.", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "managementState": { - "description": "state indicates what the operator has observed to be its current operational status.", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedGeneration": { - "description": "ObservedGeneration is the last generation of this object that the operator has acted on.", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "readyReplicas" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolume", - "version": "v1" - } - ] - }, - "local.storage.openshift.io/v1/LocalVolumeList": { - "description": "LocalVolumeList is a list of LocalVolume", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of localvolumes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.local.v1.LocalVolume" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeList", - "version": "v1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeDiscovery": { - "description": "LocalVolumeDiscovery is the Schema for the localvolumediscoveries API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "LocalVolumeDiscoverySpec defines the desired state of LocalVolumeDiscovery", - "properties": { - "nodeSelector": { - "description": "Nodes on which the automatic detection policies must run.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tolerations": { - "description": "If specified tolerations is the list of toleration that is passed to the LocalVolumeDiscovery Daemon", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "LocalVolumeDiscoveryStatus defines the observed state of LocalVolumeDiscovery", - "properties": { - "conditions": { - "description": "Conditions are the list of conditions and their status.", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change the operator has dealt with", - "format": "int64", - "type": "integer" - }, - "phase": { - "description": "Phase represents the current phase of discovery process This is used by the OLM UI to provide status information to the user", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeDiscovery", - "version": "v1alpha1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryList": { - "description": "LocalVolumeDiscoveryList is a list of LocalVolumeDiscovery", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of localvolumediscoveries. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeDiscovery" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeDiscoveryList", - "version": "v1alpha1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryResult": { - "description": "LocalVolumeDiscoveryResult is the Schema for the localvolumediscoveryresults API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "LocalVolumeDiscoveryResultSpec defines the desired state of LocalVolumeDiscoveryResult", - "properties": { - "nodeName": { - "description": "Node on which the devices are discovered", - "type": "string" - } - }, - "required": [ - "nodeName" - ], - "type": "object" - }, - "status": { - "description": "LocalVolumeDiscoveryResultStatus defines the observed state of LocalVolumeDiscoveryResult", - "properties": { - "discoveredDevices": { - "description": "DiscoveredDevices contains the list of devices on which LSO is capable of creating LocalPVs The devices in this list qualify these following conditions. - it should be a non-removable device. - it should not be a read-only device. - it should not be mounted anywhere - it should not be a boot device - it should not have child partitions", - "items": { - "description": "DiscoveredDevice shows the list of discovered devices with their properties", - "properties": { - "deviceID": { - "description": "DeviceID represents the persistent name of the device. For eg, /dev/disk/by-id/...", - "type": "string" - }, - "fstype": { - "description": "FSType represents the filesystem available on the device", - "type": "string" - }, - "model": { - "description": "Model of the discovered device", - "type": "string" - }, - "path": { - "description": "Path represents the device path. For eg, /dev/sdb", - "type": "string" - }, - "property": { - "description": "Property represents whether the device type is rotational or not", - "type": "string" - }, - "serial": { - "description": "Serial number of the disk", - "type": "string" - }, - "size": { - "description": "Size of the discovered device", - "format": "int64", - "type": "integer" - }, - "status": { - "description": "Status defines whether the device is available for use or not", - "properties": { - "state": { - "description": "State shows the availability of the device", - "type": "string" - } - }, - "required": [ - "state" - ], - "type": "object" - }, - "type": { - "description": "Type of the discovered device", - "type": "string" - }, - "vendor": { - "description": "Vendor of the discovered device", - "type": "string" - } - }, - "required": [ - "deviceID", - "fstype", - "model", - "path", - "property", - "serial", - "size", - "status", - "type", - "vendor" - ], - "type": "object" - }, - "type": "array" - }, - "discoveredTimeStamp": { - "description": "DiscoveredTimeStamp is the last timestamp when the list of discovered devices was updated", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeDiscoveryResult", - "version": "v1alpha1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeDiscoveryResultList": { - "description": "LocalVolumeDiscoveryResultList is a list of LocalVolumeDiscoveryResult", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of localvolumediscoveryresults. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeDiscoveryResult" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeDiscoveryResultList", - "version": "v1alpha1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeSet": { - "description": "LocalVolumeSet is the Schema for the localvolumesets API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "LocalVolumeSetSpec defines the desired state of LocalVolumeSet", - "properties": { - "deviceInclusionSpec": { - "description": "DeviceInclusionSpec is the filtration rule for including a device in the device discovery", - "properties": { - "deviceMechanicalProperties": { - "description": "DeviceMechanicalProperty denotes whether Rotational or NonRotational disks should be used. by default, it selects both", - "items": { - "description": "DeviceMechanicalProperty holds the device's mechanical spec. It can be rotational or nonRotational", - "type": "string" - }, - "type": "array" - }, - "deviceTypes": { - "description": "Devices is the list of devices that should be used for automatic detection. This would be one of the types supported by the local-storage operator. Currently, the supported types are: disk, part. If the list is empty only `disk` types will be selected", - "items": { - "description": "DeviceType is the types that will be supported by the LSO.", - "type": "string" - }, - "type": "array" - }, - "maxSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxSize is the maximum size of the device which needs to be included", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "minSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MinSize is the minimum size of the device which needs to be included. Defaults to `1Gi` if empty", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "models": { - "description": "Models is a list of device models. If not empty, the device's model as outputted by lsblk needs to contain at least one of these strings.", - "items": { - "type": "string" - }, - "type": "array" - }, - "vendors": { - "description": "Vendors is a list of device vendors. If not empty, the device's model as outputted by lsblk needs to contain at least one of these strings.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "fsType": { - "description": "FSType type to create when volumeMode is Filesystem", - "type": "string" - }, - "maxDeviceCount": { - "description": "MaxDeviceCount is the maximum number of Devices that needs to be detected per node. If it is not specified, there will be no limit to the number of provisioned devices.", - "format": "int32", - "type": "integer" - }, - "nodeSelector": { - "description": "Nodes on which the automatic detection policies must run.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "StorageClassName to use for set of matched devices", - "type": "string" - }, - "tolerations": { - "description": "If specified, a list of tolerations to pass to the discovery daemons.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "volumeMode": { - "description": "VolumeMode determines whether the PV created is Block or Filesystem. It will default to Filesystem.", - "type": "string" - } - }, - "required": [ - "storageClassName" - ], - "type": "object" - }, - "status": { - "description": "LocalVolumeSetStatus defines the observed state of LocalVolumeSet", - "properties": { - "conditions": { - "description": "Conditions is a list of conditions and their status.", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change the operator has dealt with", - "format": "int64", - "type": "integer" - }, - "totalProvisionedDeviceCount": { - "description": "TotalProvisionedDeviceCount is the count of the total devices over which the PVs has been provisioned", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeSet", - "version": "v1alpha1" - } - ] - }, - "local.storage.openshift.io/v1alpha1/LocalVolumeSetList": { - "description": "LocalVolumeSetList is a list of LocalVolumeSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of localvolumesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.local.v1alpha1.LocalVolumeSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "local.storage.openshift.io", - "kind": "LocalVolumeSetList", - "version": "v1alpha1" - } - ] - }, - "machine.openshift.io/v1/ControlPlaneMachineSet": { - "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time.\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", - "properties": { - "machineNamePrefix": { - "description": "machineNamePrefix is the prefix used when creating machine names.\nEach machine name will consist of this prefix, followed by\na randomly generated string of 5 characters, and the index of the machine.\nIt must be a lowercase RFC 1123 subdomain, consisting of lowercase\nalphanumeric characters, hyphens ('-'), and periods ('.').\nEach block, separated by periods, must start and end with an alphanumeric character.\nHyphens are not allowed at the start or end of a block, and consecutive periods are not permitted.\nThe prefix must be between 1 and 245 characters in length.\nFor example, if machineNamePrefix is set to 'control-plane',\nand three machines are created, their names might be:\ncontrol-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", - "maxLength": 245, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "replicas": { - "default": 3, - "description": "replicas defines how many Control Plane Machines should be\ncreated by this ControlPlaneMachineSet.\nThis field is immutable and cannot be changed after cluster\ninstallation.\nThe ControlPlaneMachineSet only operates with 3 or 5 node control planes,\n3 and 5 are the only valid values for this field.", - "enum": [ - 3, - 5 - ], - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "replicas is immutable", - "rule": "self == oldSelf" - } - ] - }, - "selector": { - "description": "Label selector for Machines. Existing Machines selected by this\nselector will be the ones affected by this ControlPlaneMachineSet.\nIt must match the template's labels.\nThis field is considered immutable after creation of the resource.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "selector is immutable", - "rule": "self == oldSelf" - } - ] - }, - "state": { - "default": "Inactive", - "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive.\nWhen Inactive, the ControlPlaneMachineSet will not take any action on the\nstate of the Machines within the cluster.\nWhen Active, the ControlPlaneMachineSet will reconcile the Machines and\nwill update the Machines as necessary.\nOnce Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent\nfurther action please remove the ControlPlaneMachineSet.", - "enum": [ - "Active", - "Inactive" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "state cannot be changed once Active", - "rule": "oldSelf != 'Active' || self == oldSelf" - } - ] - }, - "strategy": { - "default": { - "type": "RollingUpdate" - }, - "description": "strategy defines how the ControlPlaneMachineSet will update\nMachines when it detects a change to the ProviderSpec.", - "properties": { - "type": { - "default": "RollingUpdate", - "description": "type defines the type of update strategy that should be\nused when updating Machines owned by the ControlPlaneMachineSet.\nValid values are \"RollingUpdate\" and \"OnDelete\".\nThe current default value is \"RollingUpdate\".", - "enum": [ - "RollingUpdate", - "OnDelete" - ], - "type": "string" - } - }, - "type": "object" - }, - "template": { - "description": "template describes the Control Plane Machines that will be created\nby this ControlPlaneMachineSet.", - "properties": { - "machineType": { - "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet.\nCurrently, the only valid value is machines_v1beta1_machine_openshift_io.", - "enum": [ - "machines_v1beta1_machine_openshift_io" - ], - "type": "string" - }, - "machines_v1beta1_machine_openshift_io": { - "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines\nfrom the v1beta1.machine.openshift.io API group.", - "properties": { - "failureDomains": { - "description": "failureDomains is the list of failure domains (sometimes called\navailability zones) in which the ControlPlaneMachineSet should balance\nthe Control Plane Machines.\nThis will be merged into the ProviderSpec given in the template.\nThis field is optional on platforms that do not require placement information.", - "properties": { - "aws": { - "description": "aws configures failure domain information for the AWS platform.", - "items": { - "description": "AWSFailureDomain configures failure domain information for the AWS platform.", - "minProperties": 1, - "properties": { - "placement": { - "description": "placement configures the placement information for this instance.", - "properties": { - "availabilityZone": { - "description": "availabilityZone is the availability zone of the instance.", - "type": "string" - } - }, - "required": [ - "availabilityZone" - ], - "type": "object" - }, - "subnet": { - "description": "subnet is a reference to the subnet to use for this instance.", - "properties": { - "arn": { - "description": "arn of resource.", - "type": "string" - }, - "filters": { - "description": "filters is a set of filters used to identify a resource.", - "items": { - "description": "AWSResourceFilter is a filter used to identify an AWS resource", - "properties": { - "name": { - "description": "name of the filter. Filter names are case-sensitive.", - "type": "string" - }, - "values": { - "description": "values includes one or more filter values. Filter values are case-sensitive.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "id": { - "description": "id of resource.", - "type": "string" - }, - "type": { - "description": "type determines how the reference will fetch the AWS resource.", - "enum": [ - "ID", - "ARN", - "Filters" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "id is required when type is ID, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'ID' ? has(self.id) : !has(self.id)" - }, - { - "message": "arn is required when type is ARN, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'ARN' ? has(self.arn) : !has(self.arn)" - }, - { - "message": "filters is required when type is Filters, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Filters' ? has(self.filters) : !has(self.filters)" - } - ] - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "azure": { - "description": "azure configures failure domain information for the Azure platform.", - "items": { - "description": "AzureFailureDomain configures failure domain information for the Azure platform.", - "properties": { - "subnet": { - "description": "subnet is the name of the network subnet in which the VM will be created.\nWhen omitted, the subnet value from the machine providerSpec template will be used.", - "maxLength": 80, - "pattern": "^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$", - "type": "string" - }, - "zone": { - "description": "Availability Zone for the virtual machine.\nIf nil, the virtual machine should be deployed to no zone.", - "type": "string" - } - }, - "required": [ - "zone" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "gcp": { - "description": "gcp configures failure domain information for the GCP platform.", - "items": { - "description": "GCPFailureDomain configures failure domain information for the GCP platform", - "properties": { - "zone": { - "description": "zone is the zone in which the GCP machine provider will create the VM.", - "type": "string" - } - }, - "required": [ - "zone" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "nutanix": { - "description": "nutanix configures failure domain information for the Nutanix platform.", - "items": { - "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", - "properties": { - "name": { - "description": "name of the failure domain in which the nutanix machine provider will create the VM.\nFailure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", - "maxLength": 64, - "minLength": 1, - "pattern": "[a-z0-9]([-a-z0-9]*[a-z0-9])?", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "openstack": { - "description": "openstack configures failure domain information for the OpenStack platform.", - "items": { - "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", - "minProperties": 1, - "properties": { - "availabilityZone": { - "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM.\nIf not specified, the VM will be created in the default availability zone specified in the nova configuration.\nAvailability zone names must NOT contain : since it is used by admin users to specify hosts where instances\nare launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs\nto this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.\nThe maximum length of availability zone name is 63 as per labels limits.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[^: ]*$", - "type": "string" - }, - "rootVolume": { - "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM.\nIf not specified, no root volume will be created.", - "properties": { - "availabilityZone": { - "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created.\nIf not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration.\nIf the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability\nzone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details.\nIf the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same\navailability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone).\nAvailability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure,\nsee kubernetes/cloud-provider-openstack#1379 for further information.\nThe maximum length of availability zone name is 63 as per labels limits.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[^ ]*$", - "type": "string" - }, - "volumeType": { - "description": "volumeType specifies the type of the root volume that will be provisioned.\nThe maximum length of a volume type name is 255 characters, as per the OpenStack limit.", - "maxLength": 255, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "volumeType" - ], - "type": "object" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "rootVolume.availabilityZone is required when availabilityZone is set", - "rule": "!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)" - } - ] - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "platform": { - "description": "platform identifies the platform for which the FailureDomain represents.\nCurrently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string" - }, - "vsphere": { - "description": "vsphere configures failure domain information for the VSphere platform.", - "items": { - "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", - "properties": { - "name": { - "description": "name of the failure domain in which the vSphere machine provider will create the VM.\nFailure domains are defined in a cluster's config.openshift.io/Infrastructure resource.\nWhen balancing machines across failure domains, the control plane machine set will inject configuration from the\nInfrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "platform" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "aws configuration is required when platform is AWS, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'AWS' ? has(self.aws) : !has(self.aws)" - }, - { - "message": "azure configuration is required when platform is Azure, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'Azure' ? has(self.azure) : !has(self.azure)" - }, - { - "message": "gcp configuration is required when platform is GCP, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'GCP' ? has(self.gcp) : !has(self.gcp)" - }, - { - "message": "openstack configuration is required when platform is OpenStack, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'OpenStack' ? has(self.openstack) : !has(self.openstack)" - }, - { - "message": "vsphere configuration is required when platform is VSphere, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'VSphere' ? has(self.vsphere) : !has(self.vsphere)" - }, - { - "message": "nutanix configuration is required when platform is Nutanix, and forbidden otherwise", - "rule": "has(self.platform) && self.platform == 'Nutanix' ? has(self.nutanix) : !has(self.nutanix)" - } - ] - }, - "metadata": { - "description": "ObjectMeta is the standard object metadata\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata\nLabels are required to match the ControlPlaneMachineSet selector.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels.\nThis field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'.\nIt must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", - "type": "object", - "x-kubernetes-validations": [ - { - "message": "label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'", - "rule": "'machine.openshift.io/cluster-api-machine-role' in self && self['machine.openshift.io/cluster-api-machine-role'] == 'master'" - }, - { - "message": "label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'", - "rule": "'machine.openshift.io/cluster-api-machine-type' in self && self['machine.openshift.io/cluster-api-machine-type'] == 'master'" - }, - { - "message": "label 'machine.openshift.io/cluster-api-cluster' is required", - "rule": "'machine.openshift.io/cluster-api-cluster' in self" - } - ] - } - }, - "required": [ - "labels" - ], - "type": "object" - }, - "spec": { - "description": "spec contains the desired configuration of the Control Plane Machines.\nThe ProviderSpec within contains platform specific details\nfor creating the Control Plane Machines.\nThe ProviderSe should be complete apart from the platform specific\nfailure domain field. This will be overriden when the Machines\nare created based on the FailureDomains field.", - "properties": { - "lifecycleHooks": { - "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", - "properties": { - "preDrain": { - "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "preTerminate": { - "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "metadata": { - "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", - "items": { - "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" - } - }, - "required": [ - "apiVersion", - "kind", - "name", - "uid" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", - "type": "string" - }, - "providerSpec": { - "description": "providerSpec details Provider-specific configuration to use during node creation.", - "properties": { - "value": { - "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "taints": { - "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", - "items": { - "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", - "properties": { - "effect": { - "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Required. The taint key to be applied to a node.", - "type": "string" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", - "format": "date-time", - "type": "string" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" - } - }, - "required": [ - "effect", - "key" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "machineType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise", - "rule": "has(self.machineType) && self.machineType == 'machines_v1beta1_machine_openshift_io' ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)" - } - ] - } - }, - "required": [ - "replicas", - "selector", - "template" - ], - "type": "object" - }, - "status": { - "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", - "properties": { - "conditions": { - "description": "conditions represents the observations of the ControlPlaneMachineSet's current state.\nKnown .status.conditions.type are: Available, Degraded and Progressing.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed for this\nControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation,\nwhich is updated on mutation by the API Server.", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas is the number of Control Plane Machines created by the\nControlPlaneMachineSet controller which are ready.\nNote that this value may be higher than the desired number of replicas\nwhile rolling updates are in-progress.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "replicas is the number of Control Plane Machines created by the\nControlPlaneMachineSet controller.\nNote that during update operations this value may differ from the\ndesired replica count.", - "format": "int32", - "type": "integer" - }, - "unavailableReplicas": { - "description": "unavailableReplicas is the number of Control Plane Machines that are\nstill required before the ControlPlaneMachineSet reaches the desired\navailable capacity. When this value is non-zero, the number of\nReadyReplicas is less than the desired Replicas.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "updatedReplicas is the number of non-terminated Control Plane Machines\ncreated by the ControlPlaneMachineSet controller that have the desired\nprovider spec and are ready.\nThis value is set to 0 when a change is detected to the desired spec.\nWhen the update strategy is RollingUpdate, this will also coincide\nwith starting the process of updating the Machines.\nWhen the update strategy is OnDelete, this value will remain at 0 until\na user deletes an existing replica and its replacement has become ready.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "ControlPlaneMachineSet", - "version": "v1" - } - ] - }, - "machine.openshift.io/v1/ControlPlaneMachineSetList": { - "description": "ControlPlaneMachineSetList is a list of ControlPlaneMachineSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of controlplanemachinesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machine.v1.ControlPlaneMachineSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "ControlPlaneMachineSetList", - "version": "v1" - } - ] - }, - "machine.openshift.io/v1beta1/Machine": { - "description": "Machine is the Schema for the machines API\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "MachineSpec defines the desired state of Machine", - "properties": { - "lifecycleHooks": { - "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", - "properties": { - "preDrain": { - "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "preTerminate": { - "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "metadata": { - "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", - "items": { - "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" - } - }, - "required": [ - "apiVersion", - "kind", - "name", - "uid" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", - "type": "string" - }, - "providerSpec": { - "description": "providerSpec details Provider-specific configuration to use during node creation.", - "properties": { - "value": { - "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "taints": { - "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", - "items": { - "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", - "properties": { - "effect": { - "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Required. The taint key to be applied to a node.", - "type": "string" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", - "format": "date-time", - "type": "string" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" - } - }, - "required": [ - "effect", - "key" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "status": { - "description": "MachineStatus defines the observed state of Machine", - "properties": { - "addresses": { - "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", - "items": { - "description": "NodeAddress contains information for the node's address.", - "properties": { - "address": { - "description": "The node address.", - "type": "string" - }, - "type": { - "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", - "type": "string" - } - }, - "required": [ - "address", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "conditions": { - "description": "conditions defines the current state of the Machine", - "items": { - "description": "Condition defines an observation of a Machine API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "errorMessage": { - "description": "errorMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", - "type": "string" - }, - "errorReason": { - "description": "errorReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", - "type": "string" - }, - "lastOperation": { - "description": "lastOperation describes the last-operation performed by the machine-controller.\nThis API should be useful as a history in terms of the latest operation performed on the\nspecific machine. It should also convey the state of the latest-operation for example if\nit is still on-going, failed or completed successfully.", - "properties": { - "description": { - "description": "description is the human-readable description of the last operation.", - "type": "string" - }, - "lastUpdated": { - "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", - "format": "date-time", - "type": "string" - }, - "state": { - "description": "state is the current status of the last performed operation.\nE.g. Processing, Failed, Successful etc", - "type": "string" - }, - "type": { - "description": "type is the type of operation which was last performed.\nE.g. Create, Delete, Update etc", - "type": "string" - } - }, - "type": "object" - }, - "lastUpdated": { - "description": "lastUpdated identifies when this status was last observed.", - "format": "date-time", - "type": "string" - }, - "nodeRef": { - "description": "nodeRef will point to the corresponding Node if it exists.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "phase": { - "description": "phase represents the current phase of machine actuation.\nOne of: Failed, Provisioning, Provisioned, Running, Deleting", - "type": "string" - }, - "providerStatus": { - "description": "providerStatus details a Provider-specific status.\nIt is recommended that providers maintain their\nown versioned API types that should be\nserialized/deserialized from this field.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "Machine", - "version": "v1beta1" - } - ] - }, - "machine.openshift.io/v1beta1/MachineHealthCheck": { - "description": "MachineHealthCheck is the Schema for the machinehealthchecks API\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of machine health check policy", - "properties": { - "maxUnhealthy": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "default": "100%", - "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy.\nExpects either a postive integer value or a percentage value.\nPercentage values must be positive whole numbers and are capped at 100%.\nBoth 0 and 0% are valid and will block all remediation.", - "pattern": "^((100|[0-9]{1,2})%|[0-9]+)$", - "x-kubernetes-int-or-string": true - }, - "nodeStartupTimeout": { - "default": "10m", - "description": "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nTo prevent Machines without Nodes from being removed, disable startup checks\nby setting this value explicitly to \"0\".\nExpects an unsigned duration string of decimal numbers each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".", - "pattern": "^0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$", - "type": "string" - }, - "remediationTemplate": { - "description": "remediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Machine API Operator.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selector": { - "description": "Label selector to match machines whose health will be exercised.\nNote: An empty selector will match all machines.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "unhealthyConditions": { - "description": "unhealthyConditions contains a list of the conditions that determine\nwhether a node is considered unhealthy. The conditions are combined in a\nlogical OR, i.e. if any of the conditions is met, the node is unhealthy.", - "items": { - "description": "UnhealthyCondition represents a Node condition type and value with a timeout\nspecified as a duration. When the named condition has been in the given\nstatus for at least the timeout value, a node is considered unhealthy.", - "properties": { - "status": { - "minLength": 1, - "type": "string" - }, - "timeout": { - "description": "Expects an unsigned duration string of decimal numbers each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".", - "pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$", - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - } - }, - "type": "object" - }, - "minItems": 1, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "Most recently observed status of MachineHealthCheck resource", - "properties": { - "conditions": { - "description": "conditions defines the current state of the MachineHealthCheck", - "items": { - "description": "Condition defines an observation of a Machine API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentHealthy": { - "description": "total number of machines counted by this machine health check", - "minimum": 0, - "type": "integer" - }, - "expectedMachines": { - "description": "total number of machines counted by this machine health check", - "minimum": 0, - "type": "integer" - }, - "remediationsAllowed": { - "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before\nmaxUnhealthy short circuiting will be applied", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "MachineHealthCheck", - "version": "v1beta1" - } - ] - }, - "machine.openshift.io/v1beta1/MachineHealthCheckList": { - "description": "MachineHealthCheckList is a list of MachineHealthCheck", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machinehealthchecks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machine.v1beta1.MachineHealthCheck" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "MachineHealthCheckList", - "version": "v1beta1" - } - ] - }, - "machine.openshift.io/v1beta1/MachineList": { - "description": "MachineList is a list of Machine", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machines. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machine.v1beta1.Machine" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "MachineList", - "version": "v1beta1" - } - ] - }, - "machine.openshift.io/v1beta1/MachineSet": { - "description": "MachineSet ensures that a specified number of machines replicas are running at any given time.\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "MachineSetSpec defines the desired state of MachineSet", - "properties": { - "deletePolicy": { - "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling.\nDefaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", - "enum": [ - "Random", - "Newest", - "Oldest" - ], - "type": "string" - }, - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.\nDefaults to 0 (machine will be considered available as soon as it is ready)", - "format": "int32", - "type": "integer" - }, - "replicas": { - "default": 1, - "description": "replicas is the number of desired replicas.\nThis is a pointer to distinguish between explicit zero and unspecified.\nDefaults to 1.", - "format": "int32", - "type": "integer" - }, - "selector": { - "description": "selector is a label query over machines that should match the replica count.\nLabel keys and values that must match in order to be controlled by this MachineSet.\nIt must match the machine template's labels.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "template": { - "description": "template is the object that describes the machine that will be created if\ninsufficient replicas are detected.", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", - "items": { - "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" - } - }, - "required": [ - "apiVersion", - "kind", - "name", - "uid" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the machine.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "lifecycleHooks": { - "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", - "properties": { - "preDrain": { - "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "preTerminate": { - "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", - "items": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", - "maxLength": 256, - "minLength": 3, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - }, - "owner": { - "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", - "maxLength": 512, - "minLength": 3, - "type": "string" - } - }, - "required": [ - "name", - "owner" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "metadata": { - "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", - "items": { - "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" - } - }, - "required": [ - "apiVersion", - "kind", - "name", - "uid" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", - "type": "string" - }, - "providerSpec": { - "description": "providerSpec details Provider-specific configuration to use during node creation.", - "properties": { - "value": { - "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "taints": { - "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", - "items": { - "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", - "properties": { - "effect": { - "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Required. The taint key to be applied to a node.", - "type": "string" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", - "format": "date-time", - "type": "string" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" - } - }, - "required": [ - "effect", - "key" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "MachineSetStatus defines the observed state of MachineSet", - "properties": { - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "conditions defines the current state of the MachineSet", - "items": { - "description": "Condition defines an observation of a Machine API resource operational state.", - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "errorMessage": { - "type": "string" - }, - "errorReason": { - "description": "In the event that there is a terminal problem reconciling the\nreplicas, both ErrorReason and ErrorMessage will be set. ErrorReason\nwill be populated with a succinct value suitable for machine\ninterpretation, while ErrorMessage will contain a more verbose\nstring suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a\ncontroller faces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the MachineTemplate's spec or the configuration of\nthe machine controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the machine controller, or the\nresponsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the MachineSet object and/or logged in the\ncontroller's output.", - "type": "string" - }, - "fullyLabeledReplicas": { - "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", - "format": "int32", - "type": "integer" - }, - "observedGeneration": { - "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "replicas is the most recently observed number of replicas.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "MachineSet", - "version": "v1beta1" - } - ] - }, - "machine.openshift.io/v1beta1/MachineSetList": { - "description": "MachineSetList is a list of MachineSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machinesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machine.v1beta1.MachineSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machine.openshift.io", - "kind": "MachineSetList", - "version": "v1beta1" - } - ] - }, - "machineconfiguration.openshift.io/v1/ContainerRuntimeConfig": { - "description": "ContainerRuntimeConfig describes a customized Container Runtime configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec contains the desired container runtime configuration.", - "properties": { - "containerRuntimeConfig": { - "description": "containerRuntimeConfig defines the tuneables of the container runtime.", - "properties": { - "defaultRuntime": { - "description": "defaultRuntime is the name of the OCI runtime to be used as the default.", - "type": "string" - }, - "logLevel": { - "description": "logLevel specifies the verbosity of the logs based on the level it is set to.\nOptions are fatal, panic, error, warn, info, and debug.", - "type": "string" - }, - "logSizeMax": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "logSizeMax specifies the Maximum size allowed for the container log file.\nNegative numbers indicate that no size limit is imposed.\nIf it is positive, it must be >= 8192 to match/exceed conmon's read buffer.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "overlaySize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "overlaySize specifies the maximum size of a container image.\nThis flag can be used to set quota on the size of container images. (default: 10GB)", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "pidsLimit": { - "description": "pidsLimit specifies the maximum number of processes allowed in a container", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "machineConfigPoolSelector": { - "description": "machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.\nA nil selector will result in no pools being selected.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "containerRuntimeConfig" - ], - "type": "object" - }, - "status": { - "description": "status contains observed information about the container runtime configuration.", - "properties": { - "conditions": { - "description": "conditions represents the latest available observations of current state.", - "items": { - "description": "ContainerRuntimeConfigCondition defines the state of the ContainerRuntimeConfig", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status object.", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", - "type": "string" - }, - "reason": { - "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type specifies the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "ContainerRuntimeConfig", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/ContainerRuntimeConfigList": { - "description": "ContainerRuntimeConfigList is a list of ContainerRuntimeConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of containerruntimeconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.ContainerRuntimeConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "ContainerRuntimeConfigList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/ControllerConfig": { - "description": "ControllerConfig describes configuration for MachineConfigController.\nThis is currently only used to drive the MachineConfig objects generated by the TemplateController.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec contains the desired controller config configuration.", - "properties": { - "additionalTrustBundle": { - "description": "additionalTrustBundle is a certificate bundle that will be added to the nodes\ntrusted certificate store.", - "format": "byte", - "nullable": true, - "type": "string" - }, - "baseOSContainerImage": { - "description": "baseOSContainerImage is the new-format container image for operating system updates.", - "type": "string" - }, - "baseOSExtensionsContainerImage": { - "description": "baseOSExtensionsContainerImage is the matching extensions container for the new-format container", - "type": "string" - }, - "cloudProviderCAData": { - "description": "cloudProviderCAData specifies the cloud provider CA data", - "format": "byte", - "nullable": true, - "type": "string" - }, - "cloudProviderConfig": { - "description": "cloudProviderConfig is the configuration for the given cloud provider", - "type": "string" - }, - "clusterDNSIP": { - "description": "clusterDNSIP is the cluster DNS IP address", - "type": "string" - }, - "dns": { - "description": "dns holds the cluster dns details", - "nullable": true, - "properties": { - "apiVersion": { - "description": "apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "baseDomain": { - "description": "baseDomain is the base domain of the cluster. All managed DNS records will\nbe sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server\nDNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", - "type": "string" - }, - "platform": { - "description": "platform holds configuration specific to the underlying\ninfrastructure provider for DNS.\nWhen omitted, this means the user has no opinion and the platform is left\nto choose reasonable defaults. These defaults are subject to change over time.", - "properties": { - "aws": { - "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", - "properties": { - "privateZoneIAMRole": { - "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing\noperations on the cluster's private hosted zone specified in the cluster DNS config.\nWhen left empty, no role should be assumed.", - "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$", - "type": "string" - } - }, - "type": "object" - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster.\nAllowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms,\nand must handle unrecognized platforms with best-effort defaults.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "allowed values are '' and 'AWS'", - "rule": "self in ['','AWS']" - } - ] - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "aws configuration is required when platform is AWS, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)" - } - ] - }, - "privateZone": { - "description": "privateZone is the location where all the DNS records that are only available internally\nto the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object" - } - }, - "type": "object" - }, - "publicZone": { - "description": "publicZone is the location where all the DNS records that are publicly accessible to\nthe internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "type": "object" - } - }, - "required": [ - "spec", - "kind", - "apiVersion" - ], - "type": "object", - "x-kubernetes-embedded-resource": true - }, - "etcdDiscoveryDomain": { - "description": "etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain instead", - "type": "string" - }, - "imageRegistryBundleData": { - "description": "imageRegistryBundleData is the ImageRegistryData", - "items": { - "description": "ImageRegistryBundle contains information for writing image registry certificates", - "properties": { - "data": { - "description": "data holds the contents of the bundle that will be written to the file location", - "format": "byte", - "type": "string" - }, - "file": { - "description": "file holds the name of the file where the bundle will be written to disk", - "type": "string" - } - }, - "required": [ - "data", - "file" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "imageRegistryBundleUserData": { - "description": "imageRegistryBundleUserData is Image Registry Data provided by the user", - "items": { - "description": "ImageRegistryBundle contains information for writing image registry certificates", - "properties": { - "data": { - "description": "data holds the contents of the bundle that will be written to the file location", - "format": "byte", - "type": "string" - }, - "file": { - "description": "file holds the name of the file where the bundle will be written to disk", - "type": "string" - } - }, - "required": [ - "data", - "file" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "images": { - "additionalProperties": { - "type": "string" - }, - "description": "images is map of images that are used by the controller to render templates under ./templates/", - "type": "object" - }, - "infra": { - "description": "infra holds the infrastructure details", - "nullable": true, - "properties": { - "apiVersion": { - "description": "apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "cloudConfig": { - "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.\nThis configuration file is used to configure the Kubernetes cloud provider integration\nwhen using the built-in cloud provider integration or the external cloud controller manager.\nThe namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller.\nThe controller is responsible for using the user configuration in the spec\nfor various platforms and combining that with the user provided ConfigMap in this field\nto create a stitched kube cloud config.\nThe controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace\nwith the kube cloud config is stored in `cloud.conf` key.\nAll the clients are expected to use the generated ConfigMap only.", - "properties": { - "key": { - "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", - "type": "string" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "platformSpec": { - "description": "platformSpec holds desired information specific to the underlying\ninfrastructure provider.", - "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "type": "object" - }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default\nservice endpoint of AWS Services.\nThere must be only one ServiceEndpoint for a service.", - "items": { - "description": "AWSServiceEndpoint store the configuration of a custom url to\noverride existing defaults of AWS Services.", - "properties": { - "name": { - "description": "name is the name of the AWS service.\nThe list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html\nThis must be provided and cannot be empty.", - "pattern": "^[a-z0-9-]+$", - "type": "string" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", - "pattern": "^https://", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "type": "object" - }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs list is required once set", - "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" - }, - { - "message": "ingressIPs list is required once set", - "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" - } - ] - }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "type": "object" - }, - "external": { - "description": "ExternalPlatformType represents generic infrastructure provider.\nPlatform-specific components should be supplemented separately.", - "properties": { - "platformName": { - "default": "Unknown", - "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.\nThis field is solely for informational and reporting purposes and is not expected to be used for decision-making.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "platform name cannot be changed once set", - "rule": "oldSelf == 'Unknown' || self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "type": "object" - }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "type": "object" - }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "type": "object" - }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "properties": { - "failureDomains": { - "description": "failureDomains configures failure domains information for the Nutanix platform.\nWhen set, the failure domains defined here may be used to spread Machines across\nprism element clusters to improve fault tolerance of the cluster.", - "items": { - "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", - "properties": { - "cluster": { - "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central),\nin which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained\nfrom the Prism Central console or using the prism_central API.", - "properties": { - "name": { - "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", - "type": "string" - }, - "type": { - "description": "type is the identifier type to use for this resource.", - "enum": [ - "UUID", - "Name" - ], - "type": "string" - }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "uuid configuration is required when type is UUID, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)" - }, - { - "message": "name configuration is required when type is Name, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)" - } - ] - }, - "name": { - "description": "name defines the unique name of a failure domain.\nName is required and must be at most 64 characters in length.\nIt must consist of only lower case alphanumeric characters and hyphens (-).\nIt must start and end with an alphanumeric character.\nThis value is arbitrary and is used to identify the failure domain within the platform.", - "maxLength": 64, - "minLength": 1, - "pattern": "[a-z0-9]([-a-z0-9]*[a-z0-9])?", - "type": "string" - }, - "subnets": { - "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets\nIf the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.\nfor the Machine's VM to connect to. The subnet identifiers (uuid or name) can be\nobtained from the Prism Central console or using the prism_central API.", - "items": { - "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", - "properties": { - "name": { - "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", - "type": "string" - }, - "type": { - "description": "type is the identifier type to use for this resource.", - "enum": [ - "UUID", - "Name" - ], - "type": "string" - }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "uuid configuration is required when type is UUID, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)" - }, - { - "message": "name configuration is required when type is Name, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)" - } - ] - }, - "maxItems": 1, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "cluster", - "name", - "subnets" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "prismCentral": { - "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central.\nWhen a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.\nShould you wish for communication with this endpoint not to be proxied, please add the endpoint to the\nproxy spec.noProxy list.", - "properties": { - "address": { - "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", - "maxLength": 256, - "type": "string" - }, - "port": { - "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "address", - "port" - ], - "type": "object" - }, - "prismElements": { - "description": "prismElements holds one or more endpoint address and port data to access the Nutanix\nPrism Elements (clusters) of the Nutanix Prism Central. Currently we only support one\nPrism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)\nused in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)\nspread over multiple Prism Elements (clusters) of the Prism Central.", - "items": { - "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", - "properties": { - "endpoint": { - "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster).\nWhen a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.\nShould you wish for communication with this endpoint not to be proxied, please add the endpoint to the\nproxy spec.noProxy list.", - "properties": { - "address": { - "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", - "maxLength": 256, - "type": "string" - }, - "port": { - "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "address", - "port" - ], - "type": "object" - }, - "name": { - "description": "name is the name of the Prism Element (cluster). This value will correspond with\nthe cluster field configured on other resources (eg Machines, PVCs, etc).", - "maxLength": 256, - "type": "string" - } - }, - "required": [ - "endpoint", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "prismCentral", - "prismElements" - ], - "type": "object" - }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs list is required once set", - "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" - }, - { - "message": "ingressIPs list is required once set", - "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" - } - ] - }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "type": "object" - }, - "powervs": { - "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", - "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of a Power VS service.", - "items": { - "description": "PowervsServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of PowerVS Services.", - "properties": { - "name": { - "description": "name is the name of the Power VS service.\nFew of the services are\nIAM - https://cloud.ibm.com/apidocs/iam-identity-token-api\nResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller\nPower Cloud - https://cloud.ibm.com/apidocs/power-cloud", - "enum": [ - "CIS", - "COS", - "COSConfig", - "DNSServices", - "GlobalCatalog", - "GlobalSearch", - "GlobalTagging", - "HyperProtect", - "IAM", - "KeyProtect", - "Power", - "ResourceController", - "ResourceManager", - "VPC" - ], - "type": "string" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", - "format": "uri", - "pattern": "^https://", - "type": "string" - } - }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This\nvalue controls whether infrastructure automation such as service load\nbalancers, dynamic volume provisioning, machine creation and deletion, and\nother integrations are enabled. If None, no infrastructure automation is\nenabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\",\n\"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\",\n\"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms,\nand must handle unrecognized platforms as None if they do not support that platform.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string" - }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "failureDomains": { - "description": "failureDomains contains the definition of region, zone and the vCenter topology.\nIf this is omitted failure domains (regions and zones) will not be used.", - "items": { - "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", - "properties": { - "name": { - "description": "name defines the arbitrary but unique name\nof a failure domain.", - "maxLength": 256, - "minLength": 1, - "type": "string" - }, - "region": { - "description": "region defines the name of a region tag that will\nbe attached to a vCenter datacenter. The tag\ncategory in vCenter must be named openshift-region.", - "maxLength": 80, - "minLength": 1, - "type": "string" - }, - "regionAffinity": { - "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster.\nWhen set to Datacenter, this means the region is a vCenter Datacenter as defined in topology.\nWhen set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", - "properties": { - "type": { - "description": "type determines the vSphere object type for a region within this failure domain.\nAvailable types are Datacenter and ComputeCluster.\nWhen set to Datacenter, this means the vCenter Datacenter defined is the region.\nWhen set to ComputeCluster, this means the vCenter cluster defined is the region.", - "enum": [ - "ComputeCluster", - "Datacenter" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", - "maxLength": 255, - "minLength": 1, - "type": "string" - }, - "topology": { - "description": "topology describes a given failure domain using vSphere constructs", - "properties": { - "computeCluster": { - "description": "computeCluster the absolute path of the vCenter cluster\nin which virtual machine will be located.\nThe absolute path is of the form //host/.\nThe maximum length of the path is 2048 characters.", - "maxLength": 2048, - "pattern": "^/.*?/host/.*?", - "type": "string" - }, - "datacenter": { - "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located.\nThe maximum length of the datacenter name is 80 characters.", - "maxLength": 80, - "type": "string" - }, - "datastore": { - "description": "datastore is the absolute path of the datastore in which the\nvirtual machine is located.\nThe absolute path is of the form //datastore/\nThe maximum length of the path is 2048 characters.", - "maxLength": 2048, - "pattern": "^/.*?/datastore/.*?", - "type": "string" - }, - "folder": { - "description": "folder is the absolute path of the folder where\nvirtual machines are located. The absolute path\nis of the form //vm/.\nThe maximum length of the path is 2048 characters.", - "maxLength": 2048, - "pattern": "^/.*?/vm/.*?", - "type": "string" - }, - "networks": { - "description": "networks is the list of port group network names within this failure domain.\nIf feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.\n10 is the maximum number of virtual network devices which may be attached to a VM as defined by:\nhttps://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`\nNetworks should be in the form of an absolute path:\n//network/.", - "items": { - "type": "string" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resourcePool": { - "description": "resourcePool is the absolute path of the resource pool where virtual machines will be\ncreated. The absolute path is of the form //host//Resources/.\nThe maximum length of the path is 2048 characters.", - "maxLength": 2048, - "pattern": "^/.*?/host/.*?/Resources.*", - "type": "string" - }, - "template": { - "description": "template is the full inventory path of the virtual machine or template\nthat will be cloned when creating new machines in this failure domain.\nThe maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane\nmachineset operator based on the region and zone defined in\nVSpherePlatformFailureDomainSpec.\nFor example, for zone=zonea, region=region1, and infrastructure name=test,\nthe template path would be calculated as //vm/test-rhcos-region1-zonea.", - "maxLength": 2048, - "minLength": 1, - "pattern": "^/.*?/vm/.*?", - "type": "string" - } - }, - "required": [ - "computeCluster", - "datacenter", - "datastore", - "networks" - ], - "type": "object" - }, - "zone": { - "description": "zone defines the name of a zone tag that will\nbe attached to a vCenter cluster. The tag\ncategory in vCenter must be named openshift-zone.", - "maxLength": 80, - "minLength": 1, - "type": "string" - }, - "zoneAffinity": { - "description": "zoneAffinity holds the type of the zone and the hostGroup which\nvmGroup and the hostGroup names in vCenter corresponds to\na vm-host group of type Virtual Machine and Host respectively. Is also\ncontains the vmHostRule which is an affinity vm-host rule in vCenter.", - "properties": { - "hostGroup": { - "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter\ncorresponds to a vm-host group of type Virtual Machine and Host respectively. Is also\ncontains the vmHostRule which is an affinity vm-host rule in vCenter.", - "properties": { - "hostGroup": { - "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain.\nhostGroup is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", - "maxLength": 80, - "minLength": 1, - "type": "string" - }, - "vmGroup": { - "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain.\nvmGroup is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", - "maxLength": 80, - "minLength": 1, - "type": "string" - }, - "vmHostRule": { - "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain.\nvmHostRule is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", - "maxLength": 80, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "hostGroup", - "vmGroup", - "vmHostRule" - ], - "type": "object" - }, - "type": { - "description": "type determines the vSphere object type for a zone within this failure domain.\nAvailable types are ComputeCluster and HostGroup.\nWhen set to ComputeCluster, this means the vCenter cluster defined is the zone.\nWhen set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and\nthis means the zone is defined by the grouping of those fields.", - "enum": [ - "HostGroup", - "ComputeCluster" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "hostGroup is required when type is HostGroup, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'HostGroup' ? has(self.hostGroup) : !has(self.hostGroup)" - } - ] - } - }, - "required": [ - "name", - "region", - "server", - "topology", - "zone" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", - "items": { - "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", - "maxLength": 39, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid IP address", - "rule": "isIP(self)" - } - ] - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" - } - ] - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "nodeNetworking": { - "description": "nodeNetworking contains the definition of internal and external network constraints for\nassigning the node's networking.\nIf this field is omitted, networking defaults to the legacy\naddress selection behavior which is to only support a single address and\nreturn the first one found.", - "properties": { - "external": { - "description": "external represents the network configuration of the node that is externally routable.", - "properties": { - "excludeNetworkSubnetCidr": { - "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting\nthe IP address from the VirtualMachine's VM for use in the status.addresses fields.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "network": { - "description": "network VirtualMachine's VM Network names that will be used to when searching\nfor status.addresses fields. Note that if internal.networkSubnetCIDR and\nexternal.networkSubnetCIDR are not set, then the vNIC associated to this network must\nonly have a single IP address assigned to it.\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`", - "type": "string" - }, - "networkSubnetCidr": { - "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs\nthat will be used in respective status.addresses fields.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "internal": { - "description": "internal represents the network configuration of the node that is routable only within the cluster.", - "properties": { - "excludeNetworkSubnetCidr": { - "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting\nthe IP address from the VirtualMachine's VM for use in the status.addresses fields.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "network": { - "description": "network VirtualMachine's VM Network names that will be used to when searching\nfor status.addresses fields. Note that if internal.networkSubnetCIDR and\nexternal.networkSubnetCIDR are not set, then the vNIC associated to this network must\nonly have a single IP address assigned to it.\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`", - "type": "string" - }, - "networkSubnetCidr": { - "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs\nthat will be used in respective status.addresses fields.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "vcenters": { - "description": "vcenters holds the connection details for services to communicate with vCenter.\nCurrently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.\nOnce the cluster has been installed, you are unable to change the current number of defined\nvCenters except in the case where the cluster has been upgraded from a version of OpenShift\nwhere the vsphere platform spec was not present. You may make modifications to the existing\nvCenters that are defined in the vcenters list in order to match with any added or modified\nfailure domains.", - "items": { - "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields.\nThis is used by the vSphere CCM.", - "properties": { - "datacenters": { - "description": "The vCenter Datacenters in which the RHCOS\nvm guests are located. This field will\nbe used by the Cloud Controller Manager.\nEach datacenter listed here should be used within\na topology.", - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "port": { - "description": "port is the TCP port that will be used to communicate to\nthe vCenter endpoint.\nWhen omitted, this means the user has no opinion and\nit is up to the platform to choose a sensible default,\nwhich is subject to change over time.", - "format": "int32", - "maximum": 32767, - "minimum": 1, - "type": "integer" - }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", - "maxLength": 255, - "type": "string" - } - }, - "required": [ - "datacenters", - "server" - ], - "type": "object" - }, - "maxItems": 3, - "minItems": 0, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "vcenters cannot be added or removed once set", - "rule": "size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs list is required once set", - "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" - }, - { - "message": "ingressIPs list is required once set", - "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" - }, - { - "message": "vcenters can have at most 1 item when configured post-install", - "rule": "!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "vcenters can have at most 1 item when configured post-install", - "rule": "!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true" - } - ] - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "apiServerInternalURI": { - "description": "apiServerInternalURL is a valid URI with scheme 'https',\naddress and optionally a port (defaulting to 443). apiServerInternalURL can be used by components\nlike kubelets, to contact the Kubernetes API server using the\ninfrastructure provider rather than Kubernetes networking.", - "type": "string" - }, - "apiServerURL": { - "description": "apiServerURL is a valid URI with scheme 'https', address and\noptionally a port (defaulting to 443). apiServerURL can be used by components like the web console\nto tell users where to find the Kubernetes API.", - "type": "string" - }, - "controlPlaneTopology": { - "default": "HighlyAvailable", - "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes.\nThe default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster.\nThe 'SingleReplica' mode will be used in single-node deployments\nand the operators should not configure the operand for highly-available operation\nThe 'External' mode indicates that the control plane is hosted externally to the cluster and that\nits components are not visible within the cluster.", - "enum": [ - "HighlyAvailable", - "SingleReplica", - "External" - ], - "type": "string" - }, - "cpuPartitioning": { - "default": "None", - "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.\nCPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.\nValid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\".\nThe default value of \"None\" indicates that no nodes will be setup with CPU partitioning.\nThe \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning,\nand can then be further configured via the PerformanceProfile API.", - "enum": [ - "None", - "AllNodes" - ], - "type": "string" - }, - "etcdDiscoveryDomain": { - "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering\netcd servers and clients.\nFor more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery\ndeprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", - "type": "string" - }, - "infrastructureName": { - "description": "infrastructureName uniquely identifies a cluster with a human friendly name.\nOnce set it should not be changed. Must be of max length 27 and must have only\nalphanumeric or hyphen characters.", - "type": "string" - }, - "infrastructureTopology": { - "default": "HighlyAvailable", - "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control\nplane nodes, usually indicated by a node selector for a `role` value\nother than `master`.\nThe default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster.\nThe 'SingleReplica' mode will be used in single-node deployments\nand the operators should not configure the operand for highly-available operation\nNOTE: External topology mode is not applicable for this field.", - "enum": [ - "HighlyAvailable", - "SingleReplica" - ], - "type": "string" - }, - "platform": { - "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string" - }, - "platformStatus": { - "description": "platformStatus holds status information specific to the underlying\ninfrastructure provider.", - "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "properties": { - "region": { - "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", - "pattern": "^[0-9A-Za-z-]+$", - "type": "string" - }, - "resourceGroupID": { - "description": "resourceGroupID is the ID of the resource group for the cluster.", - "pattern": "^(rg-[0-9A-Za-z]+)?$", - "type": "string" - }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", - "items": { - "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", - "properties": { - "key": { - "description": "key is the key of the tag.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "value": { - "description": "value is the value of the tag.", - "maxLength": 128, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "maxItems": 20, - "type": "array", - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "region" - ], - "type": "object" - }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "properties": { - "region": { - "description": "region holds the default AWS region for new AWS resources created by the cluster.", - "type": "string" - }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster.\nSee https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.\nAWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags\navailable for the user.", - "items": { - "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", - "properties": { - "key": { - "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.\nKey should consist of between 1 and 128 characters, and may\ncontain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", - "maxLength": 128, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid AWS resource tag key. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'", - "rule": "self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')" - } - ] - }, - "value": { - "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.\nValue should consist of between 1 and 256 characters, and may\ncontain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.\nSome AWS service do not support empty values. Since tags are added to resources in many services, the\nlength of the tag value must meet the requirements of all services.", - "maxLength": 256, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid AWS resource tag value. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'", - "rule": "self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')" - } - ] - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "maxItems": 25, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default\nservice endpoint of AWS Services.\nThere must be only one ServiceEndpoint for a service.", - "items": { - "description": "AWSServiceEndpoint store the configuration of a custom url to\noverride existing defaults of AWS Services.", - "properties": { - "name": { - "description": "name is the name of the AWS service.\nThe list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html\nThis must be provided and cannot be empty.", - "pattern": "^[a-z0-9-]+$", - "type": "string" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", - "pattern": "^https://", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "properties": { - "armEndpoint": { - "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", - "type": "string" - }, - "cloudName": { - "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK\nwith the appropriate Azure API endpoints.\nIf empty, the value is equal to `AzurePublicCloud`.", - "enum": [ - "", - "AzurePublicCloud", - "AzureUSGovernmentCloud", - "AzureChinaCloud", - "AzureGermanCloud", - "AzureStackCloud" - ], - "type": "string" - }, - "networkResourceGroupName": { - "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.\nIf empty, the value is same as ResourceGroupName.", - "type": "string" - }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", - "type": "string" - }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster.\nSee https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.\nDue to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags\nmay be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", - "items": { - "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", - "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key\nmust begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric\ncharacters and the following special characters `_ . -`.", - "maxLength": 128, - "minLength": 1, - "pattern": "^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$", - "type": "string" - }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value\nmust contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", - "maxLength": 256, - "minLength": 1, - "pattern": "^[0-9A-Za-z_.=+-@]+$", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "resourceTags are immutable and may only be configured during installation", - "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "resourceTags may only be configured during installation", - "rule": "!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)" - } - ] - }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "loadBalancer": { - "default": { - "type": "OpenShiftManagedDefault" - }, - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "properties": { - "type": { - "default": "OpenShiftManagedDefault", - "description": "type defines the type of load balancer used by the cluster on BareMetal platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", - "enum": [ - "OpenShiftManagedDefault", - "UserManaged" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "type is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nBareMetal deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", - "type": "string" - } - }, - "type": "object" - }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.", - "type": "string" - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "type": "string" - } - }, - "type": "object" - }, - "external": { - "description": "external contains settings specific to the generic External infrastructure provider.", - "properties": { - "cloudControllerManager": { - "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).\nWhen omitted, new nodes will be not tainted\nand no extra initialization from the cloud controller manager is expected.", - "properties": { - "state": { - "description": "state determines whether or not an external Cloud Controller Manager is expected to\nbe installed within the cluster.\nhttps://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted.\nWhen set to \"External\", new nodes will be tainted as uninitialized when created,\npreventing them from running workloads until they are initialized by the cloud controller manager.\nWhen omitted or set to \"None\", new nodes will be not tainted\nand no extra initialization from the cloud controller manager is expected.", - "enum": [ - "", - "External", - "None" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "state is immutable once set", - "rule": "self == oldSelf" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "state may not be added or removed once set", - "rule": "(has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != \"External\")" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "cloudControllerManager may not be added or removed once set", - "rule": "has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)" - } - ] - }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "properties": { - "projectID": { - "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "type": "string" - }, - "region": { - "description": "region holds the region for new GCP resources created for the cluster.", - "type": "string" - }, - "resourceLabels": { - "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.\nSee https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.\nGCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,\nallowing 32 labels for user configuration.", - "items": { - "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", - "properties": { - "key": { - "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.\nLabel key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,\nand the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`\nand `openshift-io`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-z][0-9a-z_-]{0,62}$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "label keys must not start with either `openshift-io` or `kubernetes-io`", - "rule": "!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')" - } - ] - }, - "value": { - "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.\nValue must contain only lowercase letters, numeric characters, and the following special characters `_-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[0-9a-z_-]{1,63}$", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "resourceLabels are immutable and may only be configured during installation", - "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" - } - ] - }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster.\nSee https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on\ntagging GCP resources. GCP supports a maximum of 50 tags per resource.", - "items": { - "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", - "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.\nTag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase\nalphanumeric characters, and the following special characters `._-`.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", - "type": "string" - }, - "parentID": { - "description": "parentID is the ID of the hierarchical resource where the tags are defined,\ne.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,\nand hyphens, and must start with a letter, and cannot end with a hyphen.", - "maxLength": 32, - "minLength": 1, - "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", - "type": "string" - }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.\nTag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase\nalphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", - "type": "string" - } - }, - "required": [ - "key", - "parentID", - "value" - ], - "type": "object" - }, - "maxItems": 50, - "type": "array", - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "resourceTags are immutable and may only be configured during installation", - "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "resourceLabels may only be configured during installation", - "rule": "!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)" - }, - { - "message": "resourceTags may only be configured during installation", - "rule": "!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)" - } - ] - }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing\nthe DNS zone for the cluster's base domain", - "type": "string" - }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone\nfor the cluster's base domain", - "type": "string" - }, - "location": { - "description": "location is where the cluster has been deployed", - "type": "string" - }, - "providerType": { - "description": "providerType indicates the type of cluster that was created", - "type": "string" - }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", - "type": "string" - }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of an IBM service. These endpoints are used by components\nwithin the cluster when trying to reach the IBM Cloud Services that have been\noverriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each\nendpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus\nare updated to reflect the same custom endpoints.", - "items": { - "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of IBM Cloud Services.", - "properties": { - "name": { - "description": "name is the name of the IBM Cloud service.\nPossible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.\nFor example, the IBM Cloud Private IAM service could be configured with the\nservice `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`\nWhereas the IBM Cloud Private VPC service for US South (Dallas) could be configured\nwith the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", - "enum": [ - "CIS", - "COS", - "COSConfig", - "DNSServices", - "GlobalCatalog", - "GlobalSearch", - "GlobalTagging", - "HyperProtect", - "IAM", - "KeyProtect", - "ResourceController", - "ResourceManager", - "VPC" - ], - "type": "string" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty. The path must follow the pattern\n/v[0,9]+ or /api/v[0,9]+", - "maxLength": 300, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "url must be a valid absolute URL", - "rule": "isURL(self)" - } - ] - } - }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.", - "type": "string" - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "type": "string" - } - }, - "type": "object" - }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "set", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "set", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "loadBalancer": { - "default": { - "type": "OpenShiftManagedDefault" - }, - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "properties": { - "type": { - "default": "OpenShiftManagedDefault", - "description": "type defines the type of load balancer used by the cluster on Nutanix platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", - "enum": [ - "OpenShiftManagedDefault", - "UserManaged" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "type is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "cloudName": { - "description": "cloudName is the name of the desired OpenStack cloud in the\nclient configuration file (`clouds.yaml`).", - "type": "string" - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "loadBalancer": { - "default": { - "type": "OpenShiftManagedDefault" - }, - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "properties": { - "type": { - "default": "OpenShiftManagedDefault", - "description": "type defines the type of load balancer used by the cluster on OpenStack platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", - "enum": [ - "OpenShiftManagedDefault", - "UserManaged" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "type is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nOpenStack deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", - "type": "string" - } - }, - "type": "object" - }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "set", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "set", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "loadBalancer": { - "default": { - "type": "OpenShiftManagedDefault" - }, - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "properties": { - "type": { - "default": "OpenShiftManagedDefault", - "description": "type defines the type of load balancer used by the cluster on Ovirt platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", - "enum": [ - "OpenShiftManagedDefault", - "UserManaged" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "type is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "nodeDNSIP": { - "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", - "type": "string" - } - }, - "type": "object" - }, - "powervs": { - "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", - "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing\nthe DNS zone for the cluster's base domain", - "type": "string" - }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone\nfor the cluster's base domain", - "type": "string" - }, - "region": { - "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", - "type": "string" - }, - "resourceGroup": { - "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster.\nThe resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.\nMore about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.\nWhen omitted, the image registry operator won't be able to configure storage,\nwhich results in the image registry cluster operator not being in an available state.", - "maxLength": 40, - "pattern": "^[a-zA-Z0-9-_ ]+$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "resourceGroup is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of a Power VS service.", - "items": { - "description": "PowervsServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of PowerVS Services.", - "properties": { - "name": { - "description": "name is the name of the Power VS service.\nFew of the services are\nIAM - https://cloud.ibm.com/apidocs/iam-identity-token-api\nResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller\nPower Cloud - https://cloud.ibm.com/apidocs/power-cloud", - "enum": [ - "CIS", - "COS", - "COSConfig", - "DNSServices", - "GlobalCatalog", - "GlobalSearch", - "GlobalTagging", - "HyperProtect", - "IAM", - "KeyProtect", - "Power", - "ResourceController", - "ResourceManager", - "VPC" - ], - "type": "string" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", - "format": "uri", - "pattern": "^https://", - "type": "string" - } - }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "zone": { - "description": "zone holds the default zone for the new Power VS resources created by the cluster.\nNote: Currently only single-zone OCP clusters are supported", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "cannot unset resourceGroup once set", - "rule": "!has(oldSelf.resourceGroup) || has(self.resourceGroup)" - } - ] - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This\nvalue controls whether infrastructure automation such as service load\nbalancers, dynamic volume provisioning, machine creation and deletion, and\nother integrations are enabled. If None, no infrastructure automation is\nenabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\",\n\"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\".\nIndividual components may not support all platforms, and must handle\nunrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`.\nCurrently this value cannot be changed once set.", - "enum": [ - "", - "AWS", - "Azure", - "BareMetal", - "GCP", - "Libvirt", - "OpenStack", - "None", - "VSphere", - "oVirt", - "IBMCloud", - "KubeVirt", - "EquinixMetal", - "PowerVS", - "AlibabaCloud", - "Nutanix", - "External" - ], - "type": "string" - }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", - "format": "ip", - "items": { - "type": "string" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", - "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" - } - ] - }, - "loadBalancer": { - "default": { - "type": "OpenShiftManagedDefault" - }, - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "properties": { - "type": { - "default": "OpenShiftManagedDefault", - "description": "type defines the type of load balancer used by the cluster on VSphere platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", - "enum": [ - "OpenShiftManagedDefault", - "UserManaged" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "type is immutable once set", - "rule": "oldSelf == '' || self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "value must be a valid CIDR network address", - "rule": "isCIDR(self)" - } - ] - }, - "maxItems": 32, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nvSphere deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec", - "kind", - "apiVersion" - ], - "type": "object", - "x-kubernetes-embedded-resource": true - }, - "internalRegistryPullSecret": { - "description": "internalRegistryPullSecret is the pull secret for the internal registry, used by\nrpm-ostree to pull images from the internal registry if present", - "format": "byte", - "nullable": true, - "type": "string" - }, - "ipFamilies": { - "description": "ipFamilies indicates the IP families in use by the cluster network", - "type": "string" - }, - "kubeAPIServerServingCAData": { - "description": "kubeAPIServerServingCAData managed Kubelet to API Server Cert... Rotated automatically", - "format": "byte", - "type": "string" - }, - "network": { - "description": "network contains additional network related information", - "nullable": true, - "properties": { - "mtuMigration": { - "description": "mtuMigration contains the MTU migration configuration.", - "nullable": true, - "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink.", - "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "to": { - "description": "to is the MTU to migrate to.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "network": { - "description": "network contains MTU migration configuration for the default network.", - "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "to": { - "description": "to is the MTU to migrate to.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "mtuMigration" - ], - "type": "object" - }, - "networkType": { - "description": "networkType holds the type of network the cluster is using\nXXX: this is temporary and will be dropped as soon as possible in favor of a better support\nto start network related services the proper way.\nNobody is also changing this once the cluster is up and running the first time, so, disallow\nregeneration if this changes.", - "type": "string" - }, - "osImageURL": { - "description": "osImageURL is the old-format container image that contains the OS update payload.", - "type": "string" - }, - "platform": { - "description": "platform is deprecated, use Infra.Status.PlatformStatus.Type instead", - "type": "string" - }, - "proxy": { - "description": "proxy holds the current proxy configuration for the nodes", - "nullable": true, - "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests.", - "type": "string" - }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", - "type": "string" - } - }, - "type": "object" - }, - "pullSecret": { - "description": "pullSecret is the default pull secret that needs to be installed\non all machines.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "releaseImage": { - "description": "releaseImage is the image used when installing the cluster", - "type": "string" - }, - "rootCAData": { - "description": "rootCAData specifies the root CA data", - "format": "byte", - "type": "string" - } - }, - "required": [ - "additionalTrustBundle", - "baseOSContainerImage", - "cloudProviderCAData", - "cloudProviderConfig", - "clusterDNSIP", - "dns", - "images", - "infra", - "ipFamilies", - "kubeAPIServerServingCAData", - "network", - "proxy", - "releaseImage", - "rootCAData" - ], - "type": "object" - }, - "status": { - "description": "status contains observed information about the controller config.", - "properties": { - "conditions": { - "description": "conditions represents the latest available observations of current state.", - "items": { - "description": "ControllerConfigStatusCondition contains condition information for ControllerConfigStatus", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status object.", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", - "type": "string" - }, - "reason": { - "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type specifies the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "controllerCertificates": { - "description": "controllerCertificates represents the latest available observations of the automatically rotating certificates in the MCO.", - "items": { - "description": "ControllerCertificate contains info about a specific cert.", - "properties": { - "bundleFile": { - "description": "bundleFile is the larger bundle a cert comes from", - "type": "string" - }, - "notAfter": { - "description": "notAfter is the upper boundary for validity", - "format": "date-time", - "type": "string" - }, - "notBefore": { - "description": "notBefore is the lower boundary for validity", - "format": "date-time", - "type": "string" - }, - "signer": { - "description": "signer is the cert Issuer", - "type": "string" - }, - "subject": { - "description": "subject is the cert subject", - "type": "string" - } - }, - "required": [ - "bundleFile", - "signer", - "subject" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "ControllerConfig", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/ControllerConfigList": { - "description": "ControllerConfigList is a list of ControllerConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of controllerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.ControllerConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "ControllerConfigList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/KubeletConfig": { - "description": "KubeletConfig describes a customized Kubelet configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec contains the desired kubelet configuration.", - "properties": { - "autoSizingReserved": { - "type": "boolean" - }, - "kubeletConfig": { - "description": "kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by\nOpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from\nupstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes\nfor the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "logLevel": { - "format": "int32", - "type": "integer" - }, - "machineConfigPoolSelector": { - "description": "machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to.\nA nil selector will result in no pools being selected.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tlsSecurityProfile": { - "description": "If unset, the default is based on the apiservers.config.openshift.io/cluster resource.\nNote that only Old and Intermediate profiles are currently supported, and\nthe maximum available minTLSVersion is VersionTLS12.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "status contains observed information about the kubelet configuration.", - "properties": { - "conditions": { - "description": "conditions represents the latest available observations of current state.", - "items": { - "description": "KubeletConfigCondition defines the state of the KubeletConfig", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status object.", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", - "type": "string" - }, - "reason": { - "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "type specifies the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation observed by the controller.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "KubeletConfig", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/KubeletConfigList": { - "description": "KubeletConfigList is a list of KubeletConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of kubeletconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.KubeletConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "KubeletConfigList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfig": { - "description": "MachineConfig defines the configuration for a machine\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "MachineConfigSpec is the spec for MachineConfig", - "properties": { - "baseOSExtensionsContainerImage": { - "description": "baseOSExtensionsContainerImage specifies the remote location that will be used\nto fetch the extensions container matching a new-format OS image", - "type": "string" - }, - "config": { - "description": "config is a Ignition Config object.", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "extensions": { - "description": "extensions contains a list of additional features that can be enabled on host", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "fips": { - "description": "fips controls FIPS mode", - "type": "boolean" - }, - "kernelArguments": { - "description": "kernelArguments contains a list of kernel arguments to be added", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "kernelType": { - "description": "kernelType contains which kernel we want to be running like default\n(traditional), realtime, 64k-pages (aarch64 only).", - "type": "string" - }, - "osImageURL": { - "description": "osImageURL specifies the remote location that will be used to\nfetch the OS.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfig", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfigList": { - "description": "MachineConfigList is a list of MachineConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfigList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfigNode": { - "description": "MachineConfigNode describes the health of the Machines on the system\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the configuration of the machine config node.", - "properties": { - "configVersion": { - "description": "configVersion holds the desired config version for the node targeted by this machine config node resource.\nThe desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates\nthe new machine config against the current machine config.", - "properties": { - "desired": { - "description": "desired is the name of the machine config that the the node should be upgraded to.\nThis value is set when the machine config pool generates a new version of its rendered configuration.\nWhen this value is changed, the machine config daemon starts the node upgrade process.\nThis value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "desired" - ], - "type": "object" - }, - "node": { - "description": "node contains a reference to the node for this machine config node.", - "properties": { - "name": { - "description": "name is the name of the object being referenced. For example, this can represent a machine\nconfig pool or node name.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "pool": { - "description": "pool contains a reference to the machine config pool that this machine config node's\nreferenced node belongs to.", - "properties": { - "name": { - "description": "name is the name of the object being referenced. For example, this can represent a machine\nconfig pool or node name.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - } - }, - "required": [ - "configVersion", - "node", - "pool" - ], - "type": "object" - }, - "status": { - "description": "status describes the last observed state of this machine config node.", - "properties": { - "conditions": { - "description": "conditions represent the observations of a machine config node's current state. Valid types are:\nUpdatePrepared, UpdateExecuted, UpdatePostActionComplete, UpdateComplete, Updated, Resumed,\nDrained, AppliedFilesAndOS, Cordoned, Uncordoned, RebootedNode, NodeDegraded, PinnedImageSetsProgressing,\nand PinnedImageSetsDegraded.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 20, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "configVersion": { - "description": "configVersion describes the current and desired machine config version for this node.", - "properties": { - "current": { - "description": "current is the name of the machine config currently in use on the node.\nThis value is updated once the machine config daemon has completed the update of the configuration for the node.\nThis value should match the desired version unless an upgrade is in progress.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "desired": { - "description": "desired is the MachineConfig the node wants to upgrade to.\nThis value gets set in the machine config node status once the machine config has been validated\nagainst the current machine config.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "desired" - ], - "type": "object" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller.\nThis field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", - "format": "int64", - "minimum": 1, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "observedGeneration must not decrease", - "rule": "self >= oldSelf" - } - ] - }, - "pinnedImageSets": { - "description": "pinnedImageSets describes the current and desired pinned image sets for this node.", - "items": { - "description": "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", - "properties": { - "currentGeneration": { - "description": "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", - "format": "int32", - "minimum": 1, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "currentGeneration must not decrease", - "rule": "self >= oldSelf" - } - ] - }, - "desiredGeneration": { - "description": "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", - "format": "int32", - "minimum": 1, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "desiredGeneration must not decrease", - "rule": "self >= oldSelf" - } - ] - }, - "lastFailedGeneration": { - "description": "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", - "format": "int32", - "minimum": 1, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "lastFailedGeneration must not decrease", - "rule": "self >= oldSelf" - } - ] - }, - "lastFailedGenerationError": { - "description": "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned.\nThe error is an empty string if the image pull and pin is successful.", - "maxLength": 32768, - "type": "string" - }, - "name": { - "description": "name is the name of the pinned image set.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "desired generation must be greater than or equal to the current generation", - "rule": "has(self.desiredGeneration) && has(self.currentGeneration) ? self.desiredGeneration >= self.currentGeneration : true" - }, - { - "message": "desired generation must be greater than or equal to the last failed generation", - "rule": "has(self.lastFailedGeneration) && has(self.desiredGeneration) ? self.desiredGeneration >= self.lastFailedGeneration : true" - }, - { - "message": "last failed generation error must be defined on image pull and pin failure", - "rule": "has(self.lastFailedGeneration) ? has(self.lastFailedGenerationError) : true" - } - ] - }, - "maxItems": 100, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfigNode", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfigNodeList": { - "description": "MachineConfigNodeList is a list of MachineConfigNode", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineconfignodes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfigNode" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfigNodeList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfigPool": { - "description": "MachineConfigPool describes a pool of MachineConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec contains the desired machine config pool configuration.", - "properties": { - "configuration": { - "description": "The targeted MachineConfig object for the machine config pool.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "source": { - "description": "source is the list of MachineConfig objects that were used to generate the single MachineConfig object specified in `content`.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "machineConfigSelector": { - "description": "machineConfigSelector specifies a label selector for MachineConfigs.\nRefer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "maxUnavailable defines either an integer number or percentage\nof nodes in the pool that can go Unavailable during an update.\nThis includes nodes Unavailable for any reason, including user\ninitiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during\nthe update, which may affect your workload stress on the remaining nodes.\nYou cannot set this value to 0 to stop updates (it will default back to 1);\nto stop updates, use the 'paused' property instead. Drain will respect\nPod Disruption Budgets (PDBs) such as etcd quorum guards, even if\nmaxUnavailable is greater than one.", - "x-kubernetes-int-or-string": true - }, - "nodeSelector": { - "description": "nodeSelector specifies a label selector for Machines", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "paused": { - "description": "paused specifies whether or not changes to this machine config pool should be stopped.\nThis includes generating new desiredMachineConfig and update of machines.", - "type": "boolean" - }, - "pinnedImageSets": { - "description": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the\npool. Nodes within this pool will preload and pin images defined in the\nPinnedImageSet. Before pulling images the MachineConfigDaemon will ensure\nthe total uncompressed size of all the images does not exceed available\nresources. If the total size of the images exceeds the available\nresources the controller will report a Degraded status to the\nMachineConfigPool and not attempt to pull any images. Also to help ensure\nthe kubelet can mitigate storage risk, the pinned_image configuration and\nsubsequent service reload will happen only after all of the images have\nbeen pulled for each set. Images from multiple PinnedImageSets are loaded\nand pinned sequentially as listed. Duplicate and existing images will be\nskipped.\n\nAny failure to prefetch or pin images will result in a Degraded pool.\nResolving these failures is the responsibility of the user. The admin\nshould be proactive in ensuring adequate storage and proper image\nauthentication exists in advance.", - "items": { - "properties": { - "name": { - "description": "name is a reference to the name of a PinnedImageSet. Must adhere to\nRFC-1123 (https://tools.ietf.org/html/rfc1123).\nMade up of one of more period-separated (.) segments, where each segment\nconsists of alphanumeric characters and hyphens (-), must begin and end\nwith an alphanumeric character, and is at most 63 characters in length.\nThe total length of the name must not exceed 253 characters.", - "maxLength": 253, - "minLength": 1, - "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 100, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "status": { - "description": "status contains observed information about the machine config pool.", - "properties": { - "certExpirys": { - "description": "certExpirys keeps track of important certificate expiration data", - "items": { - "description": "ceryExpiry contains the bundle name and the expiry date", - "properties": { - "bundle": { - "description": "bundle is the name of the bundle in which the subject certificate resides", - "type": "string" - }, - "expiry": { - "description": "expiry is the date after which the certificate will no longer be valid", - "format": "date-time", - "type": "string" - }, - "subject": { - "description": "subject is the subject of the certificate", - "type": "string" - } - }, - "required": [ - "bundle", - "subject" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "conditions": { - "description": "conditions represents the latest available observations of current state.", - "items": { - "description": "MachineConfigPoolCondition contains condition information for an MachineConfigPool.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the timestamp corresponding to the last status\nchange of this condition.", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "description": "message is a human readable description of the details of the last\ntransition, complementing reason.", - "type": "string" - }, - "reason": { - "description": "reason is a brief machine readable explanation for the condition's last\ntransition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of ('True', 'False', 'Unknown').", - "type": "string" - }, - "type": { - "description": "type of the condition, currently ('Done', 'Updating', 'Failed').", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "configuration": { - "description": "configuration represents the current MachineConfig object for the machine config pool.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "source": { - "description": "source is the list of MachineConfig objects that were used to generate the single MachineConfig object specified in `content`.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "degradedMachineCount": { - "description": "degradedMachineCount represents the total number of machines marked degraded (or unreconcilable).\nA node is marked degraded if applying a configuration failed..", - "format": "int32", - "type": "integer" - }, - "machineCount": { - "description": "machineCount represents the total number of machines in the machine config pool.", - "format": "int32", - "type": "integer" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation observed by the controller.", - "format": "int64", - "type": "integer" - }, - "poolSynchronizersStatus": { - "description": "poolSynchronizersStatus is the status of the machines managed by the pool synchronizers.", - "items": { - "properties": { - "availableMachineCount": { - "description": "availableMachineCount is the number of machines managed by the node synchronizer which are available.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "machineCount": { - "description": "machineCount is the number of machines that are managed by the node synchronizer.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change that has been applied.", - "format": "int64", - "minimum": 0, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "observedGeneration must not move backwards except to zero", - "rule": "self >= oldSelf || (self == 0 && oldSelf > 0)" - } - ] - }, - "poolSynchronizerType": { - "description": "poolSynchronizerType describes the type of the pool synchronizer.", - "enum": [ - "PinnedImageSets" - ], - "maxLength": 256, - "type": "string" - }, - "readyMachineCount": { - "description": "readyMachineCount is the number of machines managed by the node synchronizer that are in a ready state.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "unavailableMachineCount": { - "description": "unavailableMachineCount is the number of machines managed by the node synchronizer but are unavailable.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "updatedMachineCount": { - "description": "updatedMachineCount is the number of machines that have been updated by the node synchronizer.", - "format": "int64", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "availableMachineCount", - "machineCount", - "poolSynchronizerType", - "readyMachineCount", - "unavailableMachineCount", - "updatedMachineCount" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "machineCount must be greater than or equal to updatedMachineCount", - "rule": "self.machineCount >= self.updatedMachineCount" - }, - { - "message": "machineCount must be greater than or equal to availableMachineCount", - "rule": "self.machineCount >= self.availableMachineCount" - }, - { - "message": "machineCount must be greater than or equal to unavailableMachineCount", - "rule": "self.machineCount >= self.unavailableMachineCount" - }, - { - "message": "machineCount must be greater than or equal to readyMachineCount", - "rule": "self.machineCount >= self.readyMachineCount" - }, - { - "message": "availableMachineCount must be greater than or equal to readyMachineCount", - "rule": "self.availableMachineCount >= self.readyMachineCount" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "poolSynchronizerType" - ], - "x-kubernetes-list-type": "map" - }, - "readyMachineCount": { - "description": "readyMachineCount represents the total number of ready machines targeted by the pool.", - "format": "int32", - "type": "integer" - }, - "unavailableMachineCount": { - "description": "unavailableMachineCount represents the total number of unavailable (non-ready) machines targeted by the pool.\nA node is marked unavailable if it is in updating state or NodeReady condition is false.", - "format": "int32", - "type": "integer" - }, - "updatedMachineCount": { - "description": "updatedMachineCount represents the total number of machines targeted by the pool that have the CurrentMachineConfig as their config.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfigPool", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineConfigPoolList": { - "description": "MachineConfigPoolList is a list of MachineConfigPool", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineconfigpools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfigPool" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineConfigPoolList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineOSBuild": { - "description": "MachineOSBuild describes a build process managed and deployed by the MCO\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the configuration of the machine os build.\nIt is immutable once set.", - "properties": { - "machineConfig": { - "description": "machineConfig points to the rendered MachineConfig resource to be included in this image build.", - "properties": { - "name": { - "description": "name is the name of the rendered MachineConfig object.\nThis value should be between 10 and 253 characters, and must contain only lowercase\nalphanumeric characters, hyphens and periods, and should start and end with an alphanumeric character.", - "maxLength": 253, - "minLength": 10, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "machineOSConfig": { - "description": "machineOSConfig references the MachineOSConfig resource that this image build extends.", - "properties": { - "name": { - "description": "name of the MachineOSConfig.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", - "maxLength": 253, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "renderedImagePushSpec": { - "description": "renderedImagePushSpec is set by the Machine Config Operator from the MachineOSConfig object this build is attached to.\nThis field describes the location of the final image, which will be pushed by the build once complete.\nThe format of the image push spec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name:.\nThe length of the push spec must be between 1 to 447 characters.", - "maxLength": 447, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Or it must be a valid .svc followed by a port, repository, image name, and tag.", - "rule": "self.matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_]{1,61})*/[a-zA-Z0-9-_.]+:[a-zA-Z0-9._-]+$') || self.matches('^[^.]+\\\\.[^.]+\\\\.svc:\\\\d+\\\\/[^\\\\/]+\\\\/[^\\\\/]+:[^\\\\/]+$')" - } - ] - } - }, - "required": [ - "machineConfig", - "machineOSConfig", - "renderedImagePushSpec" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "machineOSBuildSpec is immutable once set", - "rule": "self == oldSelf" - } - ] - }, - "status": { - "description": "status describes the last observed state of this machine os build.", - "properties": { - "buildEnd": { - "description": "buildEnd is the timestamp corresponding to completion of the builder backend.\nWhen omitted the build has either not been started, or is in progress.\nIt will be populated once the build completes, fails or is interrupted.", - "format": "date-time", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "buildEnd is immutable once set", - "rule": "self == oldSelf" - } - ] - }, - "buildStart": { - "description": "buildStart is the timestamp corresponding to the build controller initiating the build backend for this MachineOSBuild.", - "format": "date-time", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "buildStart is immutable once set", - "rule": "self == oldSelf" - } - ] - }, - "builder": { - "description": "builder describes the image builder backend used for this build.", - "properties": { - "imageBuilderType": { - "description": "imageBuilderType describes the type of image builder used to build this image.\nValid values are Job only.\nWhen set to Job, a pod based builder, using buildah, is launched to build the specified image.", - "type": "string" - }, - "job": { - "description": "job is a reference to the job object that is managing the image build.\nThis is required if the imageBuilderType is Job, and forbidden otherwise.", - "properties": { - "group": { - "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "name": { - "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", - "maxLength": 253, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "namespace": { - "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the value must consist of only lowercase alphanumeric characters and hyphens", - "rule": "!format.dns1123Label().validate(self).hasValue()" - } - ] - }, - "resource": { - "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", - "rule": "!format.dns1035Label().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "group", - "name", - "resource" - ], - "type": "object" - } - }, - "required": [ - "imageBuilderType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "job is required when imageBuilderType is Job, and forbidden otherwise", - "rule": "has(self.imageBuilderType) && self.imageBuilderType == 'Job' ? has(self.job) : !has(self.job)" - } - ] - }, - "conditions": { - "description": "conditions are state related conditions for the build. Valid types are:\nPrepared, Building, Failed, Interrupted, and Succeeded.\nOnce a Build is marked as Failed, Interrupted or Succeeded, no future conditions can be set.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "maxItems": 8, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "once a Failed condition is set, conditions are immutable", - "rule": "oldSelf.exists(x, x.type=='Failed' && x.status=='True') ? self==oldSelf : true" - }, - { - "message": "once an Interrupted condition is set, conditions are immutable", - "rule": "oldSelf.exists(x, x.type=='Interrupted' && x.status=='True') ? self==oldSelf : true" - }, - { - "message": "once an Succeeded condition is set, conditions are immutable", - "rule": "oldSelf.exists(x, x.type=='Succeeded' && x.status=='True') ? self==oldSelf : true" - } - ] - }, - "digestedImagePushSpec": { - "description": "digestedImagePushSpec describes the fully qualified push spec produced by this build.\nThe format of the push spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", - "maxLength": 447, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", - "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" - }, - { - "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", - "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" - } - ] - }, - "relatedObjects": { - "description": "relatedObjects is a list of references to ephemeral objects such as ConfigMaps or Secrets that are meant to be consumed while the build process runs.\nAfter a successful build or when this MachineOSBuild is deleted, these ephemeral objects will be removed.\nIn the event of a failed build, the objects will remain until the build is removed to allow for inspection.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "group": { - "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "name": { - "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", - "maxLength": 253, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "namespace": { - "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the value must consist of only lowercase alphanumeric characters and hyphens", - "rule": "!format.dns1123Label().validate(self).hasValue()" - } - ] - }, - "resource": { - "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", - "rule": "!format.dns1035Label().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "group", - "name", - "resource" - ], - "type": "object" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name", - "resource" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "buildEnd must be after buildStart", - "rule": "has(self.buildEnd) ? has(self.buildStart) && timestamp(self.buildStart) < timestamp(self.buildEnd) : true" - } - ] - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineOSBuild", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineOSBuildList": { - "description": "MachineOSBuildList is a list of MachineOSBuild", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineosbuilds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineOSBuild" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineOSBuildList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineOSConfig": { - "description": "MachineOSConfig describes the configuration for a build process managed by the MCO\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the configuration of the machineosconfig", - "properties": { - "baseImagePullSecret": { - "description": "baseImagePullSecret is the secret used to pull the base image.\nMust live in the openshift-machine-config-operator namespace if provided.\nDefaults to using the cluster-wide pull secret if not specified. This is provided during install time of the cluster, and lives in the openshift-config namespace as a secret.", - "properties": { - "name": { - "description": "name is the name of the secret used to push or pull this MachineOSConfig object.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nThis secret must be in the openshift-machine-config-operator namespace.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "containerFile": { - "description": "containerFile describes the custom data the user has specified to build into the image.\nThis is also commonly called a Dockerfile and you can treat it as such. The content is the content of your Dockerfile.\nSee https://github.com/containers/common/blob/main/docs/Containerfile.5.md for the spec reference.\nThis is a list indexed by architecture name (e.g. AMD64), and allows specifying one containerFile per arch, up to 4.", - "items": { - "description": "MachineOSContainerfile contains all custom content the user wants built into the image", - "properties": { - "containerfileArch": { - "default": "NoArch", - "description": "containerfileArch describes the architecture this containerfile is to be built for.\nThis arch is optional. If the user does not specify an architecture, it is assumed\nthat the content can be applied to all architectures, or in a single arch cluster: the only architecture.", - "enum": [ - "ARM64", - "AMD64", - "PPC64LE", - "S390X", - "NoArch" - ], - "type": "string" - }, - "content": { - "description": "content is an embedded Containerfile/Dockerfile that defines the contents to be built into your image.\nSee https://github.com/containers/common/blob/main/docs/Containerfile.5.md for the spec reference.\nfor example, this would add the tree package to your hosts:\n FROM configs AS final\n RUN rpm-ostree install tree && \\\n ostree container commit\nThis is a required field and can have a maximum length of **4096** characters.", - "maxLength": 4096, - "type": "string" - } - }, - "required": [ - "content" - ], - "type": "object" - }, - "maxItems": 4, - "minItems": 0, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerfileArch" - ], - "x-kubernetes-list-type": "map" - }, - "imageBuilder": { - "description": "imageBuilder describes which image builder will be used in each build triggered by this MachineOSConfig.\nCurrently supported type(s): Job", - "properties": { - "imageBuilderType": { - "description": "imageBuilderType specifies the backend to be used to build the image.\nValid options are: Job", - "enum": [ - "Job" - ], - "type": "string" - } - }, - "required": [ - "imageBuilderType" - ], - "type": "object" - }, - "machineConfigPool": { - "description": "machineConfigPool is the pool which the build is for.\nThe Machine Config Operator will perform the build and roll out the built image to the specified pool.", - "properties": { - "name": { - "description": "name of the MachineConfigPool object.\nThis value should be at most 253 characters, and must contain only lowercase\nalphanumeric characters, hyphens and periods, and should start and end with an alphanumeric character.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "renderedImagePushSecret": { - "description": "renderedImagePushSecret is the secret used to connect to a user registry.\nThe final image push and pull secrets should be separate and assume the principal of least privilege.\nThe push secret with write privilege is only required to be present on the node hosting the MachineConfigController pod.\nThe pull secret with read only privileges is required on all nodes.\nBy separating the two secrets, the risk of write credentials becoming compromised is reduced.", - "properties": { - "name": { - "description": "name is the name of the secret used to push or pull this MachineOSConfig object.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nThis secret must be in the openshift-machine-config-operator namespace.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "renderedImagePushSpec": { - "description": "renderedImagePushSpec describes the location of the final image.\nThe MachineOSConfig object will use the in cluster image registry configuration.\nIf you wish to use a mirror or any other settings specific to registries.conf, please specify those in the cluster wide registries.conf via the cluster image.config, ImageContentSourcePolicies, ImageDigestMirrorSet, or ImageTagMirrorSet objects.\nThe format of the image push spec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name:.\nThe length of the push spec must be between 1 to 447 characters.", - "maxLength": 447, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Or it must be a valid .svc followed by a port, repository, image name, and tag.", - "rule": "self.matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_]{1,61})*/[a-zA-Z0-9-_.]+:[a-zA-Z0-9._-]+$') || self.matches('^[^.]+\\\\.[^.]+\\\\.svc:\\\\d+\\\\/[^\\\\/]+\\\\/[^\\\\/]+:[^\\\\/]+$')" - } - ] - } - }, - "required": [ - "imageBuilder", - "machineConfigPool", - "renderedImagePushSecret", - "renderedImagePushSpec" - ], - "type": "object" - }, - "status": { - "description": "status describes the status of the machineosconfig", - "properties": { - "conditions": { - "description": "conditions are state related conditions for the object.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentImagePullSpec": { - "description": "currentImagePullSpec is the fully qualified image pull spec used by the MCO to pull down the new OSImage. This includes the sha256 image digest.\nThis is generated when the Machine Config Operator's build controller successfully completes the build, and is populated from the corresponding\nMachineOSBuild object's FinalImagePushSpec. This may change after completion in reaction to spec changes that would cause a new image build,\nbut will not be removed.\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", - "maxLength": 447, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", - "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" - }, - { - "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", - "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" - } - ] - }, - "machineOSBuild": { - "description": "machineOSBuild is a reference to the MachineOSBuild object for this MachineOSConfig, which contains the status for the image build.", - "properties": { - "group": { - "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "name": { - "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", - "maxLength": 253, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - }, - "namespace": { - "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the value must consist of only lowercase alphanumeric characters and hyphens", - "rule": "!format.dns1123Label().validate(self).hasValue()" - } - ] - }, - "resource": { - "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "maxLength": 63, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", - "rule": "!format.dns1035Label().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "group", - "name", - "resource" - ], - "type": "object" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation of the MachineOSConfig object observed by the Machine Config Operator's build controller.", - "format": "int64", - "minimum": 0, - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "observedGeneration must not move backwards", - "rule": "self >= oldSelf" - } - ] - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineOSConfig", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/MachineOSConfigList": { - "description": "MachineOSConfigList is a list of MachineOSConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineosconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineOSConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "MachineOSConfigList", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/PinnedImageSet": { - "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and\npulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the configuration of this pinned image set.", - "properties": { - "pinnedImages": { - "description": "pinnedImages is a list of OCI Image referenced by digest that should be\npinned and pre-loaded by the nodes of a MachineConfigPool.\nTranslates into a new file inside the /etc/crio/crio.conf.d directory\nwith content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nImage references must be by digest.\nA maximum of 500 images may be specified.", - "items": { - "description": "PinnedImageRef represents a reference to an OCI image", - "properties": { - "name": { - "description": "name is an OCI Image referenced by digest.\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", - "maxLength": 447, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", - "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" - }, - { - "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", - "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 500, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "pinnedImages" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "PinnedImageSet", - "version": "v1" - } - ] - }, - "machineconfiguration.openshift.io/v1/PinnedImageSetList": { - "description": "PinnedImageSetList is a list of PinnedImageSet", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of pinnedimagesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.PinnedImageSet" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "machineconfiguration.openshift.io", - "kind": "PinnedImageSetList", - "version": "v1" - } - ] - }, - "metal3.io/v1alpha1/BMCEventSubscription": { - "description": "BMCEventSubscription is the Schema for the fast eventing API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "context": { - "description": "Arbitrary user-provided context for the event", - "type": "string" - }, - "destination": { - "description": "A webhook URL to send events to", - "type": "string" - }, - "hostName": { - "description": "A reference to a BareMetalHost", - "type": "string" - }, - "httpHeadersRef": { - "description": "A secret containing HTTP headers which should be passed along to the Destination\nwhen making a request", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "status": { - "properties": { - "error": { - "type": "string" - }, - "subscriptionID": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "BMCEventSubscription", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/BMCEventSubscriptionList": { - "description": "BMCEventSubscriptionList is a list of BMCEventSubscription", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of bmceventsubscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.BMCEventSubscription" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "BMCEventSubscriptionList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/BareMetalHost": { - "description": "BareMetalHost is the Schema for the baremetalhosts API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "BareMetalHostSpec defines the desired state of BareMetalHost.", - "properties": { - "architecture": { - "description": "CPU architecture of the host, e.g. \"x86_64\" or \"aarch64\". If unset,\neventually populated by inspection.", - "type": "string" - }, - "automatedCleaningMode": { - "default": "metadata", - "description": "When set to disabled, automated cleaning will be skipped\nduring provisioning and deprovisioning.", - "enum": [ - "metadata", - "disabled" - ], - "type": "string" - }, - "bmc": { - "description": "How do we connect to the BMC (Baseboard Management Controller) on\nthe host?", - "properties": { - "address": { - "description": "Address holds the URL for accessing the controller on the network.\nThe scheme part designates the driver to use with the host.", - "type": "string" - }, - "credentialsName": { - "description": "The name of the secret containing the BMC credentials (requires\nkeys \"username\" and \"password\").", - "type": "string" - }, - "disableCertificateVerification": { - "description": "DisableCertificateVerification disables verification of server\ncertificates when using HTTPS to connect to the BMC. This is\nrequired when the server certificate is self-signed, but is\ninsecure because it allows a man-in-the-middle to intercept the\nconnection.", - "type": "boolean" - } - }, - "required": [ - "address", - "credentialsName" - ], - "type": "object" - }, - "bootMACAddress": { - "description": "The MAC address of the NIC used for provisioning the host. In case\nof network boot, this is the MAC address of the PXE booting\ninterface. The MAC address of the BMC must never be used here!", - "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", - "type": "string" - }, - "bootMode": { - "description": "Select the method of initializing the hardware during boot.\nDefaults to UEFI. Legacy boot should only be used for hardware that\ndoes not support UEFI correctly. Set to UEFISecureBoot to turn\nsecure boot on automatically after provisioning.", - "enum": [ - "UEFI", - "UEFISecureBoot", - "legacy" - ], - "type": "string" - }, - "consumerRef": { - "description": "ConsumerRef can be used to store information about something\nthat is using a host. When it is not empty, the host is\nconsidered \"in use\". The common use case is a link to a Machine\nresource when the host is used by Cluster API.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "customDeploy": { - "description": "A custom deploy procedure. This is an advanced feature that allows\nusing a custom deploy step provided by a site-specific deployment\nramdisk. Most users will want to use \"image\" instead. Setting this\nfield triggers provisioning.", - "properties": { - "method": { - "description": "Custom deploy method name.\nThis name is specific to the deploy ramdisk used. If you don't have\na custom deploy ramdisk, you shouldn't use CustomDeploy.", - "type": "string" - } - }, - "required": [ - "method" - ], - "type": "object" - }, - "description": { - "description": "Description is a human-entered text used to help identify the host.", - "type": "string" - }, - "disablePowerOff": { - "description": "When set to true, power off of the node will be disabled,\ninstead, a reboot will be used in place of power on/off", - "type": "boolean" - }, - "externallyProvisioned": { - "description": "ExternallyProvisioned means something else has provisioned the\nimage running on the host, and the operator should only manage\nthe power status. This field is used for integration with already\nprovisioned hosts and when pivoting hosts between clusters. If\nunsure, leave this field as false.", - "type": "boolean" - }, - "firmware": { - "description": "Firmware (BIOS) configuration for bare metal server. If set, the\nrequested settings will be applied before the host is provisioned.\nOnly some vendor drivers support this field. An alternative is to\nuse HostFirmwareSettings resources that allow changing arbitrary\nvalues and support the generic Redfish-based drivers.", - "properties": { - "simultaneousMultithreadingEnabled": { - "description": "Allows a single physical processor core to appear as several logical processors.", - "enum": [ - true, - false - ], - "type": "boolean" - }, - "sriovEnabled": { - "description": "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.", - "enum": [ - true, - false - ], - "type": "boolean" - }, - "virtualizationEnabled": { - "description": "Supports the virtualization of platform hardware.", - "enum": [ - true, - false - ], - "type": "boolean" - } - }, - "type": "object" - }, - "hardwareProfile": { - "description": "What is the name of the hardware profile for this host?\nHardware profiles are deprecated and should not be used.\nUse the separate fields Architecture and RootDeviceHints instead.\nSet to \"empty\" to prepare for the future version of the API\nwithout hardware profiles.", - "type": "string" - }, - "image": { - "description": "Image holds the details of the image to be provisioned. Populating\nthe image will cause the host to start provisioning.", - "properties": { - "checksum": { - "description": "Checksum is the checksum for the image. Required for all formats\nexcept for \"live-iso\".", - "type": "string" - }, - "checksumType": { - "description": "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.\nThe special value \"auto\" can be used to detect the algorithm from the checksum.\nIf missing, MD5 is used. If in doubt, use \"auto\".", - "enum": [ - "md5", - "sha256", - "sha512", - "auto" - ], - "type": "string" - }, - "format": { - "description": "Format contains the format of the image (raw, qcow2, ...).\nWhen set to \"live-iso\", an ISO 9660 image referenced by the url will\nbe live-booted and not deployed to disk.", - "enum": [ - "raw", - "qcow2", - "vdi", - "vmdk", - "live-iso" - ], - "type": "string" - }, - "url": { - "description": "URL is a location of an image to deploy.", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "metaData": { - "description": "MetaData holds the reference to the Secret containing host metadata\nwhich is passed to the Config Drive. By default, metadata will be\ngenerated for the host, so most users do not need to set this field.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "networkData": { - "description": "NetworkData holds the reference to the Secret containing network\nconfiguration which is passed to the Config Drive and interpreted\nby the first boot software such as cloud-init.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "online": { - "description": "Should the host be powered on? If the host is currently in a stable\nstate (e.g. provisioned), its power state will be forced to match\nthis value.", - "type": "boolean" - }, - "preprovisioningNetworkDataName": { - "description": "PreprovisioningNetworkDataName is the name of the Secret in the\nlocal namespace containing network configuration which is passed to\nthe preprovisioning image, and to the Config Drive if not overridden\nby specifying NetworkData.", - "type": "string" - }, - "raid": { - "description": "RAID configuration for bare metal server. If set, the RAID settings\nwill be applied before the host is provisioned. If not, the current\nsettings will not be modified. Only one of the sub-fields\nhardwareRAIDVolumes and softwareRAIDVolumes can be set at the same\ntime.", - "properties": { - "hardwareRAIDVolumes": { - "description": "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.\nYou can set the value of this field to `[]` to clear all the hardware RAID configurations.", - "items": { - "description": "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID.", - "properties": { - "controller": { - "description": "The name of the RAID controller to use.", - "type": "string" - }, - "level": { - "description": "RAID level for the logical disk. The following levels are supported:\n0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).", - "enum": [ - "0", - "1", - "2", - "5", - "6", - "1+0", - "5+0", - "6+0" - ], - "type": "string" - }, - "name": { - "description": "Name of the volume. Should be unique within the Node. If not\nspecified, the name will be auto-generated.", - "maxLength": 64, - "type": "string" - }, - "numberOfPhysicalDisks": { - "description": "Integer, number of physical disks to use for the logical disk.\nDefaults to minimum number of disks required for the particular RAID\nlevel.", - "minimum": 1, - "type": "integer" - }, - "physicalDisks": { - "description": "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted\nby the hardware RAID controller, and the format is hardware specific.", - "items": { - "type": "string" - }, - "type": "array" - }, - "rotational": { - "description": "Select disks with only rotational (if set to true) or solid-state\n(if set to false) storage. By default, any disks can be picked.", - "type": "boolean" - }, - "sizeGibibytes": { - "description": "Size of the logical disk to be created in GiB. If unspecified or\nset be 0, the maximum capacity of disk will be used for logical\ndisk.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "level" - ], - "type": "object" - }, - "nullable": true, - "type": "array" - }, - "softwareRAIDVolumes": { - "description": "The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.\nIf HardwareRAIDVolumes is set this item will be invalid.\nThe number of created Software RAID devices must be 1 or 2.\nIf there is only one Software RAID device, it has to be a RAID-1.\nIf there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.\nAs the first RAID device will be the deployment device,\nenforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.\nSoftware RAID will always be deleted.", - "items": { - "description": "SoftwareRAIDVolume defines the desired configuration of volume in software RAID.", - "properties": { - "level": { - "description": "RAID level for the logical disk. The following levels are supported:\n0, 1 and 1+0.", - "enum": [ - "0", - "1", - "1+0" - ], - "type": "string" - }, - "physicalDisks": { - "description": "A list of device hints, the number of items should be greater than or equal to 2.", - "items": { - "description": "RootDeviceHints holds the hints for specifying the storage location\nfor the root filesystem for the image.", - "properties": { - "deviceName": { - "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", - "type": "string" - }, - "hctl": { - "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", - "type": "string" - }, - "minSizeGigabytes": { - "description": "The minimum size of the device in Gigabytes.", - "minimum": 0, - "type": "integer" - }, - "model": { - "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", - "type": "string" - }, - "rotational": { - "description": "True if the device should use spinning media, false otherwise.", - "type": "boolean" - }, - "serialNumber": { - "description": "Device serial number. The hint must match the actual value\nexactly.", - "type": "string" - }, - "vendor": { - "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", - "type": "string" - }, - "wwn": { - "description": "Unique storage identifier. The hint must match the actual value\nexactly.", - "type": "string" - }, - "wwnVendorExtension": { - "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", - "type": "string" - }, - "wwnWithExtension": { - "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", - "type": "string" - } - }, - "type": "object" - }, - "minItems": 2, - "type": "array" - }, - "sizeGibibytes": { - "description": "Size of the logical disk to be created in GiB.\nIf unspecified or set be 0, the maximum capacity of disk will be used for logical disk.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "level" - ], - "type": "object" - }, - "maxItems": 2, - "nullable": true, - "type": "array" - } - }, - "type": "object" - }, - "rootDeviceHints": { - "description": "Provide guidance about how to choose the device for the image\nbeing provisioned. The default is currently to use /dev/sda as\nthe root device.", - "properties": { - "deviceName": { - "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", - "type": "string" - }, - "hctl": { - "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", - "type": "string" - }, - "minSizeGigabytes": { - "description": "The minimum size of the device in Gigabytes.", - "minimum": 0, - "type": "integer" - }, - "model": { - "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", - "type": "string" - }, - "rotational": { - "description": "True if the device should use spinning media, false otherwise.", - "type": "boolean" - }, - "serialNumber": { - "description": "Device serial number. The hint must match the actual value\nexactly.", - "type": "string" - }, - "vendor": { - "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", - "type": "string" - }, - "wwn": { - "description": "Unique storage identifier. The hint must match the actual value\nexactly.", - "type": "string" - }, - "wwnVendorExtension": { - "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", - "type": "string" - }, - "wwnWithExtension": { - "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", - "type": "string" - } - }, - "type": "object" - }, - "taints": { - "description": "Taints is the full, authoritative list of taints to apply to\nthe corresponding Machine. This list will overwrite any\nmodifications made to the Machine on an ongoing basis.", - "items": { - "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", - "properties": { - "effect": { - "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Required. The taint key to be applied to a node.", - "type": "string" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", - "format": "date-time", - "type": "string" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" - } - }, - "required": [ - "effect", - "key" - ], - "type": "object" - }, - "type": "array" - }, - "userData": { - "description": "UserData holds the reference to the Secret containing the user data\nwhich is passed to the Config Drive and interpreted by the\nfirst-boot software such as cloud-init. The format of user data is\nspecific to the first-boot software.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "online" - ], - "type": "object" - }, - "status": { - "description": "BareMetalHostStatus defines the observed state of BareMetalHost.", - "properties": { - "errorCount": { - "default": 0, - "description": "ErrorCount records how many times the host has encoutered an error since the last successful operation", - "type": "integer" - }, - "errorMessage": { - "description": "The last error message reported by the provisioning subsystem.", - "type": "string" - }, - "errorType": { - "description": "ErrorType indicates the type of failure encountered when the\nOperationalStatus is OperationalStatusError", - "enum": [ - "provisioned registration error", - "registration error", - "inspection error", - "preparation error", - "provisioning error", - "power management error", - "servicing error" - ], - "type": "string" - }, - "goodCredentials": { - "description": "The last credentials we were able to validate as working.", - "properties": { - "credentials": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsVersion": { - "type": "string" - } - }, - "type": "object" - }, - "hardware": { - "description": "The hardware discovered to exist on the host.\nThis field will be removed in the next API version in favour of the\nseparate HardwareData resource.", - "properties": { - "cpu": { - "description": "Details of the CPU(s) in the system.", - "properties": { - "arch": { - "type": "string" - }, - "clockMegahertz": { - "description": "ClockSpeed is a clock speed in MHz", - "format": "double", - "type": "number" - }, - "count": { - "type": "integer" - }, - "flags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "model": { - "type": "string" - } - }, - "type": "object" - }, - "firmware": { - "description": "System firmware information.", - "properties": { - "bios": { - "description": "The BIOS for this firmware", - "properties": { - "date": { - "description": "The release/build date for this BIOS", - "type": "string" - }, - "vendor": { - "description": "The vendor name for this BIOS", - "type": "string" - }, - "version": { - "description": "The version of the BIOS", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hostname": { - "type": "string" - }, - "nics": { - "description": "List of network interfaces for the host.", - "items": { - "description": "NIC describes one network interface on the host.", - "properties": { - "ip": { - "description": "The IP address of the interface. This will be an IPv4 or IPv6 address\nif one is present. If both IPv4 and IPv6 addresses are present in a\ndual-stack environment, two nics will be output, one with each IP.", - "type": "string" - }, - "mac": { - "description": "The device MAC address", - "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", - "type": "string" - }, - "model": { - "description": "The vendor and product IDs of the NIC, e.g. \"0x8086 0x1572\"", - "type": "string" - }, - "name": { - "description": "The name of the network interface, e.g. \"en0\"", - "type": "string" - }, - "pxe": { - "description": "Whether the NIC is PXE Bootable", - "type": "boolean" - }, - "speedGbps": { - "description": "The speed of the device in Gigabits per second", - "type": "integer" - }, - "vlanId": { - "description": "The untagged VLAN ID", - "format": "int32", - "maximum": 4094, - "minimum": 0, - "type": "integer" - }, - "vlans": { - "description": "The VLANs available", - "items": { - "description": "VLAN represents the name and ID of a VLAN.", - "properties": { - "id": { - "description": "VLANID is a 12-bit 802.1Q VLAN identifier", - "format": "int32", - "maximum": 4094, - "minimum": 0, - "type": "integer" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - }, - "ramMebibytes": { - "description": "The host's amount of memory in Mebibytes.", - "type": "integer" - }, - "storage": { - "description": "List of storage (disk, SSD, etc.) available to the host.", - "items": { - "description": "Storage describes one storage device (disk, SSD, etc.) on the host.", - "properties": { - "alternateNames": { - "description": "A list of alternate Linux device names of the disk, e.g. \"/dev/sda\".\nNote that this list is not exhaustive, and names may not be stable\nacross reboots.", - "items": { - "type": "string" - }, - "type": "array" - }, - "hctl": { - "description": "The SCSI location of the device", - "type": "string" - }, - "model": { - "description": "Hardware model", - "type": "string" - }, - "name": { - "description": "A Linux device name of the disk, e.g.\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". This will be a name\nthat is stable across reboots if one is available.", - "type": "string" - }, - "rotational": { - "description": "Whether this disk represents rotational storage.\nThis field is not recommended for usage, please\nprefer using 'Type' field instead, this field\nwill be deprecated eventually.", - "type": "boolean" - }, - "serialNumber": { - "description": "The serial number of the device", - "type": "string" - }, - "sizeBytes": { - "description": "The size of the disk in Bytes", - "format": "int64", - "type": "integer" - }, - "type": { - "description": "Device type, one of: HDD, SSD, NVME.", - "enum": [ - "HDD", - "SSD", - "NVME" - ], - "type": "string" - }, - "vendor": { - "description": "The name of the vendor of the device", - "type": "string" - }, - "wwn": { - "description": "The WWN of the device", - "type": "string" - }, - "wwnVendorExtension": { - "description": "The WWN Vendor extension of the device", - "type": "string" - }, - "wwnWithExtension": { - "description": "The WWN with the extension", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "systemVendor": { - "description": "System vendor information.", - "properties": { - "manufacturer": { - "type": "string" - }, - "productName": { - "type": "string" - }, - "serialNumber": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hardwareProfile": { - "description": "The name of the profile matching the hardware details.\nHardware profiles are deprecated and should not be relied on.", - "type": "string" - }, - "lastUpdated": { - "description": "LastUpdated identifies when this status was last observed.", - "format": "date-time", - "type": "string" - }, - "operationHistory": { - "description": "OperationHistory holds information about operations performed\non this host.", - "properties": { - "deprovision": { - "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", - "properties": { - "end": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "start": { - "format": "date-time", - "nullable": true, - "type": "string" - } - }, - "type": "object" - }, - "inspect": { - "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", - "properties": { - "end": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "start": { - "format": "date-time", - "nullable": true, - "type": "string" - } - }, - "type": "object" - }, - "provision": { - "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", - "properties": { - "end": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "start": { - "format": "date-time", - "nullable": true, - "type": "string" - } - }, - "type": "object" - }, - "register": { - "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", - "properties": { - "end": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "start": { - "format": "date-time", - "nullable": true, - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "operationalStatus": { - "description": "OperationalStatus holds the status of the host", - "enum": [ - "", - "OK", - "discovered", - "error", - "delayed", - "detached", - "servicing" - ], - "type": "string" - }, - "poweredOn": { - "description": "The currently detected power state of the host. This field may get\nbriefly out of sync with the actual state of the hardware while\nprovisioning processes are running.", - "type": "boolean" - }, - "provisioning": { - "description": "Information tracked by the provisioner.", - "properties": { - "ID": { - "description": "The hosts's ID from the underlying provisioning tool (e.g. the\nIronic node UUID).", - "type": "string" - }, - "bootMode": { - "description": "BootMode indicates the boot mode used to provision the host.", - "enum": [ - "UEFI", - "UEFISecureBoot", - "legacy" - ], - "type": "string" - }, - "customDeploy": { - "description": "Custom deploy procedure applied to the host.", - "properties": { - "method": { - "description": "Custom deploy method name.\nThis name is specific to the deploy ramdisk used. If you don't have\na custom deploy ramdisk, you shouldn't use CustomDeploy.", - "type": "string" - } - }, - "required": [ - "method" - ], - "type": "object" - }, - "firmware": { - "description": "The firmware settings that have been applied.", - "properties": { - "simultaneousMultithreadingEnabled": { - "description": "Allows a single physical processor core to appear as several logical processors.", - "enum": [ - true, - false - ], - "type": "boolean" - }, - "sriovEnabled": { - "description": "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.", - "enum": [ - true, - false - ], - "type": "boolean" - }, - "virtualizationEnabled": { - "description": "Supports the virtualization of platform hardware.", - "enum": [ - true, - false - ], - "type": "boolean" - } - }, - "type": "object" - }, - "image": { - "description": "Image holds the details of the last image successfully\nprovisioned to the host.", - "properties": { - "checksum": { - "description": "Checksum is the checksum for the image. Required for all formats\nexcept for \"live-iso\".", - "type": "string" - }, - "checksumType": { - "description": "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.\nThe special value \"auto\" can be used to detect the algorithm from the checksum.\nIf missing, MD5 is used. If in doubt, use \"auto\".", - "enum": [ - "md5", - "sha256", - "sha512", - "auto" - ], - "type": "string" - }, - "format": { - "description": "Format contains the format of the image (raw, qcow2, ...).\nWhen set to \"live-iso\", an ISO 9660 image referenced by the url will\nbe live-booted and not deployed to disk.", - "enum": [ - "raw", - "qcow2", - "vdi", - "vmdk", - "live-iso" - ], - "type": "string" - }, - "url": { - "description": "URL is a location of an image to deploy.", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "raid": { - "description": "The RAID configuration that has been applied.", - "properties": { - "hardwareRAIDVolumes": { - "description": "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.\nYou can set the value of this field to `[]` to clear all the hardware RAID configurations.", - "items": { - "description": "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID.", - "properties": { - "controller": { - "description": "The name of the RAID controller to use.", - "type": "string" - }, - "level": { - "description": "RAID level for the logical disk. The following levels are supported:\n0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).", - "enum": [ - "0", - "1", - "2", - "5", - "6", - "1+0", - "5+0", - "6+0" - ], - "type": "string" - }, - "name": { - "description": "Name of the volume. Should be unique within the Node. If not\nspecified, the name will be auto-generated.", - "maxLength": 64, - "type": "string" - }, - "numberOfPhysicalDisks": { - "description": "Integer, number of physical disks to use for the logical disk.\nDefaults to minimum number of disks required for the particular RAID\nlevel.", - "minimum": 1, - "type": "integer" - }, - "physicalDisks": { - "description": "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted\nby the hardware RAID controller, and the format is hardware specific.", - "items": { - "type": "string" - }, - "type": "array" - }, - "rotational": { - "description": "Select disks with only rotational (if set to true) or solid-state\n(if set to false) storage. By default, any disks can be picked.", - "type": "boolean" - }, - "sizeGibibytes": { - "description": "Size of the logical disk to be created in GiB. If unspecified or\nset be 0, the maximum capacity of disk will be used for logical\ndisk.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "level" - ], - "type": "object" - }, - "nullable": true, - "type": "array" - }, - "softwareRAIDVolumes": { - "description": "The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.\nIf HardwareRAIDVolumes is set this item will be invalid.\nThe number of created Software RAID devices must be 1 or 2.\nIf there is only one Software RAID device, it has to be a RAID-1.\nIf there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.\nAs the first RAID device will be the deployment device,\nenforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.\nSoftware RAID will always be deleted.", - "items": { - "description": "SoftwareRAIDVolume defines the desired configuration of volume in software RAID.", - "properties": { - "level": { - "description": "RAID level for the logical disk. The following levels are supported:\n0, 1 and 1+0.", - "enum": [ - "0", - "1", - "1+0" - ], - "type": "string" - }, - "physicalDisks": { - "description": "A list of device hints, the number of items should be greater than or equal to 2.", - "items": { - "description": "RootDeviceHints holds the hints for specifying the storage location\nfor the root filesystem for the image.", - "properties": { - "deviceName": { - "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", - "type": "string" - }, - "hctl": { - "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", - "type": "string" - }, - "minSizeGigabytes": { - "description": "The minimum size of the device in Gigabytes.", - "minimum": 0, - "type": "integer" - }, - "model": { - "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", - "type": "string" - }, - "rotational": { - "description": "True if the device should use spinning media, false otherwise.", - "type": "boolean" - }, - "serialNumber": { - "description": "Device serial number. The hint must match the actual value\nexactly.", - "type": "string" - }, - "vendor": { - "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", - "type": "string" - }, - "wwn": { - "description": "Unique storage identifier. The hint must match the actual value\nexactly.", - "type": "string" - }, - "wwnVendorExtension": { - "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", - "type": "string" - }, - "wwnWithExtension": { - "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", - "type": "string" - } - }, - "type": "object" - }, - "minItems": 2, - "type": "array" - }, - "sizeGibibytes": { - "description": "Size of the logical disk to be created in GiB.\nIf unspecified or set be 0, the maximum capacity of disk will be used for logical disk.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "level" - ], - "type": "object" - }, - "maxItems": 2, - "nullable": true, - "type": "array" - } - }, - "type": "object" - }, - "rootDeviceHints": { - "description": "The root device hints used to provision the host.", - "properties": { - "deviceName": { - "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", - "type": "string" - }, - "hctl": { - "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", - "type": "string" - }, - "minSizeGigabytes": { - "description": "The minimum size of the device in Gigabytes.", - "minimum": 0, - "type": "integer" - }, - "model": { - "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", - "type": "string" - }, - "rotational": { - "description": "True if the device should use spinning media, false otherwise.", - "type": "boolean" - }, - "serialNumber": { - "description": "Device serial number. The hint must match the actual value\nexactly.", - "type": "string" - }, - "vendor": { - "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", - "type": "string" - }, - "wwn": { - "description": "Unique storage identifier. The hint must match the actual value\nexactly.", - "type": "string" - }, - "wwnVendorExtension": { - "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", - "type": "string" - }, - "wwnWithExtension": { - "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", - "type": "string" - } - }, - "type": "object" - }, - "state": { - "description": "An indicator for what the provisioner is doing with the host.", - "type": "string" - } - }, - "required": [ - "ID", - "state" - ], - "type": "object" - }, - "triedCredentials": { - "description": "The last credentials we sent to the provisioning backend.", - "properties": { - "credentials": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsVersion": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "errorCount", - "errorMessage", - "operationalStatus", - "poweredOn", - "provisioning" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "BareMetalHost", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/BareMetalHostList": { - "description": "BareMetalHostList is a list of BareMetalHost", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of baremetalhosts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.BareMetalHost" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "BareMetalHostList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/DataImage": { - "description": "DataImage is the Schema for the dataimages API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "DataImageSpec defines the desired state of DataImage.", - "properties": { - "url": { - "description": "Url is the address of the dataImage that we want to attach\nto a BareMetalHost", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "status": { - "description": "DataImageStatus defines the observed state of DataImage.", - "properties": { - "attachedImage": { - "description": "Currently attached DataImage", - "properties": { - "url": { - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "error": { - "description": "Error count and message when attaching/detaching", - "properties": { - "count": { - "type": "integer" - }, - "message": { - "type": "string" - } - }, - "required": [ - "count", - "message" - ], - "type": "object" - }, - "lastReconciled": { - "description": "Time of last reconciliation", - "format": "date-time", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "DataImage", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/DataImageList": { - "description": "DataImageList is a list of DataImage", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of dataimages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.DataImage" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "DataImageList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/FirmwareSchema": { - "description": "FirmwareSchema is the Schema for the firmwareschemas API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "FirmwareSchemaSpec defines the desired state of FirmwareSchema.", - "properties": { - "hardwareModel": { - "description": "The hardware model associated with this schema", - "type": "string" - }, - "hardwareVendor": { - "description": "The hardware vendor associated with this schema", - "type": "string" - }, - "schema": { - "additionalProperties": { - "description": "Additional data describing the firmware setting.", - "properties": { - "allowable_values": { - "description": "The allowable value for an Enumeration type setting.", - "items": { - "type": "string" - }, - "type": "array" - }, - "attribute_type": { - "description": "The type of setting.", - "enum": [ - "Enumeration", - "String", - "Integer", - "Boolean", - "Password" - ], - "type": "string" - }, - "lower_bound": { - "description": "The lowest value for an Integer type setting.", - "type": "integer" - }, - "max_length": { - "description": "Maximum length for a String type setting.", - "type": "integer" - }, - "min_length": { - "description": "Minimum length for a String type setting.", - "type": "integer" - }, - "read_only": { - "description": "Whether or not this setting is read only.", - "type": "boolean" - }, - "unique": { - "description": "Whether or not this setting's value is unique to this node, e.g.\na serial number.", - "type": "boolean" - }, - "upper_bound": { - "description": "The highest value for an Integer type setting.", - "type": "integer" - } - }, - "type": "object" - }, - "description": "Map of firmware name to schema", - "type": "object" - } - }, - "required": [ - "schema" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "FirmwareSchema", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/FirmwareSchemaList": { - "description": "FirmwareSchemaList is a list of FirmwareSchema", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of firmwareschemas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.FirmwareSchema" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "FirmwareSchemaList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HardwareData": { - "description": "HardwareData is the Schema for the hardwaredata API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "HardwareDataSpec defines the desired state of HardwareData.", - "properties": { - "hardware": { - "description": "The hardware discovered on the host during its inspection.", - "properties": { - "cpu": { - "description": "Details of the CPU(s) in the system.", - "properties": { - "arch": { - "type": "string" - }, - "clockMegahertz": { - "description": "ClockSpeed is a clock speed in MHz", - "format": "double", - "type": "number" - }, - "count": { - "type": "integer" - }, - "flags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "model": { - "type": "string" - } - }, - "type": "object" - }, - "firmware": { - "description": "System firmware information.", - "properties": { - "bios": { - "description": "The BIOS for this firmware", - "properties": { - "date": { - "description": "The release/build date for this BIOS", - "type": "string" - }, - "vendor": { - "description": "The vendor name for this BIOS", - "type": "string" - }, - "version": { - "description": "The version of the BIOS", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hostname": { - "type": "string" - }, - "nics": { - "description": "List of network interfaces for the host.", - "items": { - "description": "NIC describes one network interface on the host.", - "properties": { - "ip": { - "description": "The IP address of the interface. This will be an IPv4 or IPv6 address\nif one is present. If both IPv4 and IPv6 addresses are present in a\ndual-stack environment, two nics will be output, one with each IP.", - "type": "string" - }, - "mac": { - "description": "The device MAC address", - "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", - "type": "string" - }, - "model": { - "description": "The vendor and product IDs of the NIC, e.g. \"0x8086 0x1572\"", - "type": "string" - }, - "name": { - "description": "The name of the network interface, e.g. \"en0\"", - "type": "string" - }, - "pxe": { - "description": "Whether the NIC is PXE Bootable", - "type": "boolean" - }, - "speedGbps": { - "description": "The speed of the device in Gigabits per second", - "type": "integer" - }, - "vlanId": { - "description": "The untagged VLAN ID", - "format": "int32", - "maximum": 4094, - "minimum": 0, - "type": "integer" - }, - "vlans": { - "description": "The VLANs available", - "items": { - "description": "VLAN represents the name and ID of a VLAN.", - "properties": { - "id": { - "description": "VLANID is a 12-bit 802.1Q VLAN identifier", - "format": "int32", - "maximum": 4094, - "minimum": 0, - "type": "integer" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - }, - "ramMebibytes": { - "description": "The host's amount of memory in Mebibytes.", - "type": "integer" - }, - "storage": { - "description": "List of storage (disk, SSD, etc.) available to the host.", - "items": { - "description": "Storage describes one storage device (disk, SSD, etc.) on the host.", - "properties": { - "alternateNames": { - "description": "A list of alternate Linux device names of the disk, e.g. \"/dev/sda\".\nNote that this list is not exhaustive, and names may not be stable\nacross reboots.", - "items": { - "type": "string" - }, - "type": "array" - }, - "hctl": { - "description": "The SCSI location of the device", - "type": "string" - }, - "model": { - "description": "Hardware model", - "type": "string" - }, - "name": { - "description": "A Linux device name of the disk, e.g.\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". This will be a name\nthat is stable across reboots if one is available.", - "type": "string" - }, - "rotational": { - "description": "Whether this disk represents rotational storage.\nThis field is not recommended for usage, please\nprefer using 'Type' field instead, this field\nwill be deprecated eventually.", - "type": "boolean" - }, - "serialNumber": { - "description": "The serial number of the device", - "type": "string" - }, - "sizeBytes": { - "description": "The size of the disk in Bytes", - "format": "int64", - "type": "integer" - }, - "type": { - "description": "Device type, one of: HDD, SSD, NVME.", - "enum": [ - "HDD", - "SSD", - "NVME" - ], - "type": "string" - }, - "vendor": { - "description": "The name of the vendor of the device", - "type": "string" - }, - "wwn": { - "description": "The WWN of the device", - "type": "string" - }, - "wwnVendorExtension": { - "description": "The WWN Vendor extension of the device", - "type": "string" - }, - "wwnWithExtension": { - "description": "The WWN with the extension", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "systemVendor": { - "description": "System vendor information.", - "properties": { - "manufacturer": { - "type": "string" - }, - "productName": { - "type": "string" - }, - "serialNumber": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HardwareData", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HardwareDataList": { - "description": "HardwareDataList is a list of HardwareData", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hardwaredata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.HardwareData" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HardwareDataList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostFirmwareComponents": { - "description": "HostFirmwareComponents is the Schema for the hostfirmwarecomponents API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "HostFirmwareComponentsSpec defines the desired state of HostFirmwareComponents.", - "properties": { - "updates": { - "items": { - "description": "FirmwareUpdate defines a firmware update specification.", - "properties": { - "component": { - "type": "string" - }, - "url": { - "type": "string" - } - }, - "required": [ - "component", - "url" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "updates" - ], - "type": "object" - }, - "status": { - "description": "HostFirmwareComponentsStatus defines the observed state of HostFirmwareComponents.", - "properties": { - "components": { - "description": "Components is the list of all available firmware components and their information.", - "items": { - "description": "FirmwareComponentStatus defines the status of a firmware component.", - "properties": { - "component": { - "type": "string" - }, - "currentVersion": { - "type": "string" - }, - "initialVersion": { - "type": "string" - }, - "lastVersionFlashed": { - "type": "string" - }, - "updatedAt": { - "format": "date-time", - "type": "string" - } - }, - "required": [ - "component", - "initialVersion" - ], - "type": "object" - }, - "type": "array" - }, - "conditions": { - "description": "Track whether updates stored in the spec are valid based on the schema", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastUpdated": { - "description": "Time that the status was last updated", - "format": "date-time", - "type": "string" - }, - "updates": { - "description": "Updates is the list of all firmware components that should be updated\nthey are specified via name and url fields.", - "items": { - "description": "FirmwareUpdate defines a firmware update specification.", - "properties": { - "component": { - "type": "string" - }, - "url": { - "type": "string" - } - }, - "required": [ - "component", - "url" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostFirmwareComponents", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostFirmwareComponentsList": { - "description": "HostFirmwareComponentsList is a list of HostFirmwareComponents", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hostfirmwarecomponents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.HostFirmwareComponents" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostFirmwareComponentsList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostFirmwareSettings": { - "description": "HostFirmwareSettings is the Schema for the hostfirmwaresettings API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "HostFirmwareSettingsSpec defines the desired state of HostFirmwareSettings.", - "properties": { - "settings": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "description": "Settings are the desired firmware settings stored as name/value pairs.", - "type": "object" - } - }, - "required": [ - "settings" - ], - "type": "object" - }, - "status": { - "description": "HostFirmwareSettingsStatus defines the observed state of HostFirmwareSettings.", - "properties": { - "conditions": { - "description": "Track whether settings stored in the spec are valid based on the schema", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastUpdated": { - "description": "Time that the status was last updated", - "format": "date-time", - "type": "string" - }, - "schema": { - "description": "FirmwareSchema is a reference to the Schema used to describe each\nFirmwareSetting. By default, this will be a Schema in the same\nNamespace as the settings but it can be overwritten in the Spec", - "properties": { - "name": { - "description": "`name` is the reference to the schema.", - "type": "string" - }, - "namespace": { - "description": "`namespace` is the namespace of the where the schema is stored.", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "settings": { - "additionalProperties": { - "type": "string" - }, - "description": "Settings are the firmware settings stored as name/value pairs", - "type": "object" - } - }, - "required": [ - "settings" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostFirmwareSettings", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostFirmwareSettingsList": { - "description": "HostFirmwareSettingsList is a list of HostFirmwareSettings", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hostfirmwaresettings. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.HostFirmwareSettings" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostFirmwareSettingsList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostUpdatePolicy": { - "description": "HostUpdatePolicy is the Schema for the hostupdatepolicy API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "HostUpdatePolicySpec defines the desired state of HostUpdatePolicy.", - "properties": { - "firmwareSettings": { - "description": "Defines policy for changing firmware settings", - "enum": [ - "onPreparing", - "onReboot" - ], - "type": "string" - }, - "firmwareUpdates": { - "description": "Defines policy for updating firmware", - "enum": [ - "onPreparing", - "onReboot" - ], - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy.", - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostUpdatePolicy", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/HostUpdatePolicyList": { - "description": "HostUpdatePolicyList is a list of HostUpdatePolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of hostupdatepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.HostUpdatePolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "HostUpdatePolicyList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/PreprovisioningImage": { - "description": "PreprovisioningImage is the Schema for the preprovisioningimages API.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "PreprovisioningImageSpec defines the desired state of PreprovisioningImage.", - "properties": { - "acceptFormats": { - "description": "acceptFormats is a list of acceptable image formats.", - "items": { - "description": "ImageFormat enumerates the allowed image formats", - "enum": [ - "iso", - "initrd" - ], - "type": "string" - }, - "type": "array" - }, - "architecture": { - "description": "architecture is the processor architecture for which to build the image.", - "type": "string" - }, - "networkDataName": { - "description": "networkDataName is the name of a Secret in the local namespace that\ncontains network data to build in to the image.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "PreprovisioningImageStatus defines the observed state of PreprovisioningImage.", - "properties": { - "architecture": { - "description": "architecture is the processor architecture for which the image is built", - "type": "string" - }, - "conditions": { - "description": "conditions describe the state of the built image", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "extraKernelParams": { - "description": "extraKernelParams is a string with extra parameters to pass to the\nkernel when booting the image over network. Only makes sense for initrd images.", - "type": "string" - }, - "format": { - "description": "format is the type of image that is available at the download url:\neither iso or initrd.", - "enum": [ - "iso", - "initrd" - ], - "type": "string" - }, - "imageUrl": { - "description": "imageUrl is the URL from which the built image can be downloaded.", - "type": "string" - }, - "kernelUrl": { - "description": "kernelUrl is the URL from which the kernel of the image can be downloaded.\nOnly makes sense for initrd images.", - "type": "string" - }, - "networkData": { - "description": "networkData is a reference to the version of the Secret containing the\nnetwork data used to build the image.", - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "PreprovisioningImage", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/PreprovisioningImageList": { - "description": "PreprovisioningImageList is a list of PreprovisioningImage", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of preprovisioningimages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.PreprovisioningImage" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "PreprovisioningImageList", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/Provisioning": { - "description": "Provisioning contains configuration used by the Provisioning\nservice (Ironic) to provision baremetal hosts.\nProvisioning is created by the OpenShift installer using admin or\nuser provided information about the provisioning network and the\nNIC on the server that can be used to PXE boot it.\nThis CR is a singleton, created by the installer and currently only\nconsumed by the cluster-baremetal-operator to bring up and update\ncontainers in a metal3 cluster.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ProvisioningSpec defines the desired state of Provisioning", - "properties": { - "additionalNTPServers": { - "description": "AdditionalNTPServers is a list of NTP Servers to be used by the\nprovisioning service", - "items": { - "type": "string" - }, - "type": "array" - }, - "bootIsoSource": { - "description": "BootIsoSource provides a way to set the location where the iso image\nto boot the nodes will be served from.\nBy default the boot iso image is cached locally and served from\nthe Provisioning service (Ironic) nodes using an auxiliary httpd server.\nIf the boot iso image is already served by an httpd server, setting\nthis option to http allows to directly provide the image from there;\nin this case, the network (either internal or external) where the\nhttpd server that hosts the boot iso is needs to be accessible\nby the metal3 pod.", - "enum": [ - "local", - "http" - ], - "type": "string" - }, - "disableVirtualMediaTLS": { - "description": "DisableVirtualMediaTLS turns off TLS on the virtual media server,\nwhich may be required for hardware that cannot accept HTTPS links.", - "type": "boolean" - }, - "preProvisioningOSDownloadURLs": { - "description": "PreprovisioningOSDownloadURLs is set of CoreOS Live URLs that would be necessary to provision a worker\neither using virtual media or PXE.", - "properties": { - "initramfsURL": { - "description": "InitramfsURL Image URL to be used for PXE deployments", - "type": "string" - }, - "isoURL": { - "description": "IsoURL Image URL to be used for Live ISO deployments", - "type": "string" - }, - "kernelURL": { - "description": "KernelURL is an Image URL to be used for PXE deployments", - "type": "string" - }, - "rootfsURL": { - "description": "RootfsURL Image URL to be used for PXE deployments", - "type": "string" - } - }, - "type": "object" - }, - "provisioningDHCPExternal": { - "description": "ProvisioningDHCPExternal indicates whether the DHCP server\nfor IP addresses in the provisioning DHCP range is present\nwithin the metal3 cluster or external to it. This field is being\ndeprecated in favor of provisioningNetwork.", - "type": "boolean" - }, - "provisioningDHCPRange": { - "description": "ProvisioningDHCPRange needs to be interpreted along with\nProvisioningDHCPExternal. If the value of\nprovisioningDHCPExternal is set to False, then\nProvisioningDHCPRange represents the range of IP addresses\nthat the DHCP server running within the metal3 cluster can\nuse while provisioning baremetal servers. If the value of\nProvisioningDHCPExternal is set to True, then the value of\nProvisioningDHCPRange will be ignored. When the value of\nProvisioningDHCPExternal is set to False, indicating an\ninternal DHCP server and the value of ProvisioningDHCPRange\nis not set, then the DHCP range is taken to be the default\nrange which goes from .10 to .100 of the\nProvisioningNetworkCIDR. This is the only value in all of\nthe Provisioning configuration that can be changed after\nthe installer has created the CR. This value needs to be\ntwo comma sererated IP addresses within the\nProvisioningNetworkCIDR where the 1st address represents\nthe start of the range and the 2nd address represents the\nlast usable address in the range.", - "type": "string" - }, - "provisioningDNS": { - "description": "ProvisioningDNS allows sending the DNS information via DHCP on the\nprovisionig network. It is off by default since the Provisioning\nservice itself (Ironic) does not require DNS, but it may be useful\nfor layered products (e.g. ZTP).", - "type": "boolean" - }, - "provisioningIP": { - "description": "ProvisioningIP is the IP address assigned to the\nprovisioningInterface of the baremetal server. This IP\naddress should be within the provisioning subnet, and\noutside of the DHCP range.", - "type": "string" - }, - "provisioningInterface": { - "description": "ProvisioningInterface is the name of the network interface\non a baremetal server to the provisioning network. It can\nhave values like eth1 or ens3.", - "type": "string" - }, - "provisioningMacAddresses": { - "description": "ProvisioningMacAddresses is a list of mac addresses of network interfaces\non a baremetal server to the provisioning network.\nUse this instead of ProvisioningInterface to allow interfaces of different\nnames. If not provided it will be populated by the BMH.Spec.BootMacAddress\nof each master.", - "items": { - "type": "string" - }, - "type": "array" - }, - "provisioningNetwork": { - "description": "ProvisioningNetwork provides a way to indicate the state of the\nunderlying network configuration for the provisioning network.\nThis field can have one of the following values -\n`Managed`- when the provisioning network is completely managed by\nthe Baremetal IPI solution.\n`Unmanaged`- when the provsioning network is present and used but\nthe user is responsible for managing DHCP. Virtual media provisioning\nis recommended but PXE is still available if required.\n`Disabled`- when the provisioning network is fully disabled. User can\nbring up the baremetal cluster using virtual media or assisted\ninstallation. If using metal3 for power management, BMCs must be\naccessible from the machine networks. User should provide two IPs on\nthe external network that would be used for provisioning services.", - "enum": [ - "Managed", - "Unmanaged", - "Disabled" - ], - "type": "string" - }, - "provisioningNetworkCIDR": { - "description": "ProvisioningNetworkCIDR is the network on which the\nbaremetal nodes are provisioned. The provisioningIP and the\nIPs in the dhcpRange all come from within this network. When using IPv6\nand in a network managed by the Baremetal IPI solution this cannot be a\nnetwork larger than a /64.", - "type": "string" - }, - "provisioningOSDownloadURL": { - "description": "ProvisioningOSDownloadURL is the location from which the OS\nImage used to boot baremetal host machines can be downloaded\nby the metal3 cluster.", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "UnsupportedConfigOverrides are site-specific overrides that are not\nofficially supported in the Metal platform and may cause the\ndeployment to fail. Carefully check the description of each field\nyou modify to understand its implications for stability and\nupgradability of your cluster.\nWhen reporting a bug, please make sure to reproduce it with\nUnsupportedConfigOverrides set to nil.", - "properties": { - "ironicAgentImage": { - "description": "Override for the IPA container image.\nThe image must be based on openshift/ironic-agent-image of the same\nrelease as the cluster. After each cluster upgrade, it must be\nrebased and updated immediately, before any BareMetalHosts are\nenrolled, provisioned or deprovisioned.", - "type": "string" - } - }, - "type": "object" - }, - "virtualMediaViaExternalNetwork": { - "description": "VirtualMediaViaExternalNetwork flag when set to \"true\" allows for workers\nto boot via Virtual Media and contact metal3 over the External Network.\nWhen the flag is set to \"false\" (which is the default), virtual media\ndeployments can still happen based on the configuration specified in the\nProvisioningNetwork i.e when in Disabled mode, over the External Network\nand over Provisioning Network when in Managed mode.\nPXE deployments will always use the Provisioning Network and will not be\naffected by this flag.", - "type": "boolean" - }, - "watchAllNamespaces": { - "description": "WatchAllNamespaces provides a way to explicitly allow use of this\nProvisioning configuration across all Namespaces. It is an\noptional configuration which defaults to false and in that state\nwill be used to provision baremetal hosts in only the\nopenshift-machine-api namespace. When set to true, this provisioning\nconfiguration would be used for baremetal hosts across all namespaces.", - "type": "boolean" - } - }, - "type": "object" - }, - "status": { - "description": "ProvisioningStatus defines the observed state of Provisioning", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "Provisioning", - "version": "v1alpha1" - } - ] - }, - "metal3.io/v1alpha1/ProvisioningList": { - "description": "ProvisioningList is a list of Provisioning", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of provisionings. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.metal3.v1alpha1.Provisioning" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metal3.io", - "kind": "ProvisioningList", - "version": "v1alpha1" - } - ] - }, - "metrics.k8s.io/v1beta1/NodeMetrics": { - "description": "NodeMetrics sets resource usage metrics of a node.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "timestamp": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "default": {}, - "description": "The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]." - }, - "usage": { - "additionalProperties": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - ], - "default": {} - }, - "description": "The memory usage is the memory working set.", - "type": "object" - }, - "window": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - } - ], - "default": 0 - } - }, - "required": [ - "timestamp", - "window", - "usage" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metrics.k8s.io", - "kind": "NodeMetrics", - "version": "v1beta1" - } - ] - }, - "metrics.k8s.io/v1beta1/NodeMetricsList": { - "description": "NodeMetricsList is a list of NodeMetrics.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of node metrics.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.NodeMetrics" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metrics.k8s.io", - "kind": "NodeMetricsList", - "version": "v1beta1" - } - ] - }, - "metrics.k8s.io/v1beta1/PodMetrics": { - "description": "PodMetrics sets resource usage metrics of a pod.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "containers": { - "description": "Metrics for all containers are collected within the same time window.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.ContainerMetrics" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "timestamp": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "default": {}, - "description": "The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]." - }, - "window": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - } - ], - "default": 0 - } - }, - "required": [ - "timestamp", - "window", - "containers" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metrics.k8s.io", - "kind": "PodMetrics", - "version": "v1beta1" - } - ] - }, - "metrics.k8s.io/v1beta1/PodMetricsList": { - "description": "PodMetricsList is a list of PodMetrics.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of pod metrics.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.PodMetrics" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "metrics.k8s.io", - "kind": "PodMetricsList", - "version": "v1beta1" - } - ] - }, - "migration.k8s.io/v1alpha1/StorageState": { - "description": "The state of the storage of a specific resource.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the storage state.", - "properties": { - "resource": { - "description": "The resource this storageState is about.", - "properties": { - "group": { - "description": "The name of the group.", - "type": "string" - }, - "resource": { - "description": "The name of the resource.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "Status of the storage state.", - "properties": { - "currentStorageVersionHash": { - "description": "The hash value of the current storage version, as shown in the discovery document served by the API server. Storage Version is the version to which objects are converted to before persisted.", - "type": "string" - }, - "lastHeartbeatTime": { - "description": "LastHeartbeatTime is the last time the storage migration triggering controller checks the storage version hash of this resource in the discovery document and updates this field.", - "format": "date-time", - "type": "string" - }, - "persistedStorageVersionHashes": { - "description": "The hash values of storage versions that persisted instances of spec.resource might still be encoded in. \"Unknown\" is a valid value in the list, and is the default value. It is not safe to upgrade or downgrade to an apiserver binary that does not support all versions listed in this field, or if \"Unknown\" is listed. Once the storage version migration for this resource has completed, the value of this field is refined to only contain the currentStorageVersionHash. Once the apiserver has changed the storage version, the new storage version is appended to the list.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migration.k8s.io", - "kind": "StorageState", - "version": "v1alpha1" - } - ] - }, - "migration.k8s.io/v1alpha1/StorageStateList": { - "description": "StorageStateList is a list of StorageState", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storagestates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.migration.v1alpha1.StorageState" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migration.k8s.io", - "kind": "StorageStateList", - "version": "v1alpha1" - } - ] - }, - "migration.k8s.io/v1alpha1/StorageVersionMigration": { - "description": "StorageVersionMigration represents a migration of stored data to the latest storage version.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the migration.", - "properties": { - "continueToken": { - "description": "The token used in the list options to get the next chunk of objects to migrate. When the .status.conditions indicates the migration is \"Running\", users can use this token to check the progress of the migration.", - "type": "string" - }, - "resource": { - "description": "The resource that is being migrated. The migrator sends requests to the endpoint serving the resource. Immutable.", - "properties": { - "group": { - "description": "The name of the group.", - "type": "string" - }, - "resource": { - "description": "The name of the resource.", - "type": "string" - }, - "version": { - "description": "The name of the version.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "resource" - ], - "type": "object" - }, - "status": { - "description": "Status of the migration.", - "properties": { - "conditions": { - "description": "The latest available observations of the migration's current state.", - "items": { - "description": "Describes the state of a migration at a certain point.", - "properties": { - "lastUpdateTime": { - "description": "The last time this condition was updated.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "Type of the condition.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migration.k8s.io", - "kind": "StorageVersionMigration", - "version": "v1alpha1" - } - ] - }, - "migration.k8s.io/v1alpha1/StorageVersionMigrationList": { - "description": "StorageVersionMigrationList is a list of StorageVersionMigration", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storageversionmigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.migration.v1alpha1.StorageVersionMigration" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migration.k8s.io", - "kind": "StorageVersionMigrationList", - "version": "v1alpha1" - } - ] - }, - "migrations.kubevirt.io/v1alpha1/MigrationPolicy": { - "description": "MigrationPolicy holds migration policy (i.e. configurations) to apply to a VM or group of VMs", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "allowAutoConverge": { - "type": "boolean" - }, - "allowPostCopy": { - "type": "boolean" - }, - "allowWorkloadDisruption": { - "type": "boolean" - }, - "bandwidthPerMigration": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "completionTimeoutPerGiB": { - "format": "int64", - "type": "integer" - }, - "selectors": { - "properties": { - "namespaceSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "virtualMachineInstanceSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "selectors" - ], - "type": "object" - }, - "status": { - "nullable": true, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migrations.kubevirt.io", - "kind": "MigrationPolicy", - "version": "v1alpha1" - } - ] - }, - "migrations.kubevirt.io/v1alpha1/MigrationPolicyList": { - "description": "MigrationPolicyList is a list of MigrationPolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of migrationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.MigrationPolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "migrations.kubevirt.io", - "kind": "MigrationPolicyList", - "version": "v1alpha1" - } - ] - }, - "monitoring.coreos.com/v1/Alertmanager": { - "description": "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the Alertmanager cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the 'Alertmanager' container.\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nAlertmanager container which may cause issues if they are invalid or not supported\nby the given Alertmanager version.", - "items": { - "description": "Argument as part of the AdditionalArgs list.", - "properties": { - "name": { - "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "additionalPeers": { - "description": "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.", - "items": { - "type": "string" - }, - "type": "array" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "alertmanagerConfigMatcherStrategy": { - "description": "AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects\nprocess incoming alerts.", - "properties": { - "type": { - "default": "OnNamespace", - "description": "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\nThe default value is `OnNamespace`.", - "enum": [ - "OnNamespace", - "OnNamespaceExceptForAlertmanagerNamespace", - "None" - ], - "type": "string" - } - }, - "type": "object" - }, - "alertmanagerConfigNamespaceSelector": { - "description": "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only\ncheck own namespace.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "alertmanagerConfigSelector": { - "description": "AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "alertmanagerConfiguration": { - "description": "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\nIf defined, it takes precedence over the `configSecret` field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "properties": { - "global": { - "description": "Defines the global parameters of the Alertmanager configuration.", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the Alertmanager\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "jira": { - "description": "The default configuration for Jira.", - "properties": { - "apiURL": { - "description": "The default Jira API URL.\n\nIt requires Alertmanager >= v0.28.0.", - "pattern": "^(http|https)://.+$", - "type": "string" - } - }, - "type": "object" - }, - "opsGenieApiKey": { - "description": "The default OpsGenie API Key.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "opsGenieApiUrl": { - "description": "The default OpsGenie API URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pagerdutyUrl": { - "description": "The default Pagerduty URL.", - "type": "string" - }, - "resolveTimeout": { - "description": "ResolveTimeout is the default value used by alertmanager if the alert does\nnot include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated.\nThis has no impact on alerts from Prometheus, as they always include EndsAt.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "rocketChat": { - "description": "The default configuration for Rocket Chat.", - "properties": { - "apiURL": { - "description": "The default Rocket Chat API URL.\n\nIt requires Alertmanager >= v0.28.0.", - "pattern": "^(http|https)://.+$", - "type": "string" - }, - "token": { - "description": "The default Rocket Chat token.\n\nIt requires Alertmanager >= v0.28.0.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tokenID": { - "description": "The default Rocket Chat Token ID.\n\nIt requires Alertmanager >= v0.28.0.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "slackApiUrl": { - "description": "The default Slack API URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "smtp": { - "description": "Configures global SMTP parameters.", - "properties": { - "authIdentity": { - "description": "SMTP Auth using PLAIN", - "type": "string" - }, - "authPassword": { - "description": "SMTP Auth using LOGIN and PLAIN.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "authSecret": { - "description": "SMTP Auth using CRAM-MD5.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "authUsername": { - "description": "SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server.", - "type": "string" - }, - "from": { - "description": "The default SMTP From header field.", - "type": "string" - }, - "hello": { - "description": "The default hostname to identify to the SMTP server.", - "type": "string" - }, - "requireTLS": { - "description": "The default SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", - "type": "boolean" - }, - "smartHost": { - "description": "The default SMTP smarthost used for sending emails.", - "properties": { - "host": { - "description": "Defines the host's address, it can be a DNS name or a literal IP address.", - "minLength": 1, - "type": "string" - }, - "port": { - "description": "Defines the host's port, it can be a literal port number or a port name.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "host", - "port" - ], - "type": "object" - }, - "tlsConfig": { - "description": "The default TLS configuration for SMTP receivers", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "telegram": { - "description": "The default Telegram config", - "properties": { - "apiURL": { - "description": "The default Telegram API URL.\n\nIt requires Alertmanager >= v0.24.0.", - "pattern": "^(http|https)://.+$", - "type": "string" - } - }, - "type": "object" - }, - "victorops": { - "description": "The default configuration for VictorOps.", - "properties": { - "apiKey": { - "description": "The default VictorOps API Key.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "apiURL": { - "description": "The default VictorOps API URL.", - "pattern": "^(http|https)://.+$", - "type": "string" - } - }, - "type": "object" - }, - "webex": { - "description": "The default configuration for Jira.", - "properties": { - "apiURL": { - "description": "The default Webex API URL.\n\nIt requires Alertmanager >= v0.25.0.", - "pattern": "^(http|https)://.+$", - "type": "string" - } - }, - "type": "object" - }, - "wechat": { - "description": "The default WeChat Config", - "properties": { - "apiCorpID": { - "description": "The default WeChat API Corporate ID.", - "minLength": 1, - "type": "string" - }, - "apiSecret": { - "description": "The default WeChat API Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "apiURL": { - "description": "The default WeChat API URL.\nThe default value is \"https://qyapi.weixin.qq.com/cgi-bin/\"", - "pattern": "^(http|https)://.+$", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "name": { - "description": "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration.\nIt must be defined in the same namespace as the Alertmanager object.\nThe operator will not enforce a `namespace` label for routes and inhibition rules.", - "minLength": 1, - "type": "string" - }, - "templates": { - "description": "Custom notification templates.", - "items": { - "description": "SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.", - "type": "boolean" - }, - "baseImage": { - "description": "Base image that is used to deploy pods, without tag.\nDeprecated: use 'image' instead.", - "type": "string" - }, - "clusterAdvertiseAddress": { - "description": "ClusterAdvertiseAddress is the explicit address to advertise in cluster.\nNeeds to be provided for non RFC1918 [1] (public) addresses.\n[1] RFC1918: https://tools.ietf.org/html/rfc1918", - "type": "string" - }, - "clusterGossipInterval": { - "description": "Interval between gossip attempts.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "clusterLabel": { - "description": "Defines the identifier that uniquely identifies the Alertmanager cluster.\nYou should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field.", - "type": "string" - }, - "clusterPeerTimeout": { - "description": "Timeout for cluster peering.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "clusterPushpullInterval": { - "description": "Interval between pushpull attempts.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "clusterTLS": { - "description": "Configures the mutual TLS configuration for the Alertmanager cluster's gossip protocol.\n\nIt requires Alertmanager >= 0.24.0.", - "properties": { - "client": { - "description": "Client-side configuration for mutual TLS.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "server": { - "description": "Server-side configuration for mutual TLS.", - "properties": { - "cert": { - "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", - "type": "string" - }, - "cipherSuites": { - "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", - "items": { - "type": "string" - }, - "type": "array" - }, - "clientAuthType": { - "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", - "type": "string" - }, - "clientCAFile": { - "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", - "type": "string" - }, - "client_ca": { - "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "curvePreferences": { - "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", - "items": { - "type": "string" - }, - "type": "array" - }, - "keyFile": { - "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum TLS version that is acceptable.", - "type": "string" - }, - "minVersion": { - "description": "Minimum TLS version that is acceptable.", - "type": "string" - }, - "preferServerCipherSuites": { - "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "client", - "server" - ], - "type": "object" - }, - "configMaps": { - "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container.", - "items": { - "type": "string" - }, - "type": "array" - }, - "configSecret": { - "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications).", - "type": "string" - }, - "containers": { - "description": "Containers allows injecting additional containers. This is meant to\nallow adding an authentication proxy to an Alertmanager pod.\nContainers described here modify an operator generated container if they\nshare the same name and modifications are done via a strategic merge\npatch. The current container names are: `alertmanager` and\n`config-reloader`. Overriding containers is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "dnsConfig": { - "description": "Defines the DNS configuration for the pods.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is required and must be unique.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value is optional.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "dnsPolicy": { - "description": "Defines the DNS policy for the pods.", - "enum": [ - "ClusterFirstWithHostNet", - "ClusterFirst", - "Default", - "None" - ], - "type": "string" - }, - "enableFeatures": { - "description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0.", - "items": { - "type": "string" - }, - "type": "array" - }, - "enableServiceLinks": { - "description": "Indicates whether information about services should be injected into pod's environment variables", - "type": "boolean" - }, - "externalUrl": { - "description": "The external URL the Alertmanager instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Alertmanager is not\nserved from root of a DNS name.", - "type": "string" - }, - "forceEnableClusterMode": { - "description": "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.\nUse case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.", - "type": "boolean" - }, - "hostAliases": { - "description": "Pods' hostAliases configuration", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string" - } - }, - "required": [ - "hostnames", - "ip" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "image": { - "description": "Image if specified has precedence over baseImage, tag and sha\ncombinations. Specifying the version is still necessary to ensure the\nPrometheus Operator knows what version of Alertmanager is being\nconfigured.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", - "enum": [ - "", - "Always", - "Never", - "IfNotPresent" - ], - "type": "string" - }, - "imagePullSecrets": { - "description": "An optional list of references to secrets in the same namespace\nto use for pulling prometheus and alertmanager images from registries\nsee https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "initContainers": { - "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the Alertmanager configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator\ngenerated init containers if they share the same name and modifications are\ndone via a strategic merge patch. The current init container name is:\n`init-config-reloader`. Overriding init containers is entirely outside the\nscope of what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "limits": { - "description": "Defines the limits command line flags when starting Alertmanager.", - "properties": { - "maxPerSilenceBytes": { - "description": "The maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's\n`--silences.max-per-silence-bytes` flag.\nIt requires Alertmanager >= v0.28.0.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "maxSilences": { - "description": "The maximum number active and pending silences. This corresponds to the\nAlertmanager's `--silences.max-silences` flag.\nIt requires Alertmanager >= v0.28.0.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "listenLocal": { - "description": "ListenLocal makes the Alertmanager server listen on loopback, so that it\ndoes not bind against the Pod IP. Note this is only for the Alertmanager\nUI, not the gossip communication.", - "type": "boolean" - }, - "logFormat": { - "description": "Log format for Alertmanager to be configured with.", - "enum": [ - "", - "logfmt", - "json" - ], - "type": "string" - }, - "logLevel": { - "description": "Log level for Alertmanager to be configured with.", - "enum": [ - "", - "debug", - "info", - "warn", - "error" - ], - "type": "string" - }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.", - "format": "int32", - "type": "integer" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "Define which Nodes the Pods are scheduled on.", - "type": "object" - }, - "paused": { - "description": "If set to true all actions on the underlying managed objects are not\ngoint to be performed, except for delete actions.", - "type": "boolean" - }, - "persistentVolumeClaimRetentionPolicy": { - "description": "The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.\nThe default behavior is all PVCs are retained.\nThis is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.\nIt requires enabling the StatefulSetAutoDeletePVC feature gate.", - "properties": { - "whenDeleted": { - "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is deleted. The default policy\nof `Retain` causes PVCs to not be affected by StatefulSet deletion. The\n`Delete` policy causes those PVCs to be deleted.", - "type": "string" - }, - "whenScaled": { - "description": "WhenScaled specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is scaled down. The default\npolicy of `Retain` causes PVCs to not be affected by a scaledown. The\n`Delete` policy causes the associated PVCs for any excess pods above\nthe replica count to be deleted.", - "type": "string" - } - }, - "type": "object" - }, - "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "portName": { - "default": "web", - "description": "Port name used for the pods and governing service.\nDefaults to `web`.", - "type": "string" - }, - "priorityClassName": { - "description": "Priority class assigned to the Pods", - "type": "string" - }, - "replicas": { - "description": "Size is the expected size of the alertmanager cluster. The controller will\neventually make the size of the running cluster equal to the expected\nsize.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Define resources requests and limits for single Pods.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "retention": { - "default": "120h", - "description": "Time duration Alertmanager shall retain data for. Default is '120h',\nand must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "routePrefix": { - "description": "The route prefix Alertmanager registers HTTP handlers for. This is useful,\nif using ExternalURL and a proxy is rewriting HTTP routes of a request,\nand the actual ExternalURL is still true, but the server serves requests\nunder a different route prefix. For example for use with `kubectl proxy`.", - "type": "string" - }, - "secrets": { - "description": "Secrets is a list of Secrets in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container.", - "items": { - "type": "string" - }, - "type": "array" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", - "type": "string" - }, - "serviceName": { - "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the Alertmanager resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `alertmanager-operated` for Alermanager resources.\nWhen deploying multiple Alertmanager resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", - "minLength": 1, - "type": "string" - }, - "sha": { - "description": "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`.\nSimilar to a tag, but the SHA explicitly deploys an immutable container image.\nVersion and Tag are ignored if SHA is set.\nDeprecated: use 'image' instead. The image digest can be specified as part of the image URL.", - "type": "string" - }, - "storage": { - "description": "Storage is the definition of how storage will be used by the Alertmanager\ninstances.", - "properties": { - "disableMountSubPath": { - "description": "Deprecated: subPath usage will be removed in a future release.", - "type": "boolean" - }, - "emptyDir": { - "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "volumeClaimTemplate": { - "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "Deprecated: this field is never set.", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" - }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", - "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" - }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "tag": { - "description": "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`.\nVersion is ignored if Tag is set.\nDeprecated: use 'image' instead. The image tag can be specified as part of the image URL.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 120 seconds.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "If specified, the pod's topology spread constraints.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "version": { - "description": "Version the cluster should be on.", - "type": "string" - }, - "volumeMounts": { - "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the alertmanager container,\nthat are generated as a result of StorageSpec objects.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumes": { - "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition.\nVolumes specified will be appended to other volumes that are generated as a result of\nStorageSpec objects.", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "web": { - "description": "Defines the web command line flags when starting Alertmanager.", - "properties": { - "getConcurrency": { - "description": "Maximum number of GET requests processed concurrently. This corresponds to the\nAlertmanager's `--web.get-concurrency` flag.", - "format": "int32", - "type": "integer" - }, - "httpConfig": { - "description": "Defines HTTP parameters for web server.", - "properties": { - "headers": { - "description": "List of headers that can be added to HTTP responses.", - "properties": { - "contentSecurityPolicy": { - "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", - "type": "string" - }, - "strictTransportSecurity": { - "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", - "type": "string" - }, - "xContentTypeOptions": { - "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", - "enum": [ - "", - "NoSniff" - ], - "type": "string" - }, - "xFrameOptions": { - "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", - "enum": [ - "", - "Deny", - "SameOrigin" - ], - "type": "string" - }, - "xXSSProtection": { - "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", - "type": "string" - } - }, - "type": "object" - }, - "http2": { - "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", - "type": "boolean" - } - }, - "type": "object" - }, - "timeout": { - "description": "Timeout for HTTP requests. This corresponds to the Alertmanager's\n`--web.timeout` flag.", - "format": "int32", - "type": "integer" - }, - "tlsConfig": { - "description": "Defines the TLS parameters for HTTPS.", - "properties": { - "cert": { - "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", - "type": "string" - }, - "cipherSuites": { - "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", - "items": { - "type": "string" - }, - "type": "array" - }, - "clientAuthType": { - "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", - "type": "string" - }, - "clientCAFile": { - "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", - "type": "string" - }, - "client_ca": { - "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "curvePreferences": { - "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", - "items": { - "type": "string" - }, - "type": "array" - }, - "keyFile": { - "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum TLS version that is acceptable.", - "type": "string" - }, - "minVersion": { - "description": "Minimum TLS version that is acceptable.", - "type": "string" - }, - "preferServerCipherSuites": { - "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "Most recent observed status of the Alertmanager cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Alertmanager cluster.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "The current state of the Alertmanager object.", - "items": { - "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Human-readable message indicating details for the condition's last transition.", - "type": "string" - }, - "observedGeneration": { - "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", - "format": "int64", - "type": "integer" - }, - "reason": { - "description": "Reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition.", - "minLength": 1, - "type": "string" - }, - "type": { - "description": "Type of the condition being reported.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "paused": { - "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", - "type": "boolean" - }, - "replicas": { - "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject (their labels match the selector).", - "format": "int32", - "type": "integer" - }, - "selector": { - "description": "The selector used to match the pods targeted by this Alertmanager object.", - "type": "string" - }, - "unavailableReplicas": { - "description": "Total number of unavailable pods targeted by this Alertmanager object.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject that have the desired version spec.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "availableReplicas", - "paused", - "replicas", - "unavailableReplicas", - "updatedReplicas" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "Alertmanager", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/AlertmanagerList": { - "description": "AlertmanagerList is a list of Alertmanager", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of alertmanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.Alertmanager" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "AlertmanagerList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/PodMonitor": { - "description": "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of desired Pod selection for target discovery by Prometheus.", - "properties": { - "attachMetadata": { - "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.35.0.", - "properties": { - "node": { - "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", - "type": "boolean" - } - }, - "type": "object" - }, - "bodySizeLimit": { - "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "convertClassicHistogramsToNHCB": { - "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", - "type": "boolean" - }, - "fallbackScrapeProtocol": { - "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "jobLabel": { - "description": "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`).", - "type": "string" - }, - "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", - "format": "int64", - "type": "integer" - }, - "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "namespaceSelector": { - "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.\nBy default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.", - "properties": { - "any": { - "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", - "type": "boolean" - }, - "matchNames": { - "description": "List of namespace names to select from.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "nativeHistogramBucketLimit": { - "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", - "format": "int64", - "type": "integer" - }, - "nativeHistogramMinBucketFactor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "podMetricsEndpoints": { - "description": "Defines how to scrape metrics from the selected pods.", - "items": { - "description": "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", - "properties": { - "authorization": { - "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "enableHttp2": { - "description": "`enableHttp2` can be used to disable HTTP2 when scraping the target.", - "type": "boolean" - }, - "filterRunning": { - "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", - "type": "boolean" - }, - "followRedirects": { - "description": "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects.", - "type": "boolean" - }, - "honorLabels": { - "description": "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels.", - "type": "boolean" - }, - "honorTimestamps": { - "description": "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target.", - "type": "boolean" - }, - "interval": { - "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "metricRelabelings": { - "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "params": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "`params` define optional HTTP URL parameters.", - "type": "object" - }, - "path": { - "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", - "type": "string" - }, - "port": { - "description": "The `Pod` port name which exposes the endpoint.\n\nIt takes precedence over the `portNumber` and `targetPort` fields.", - "type": "string" - }, - "portNumber": { - "description": "The `Pod` port number which exposes the endpoint.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "relabelings": { - "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "scheme": { - "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", - "enum": [ - "http", - "https" - ], - "type": "string" - }, - "scrapeTimeout": { - "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' or 'portNumber' instead.", - "x-kubernetes-int-or-string": true - }, - "tlsConfig": { - "description": "TLS configuration to use when scraping the target.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "trackTimestampsStaleness": { - "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", - "type": "boolean" - } - }, - "type": "object" - }, - "type": "array" - }, - "podTargetLabels": { - "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", - "items": { - "type": "string" - }, - "type": "array" - }, - "sampleLimit": { - "description": "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted.", - "format": "int64", - "type": "integer" - }, - "scrapeClass": { - "description": "The scrape class to apply.", - "minLength": 1, - "type": "string" - }, - "scrapeClassicHistograms": { - "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", - "type": "boolean" - }, - "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", - "items": { - "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "selector": { - "description": "Label selector to select the Kubernetes `Pod` objects to scrape metrics from.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selectorMechanism": { - "description": "Mechanism used to select the endpoints to scrape.\nBy default, the selection process relies on relabel configurations to filter the discovered targets.\nAlternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.\nWhich strategy is best for your use case needs to be carefully evaluated.\n\nIt requires Prometheus >= v2.17.0.", - "enum": [ - "RelabelConfig", - "RoleSelector" - ], - "type": "string" - }, - "targetLimit": { - "description": "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "selector" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "PodMonitor", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/PodMonitorList": { - "description": "PodMonitorList is a list of PodMonitor", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of podmonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.PodMonitor" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "PodMonitorList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/Probe": { - "description": "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of desired Ingress selection for target discovery by Prometheus.", - "properties": { - "authorization": { - "description": "Authorization section for this endpoint", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "convertClassicHistogramsToNHCB": { - "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", - "type": "boolean" - }, - "fallbackScrapeProtocol": { - "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "interval": { - "description": "Interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "jobName": { - "description": "The job name assigned to scraped metrics by default.", - "type": "string" - }, - "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", - "format": "int64", - "type": "integer" - }, - "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", - "format": "int64", - "type": "integer" - }, - "metricRelabelings": { - "description": "MetricRelabelConfigs to apply to samples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "module": { - "description": "The module to use for probing specifying how to probe the target.\nExample module configuring in the blackbox exporter:\nhttps://github.com/prometheus/blackbox_exporter/blob/master/example.yml", - "type": "string" - }, - "nativeHistogramBucketLimit": { - "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", - "format": "int64", - "type": "integer" - }, - "nativeHistogramMinBucketFactor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "oauth2": { - "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "prober": { - "description": "Specification for the prober to use for probing targets.\nThe prober.URL parameter is required. Targets cannot be probed if left empty.", - "properties": { - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "path": { - "default": "/probe", - "description": "Path to collect metrics from.\nDefaults to `/probe`.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scheme": { - "description": "HTTP scheme to use for scraping.\n`http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling.\nIf empty, Prometheus uses the default value `http`.", - "enum": [ - "http", - "https" - ], - "type": "string" - }, - "url": { - "description": "Mandatory URL of the prober.", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", - "format": "int64", - "type": "integer" - }, - "scrapeClass": { - "description": "The scrape class to apply.", - "minLength": 1, - "type": "string" - }, - "scrapeClassicHistograms": { - "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", - "type": "boolean" - }, - "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", - "items": { - "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "scrapeTimeout": { - "description": "Timeout for scraping metrics from the Prometheus exporter.\nIf not specified, the Prometheus global scrape timeout is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "targetLimit": { - "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", - "format": "int64", - "type": "integer" - }, - "targets": { - "description": "Targets defines a set of static or dynamically discovered targets to probe.", - "properties": { - "ingress": { - "description": "ingress defines the Ingress objects to probe and the relabeling\nconfiguration.\nIf `staticConfig` is also defined, `staticConfig` takes precedence.", - "properties": { - "namespaceSelector": { - "description": "From which namespaces to select Ingress objects.", - "properties": { - "any": { - "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", - "type": "boolean" - }, - "matchNames": { - "description": "List of namespace names to select from.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "relabelingConfigs": { - "description": "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "selector": { - "description": "Selector to select the Ingress objects.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "staticConfig": { - "description": "staticConfig defines the static list of targets to probe and the\nrelabeling configuration.\nIf `ingress` is also defined, `staticConfig` takes precedence.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.", - "properties": { - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Labels assigned to all metrics scraped from the targets.", - "type": "object" - }, - "relabelingConfigs": { - "description": "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "static": { - "description": "The list of hosts to probe.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "tlsConfig": { - "description": "TLS configuration to use when scraping the endpoint.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "Probe", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/ProbeList": { - "description": "ProbeList is a list of Probe", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of probes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.Probe" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "ProbeList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/Prometheus": { - "description": "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "additionalAlertManagerConfigs": { - "description": "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "additionalAlertRelabelConfigs": { - "description": "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", - "items": { - "description": "Argument as part of the AdditionalArgs list.", - "properties": { - "name": { - "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "additionalScrapeConfigs": { - "description": "AdditionalScrapeConfigs allows specifying a key of a Secret containing\nadditional Prometheus scrape configurations. Scrape configurations\nspecified are appended to the configurations generated by the Prometheus\nOperator. Job configurations specified must have the form as specified\nin the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.\nAs scrape configs are appended, the user is responsible to make sure it\nis valid. Note that using this feature may expose the possibility to\nbreak upgrades of Prometheus. It is advised to review Prometheus release\nnotes to ensure that no incompatible scrape configs are going to break\nPrometheus after the upgrade.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "affinity": { - "description": "Defines the Pods' affinity scheduling rules if specified.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "alerting": { - "description": "Defines the settings related to Alertmanager.", - "properties": { - "alertmanagers": { - "description": "Alertmanager endpoints where Prometheus should send alerts to.", - "items": { - "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object\ncontaining Alertmanager IPs to fire alerts against.", - "properties": { - "alertRelabelings": { - "description": "Relabeling configs applied before sending alerts to a specific Alertmanager.\nIt requires Prometheus >= v2.51.0.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "apiVersion": { - "description": "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"V1\" or \"V2\".\nThe field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported.", - "enum": [ - "v1", - "V1", - "v2", - "V2" - ], - "type": "string" - }, - "authorization": { - "description": "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth configuration for Alertmanager.\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenFile": { - "description": "File to read bearer token for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", - "type": "string" - }, - "enableHttp2": { - "description": "Whether to enable HTTP2.", - "type": "boolean" - }, - "name": { - "description": "Name of the Endpoints object in the namespace.", - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "Namespace of the Endpoints object.\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object.", - "minLength": 1, - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "pathPrefix": { - "description": "Prefix for the HTTP path alerts are pushed to.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Port on which the Alertmanager API is exposed.", - "x-kubernetes-int-or-string": true - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "relabelings": { - "description": "Relabel configuration applied to the discovered Alertmanagers.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "scheme": { - "description": "Scheme to use when firing alerts.", - "type": "string" - }, - "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.48.0.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "timeout": { - "description": "Timeout is a per-target Alertmanager timeout when pushing alerts.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS Config to use for Alertmanager.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "name", - "port" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "alertmanagers" - ], - "type": "object" - }, - "allowOverlappingBlocks": { - "description": "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.", - "type": "boolean" - }, - "apiserverConfig": { - "description": "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", - "properties": { - "authorization": { - "description": "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with `credentials`.", - "type": "string" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", - "type": "string" - }, - "bearerTokenFile": { - "description": "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", - "type": "string" - }, - "host": { - "description": "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number.", - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS Config to use for the API server.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "host" - ], - "type": "object" - }, - "arbitraryFSAccessThroughSMs": { - "description": "When true, ServiceMonitor, PodMonitor and Probe object are forbidden to\nreference arbitrary files on the file system of the 'prometheus'\ncontainer.\nWhen a ServiceMonitor's endpoint specifies a `bearerTokenFile` value\n(e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a\nmalicious target can get access to the Prometheus service account's\ntoken in the Prometheus' scrape request. Setting\n`spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.\nUsers should instead provide the credentials using the\n`spec.bearerTokenSecret` field.", - "properties": { - "deny": { - "type": "boolean" - } - }, - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", - "type": "boolean" - }, - "baseImage": { - "description": "Deprecated: use 'spec.image' instead.", - "type": "string" - }, - "bodySizeLimit": { - "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "configMaps": { - "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container.", - "items": { - "type": "string" - }, - "type": "array" - }, - "containers": { - "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "convertClassicHistogramsToNHCB": { - "description": "Whether to convert all scraped classic histograms into a native\nhistogram with custom buckets.\n\nIt requires Prometheus >= v3.4.0.", - "type": "boolean" - }, - "disableCompaction": { - "description": "When true, the Prometheus compaction is disabled.\nWhen `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically\ndisables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).", - "type": "boolean" - }, - "dnsConfig": { - "description": "Defines the DNS configuration for the pods.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is required and must be unique.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value is optional.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "dnsPolicy": { - "description": "Defines the DNS policy for the pods.", - "enum": [ - "ClusterFirstWithHostNet", - "ClusterFirst", - "Default", - "None" - ], - "type": "string" - }, - "enableAdminAPI": { - "description": "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", - "type": "boolean" - }, - "enableFeatures": { - "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "enableOTLPReceiver": { - "description": "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0.", - "type": "boolean" - }, - "enableRemoteWriteReceiver": { - "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0.", - "type": "boolean" - }, - "enableServiceLinks": { - "description": "Indicates whether information about services should be injected into pod's environment variables", - "type": "boolean" - }, - "enforcedBodySizeLimit": { - "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "enforcedKeepDroppedTargets": { - "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", - "format": "int64", - "type": "integer" - }, - "enforcedLabelLimit": { - "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", - "format": "int64", - "type": "integer" - }, - "enforcedLabelNameLengthLimit": { - "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", - "format": "int64", - "type": "integer" - }, - "enforcedLabelValueLengthLimit": { - "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", - "format": "int64", - "type": "integer" - }, - "enforcedNamespaceLabel": { - "description": "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", - "type": "string" - }, - "enforcedSampleLimit": { - "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", - "format": "int64", - "type": "integer" - }, - "enforcedTargetLimit": { - "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", - "format": "int64", - "type": "integer" - }, - "evaluationInterval": { - "default": "30s", - "description": "Interval between rule evaluations.\nDefault: \"30s\"", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "excludedFromEnforcement": { - "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", - "items": { - "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", - "properties": { - "group": { - "default": "monitoring.coreos.com", - "description": "Group of the referent. When not specified, it defaults to `monitoring.coreos.com`", - "enum": [ - "monitoring.coreos.com" - ], - "type": "string" - }, - "name": { - "description": "Name of the referent. When not set, all resources in the namespace are matched.", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "minLength": 1, - "type": "string" - }, - "resource": { - "description": "Resource of the referent.", - "enum": [ - "prometheusrules", - "servicemonitors", - "podmonitors", - "probes", - "scrapeconfigs" - ], - "type": "string" - } - }, - "required": [ - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array" - }, - "exemplars": { - "description": "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective.", - "properties": { - "maxSize": { - "description": "Maximum number of exemplars stored in memory for all series.\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "externalLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "The labels to add to any time series or alerts when communicating with\nexternal systems (federation, remote storage, Alertmanager).\nLabels defined by `spec.replicaExternalLabelName` and\n`spec.prometheusExternalLabelName` take precedence over this list.", - "type": "object" - }, - "externalUrl": { - "description": "The external URL under which the Prometheus service is externally\navailable. This is necessary to generate correct URLs (for instance if\nPrometheus is accessible behind an Ingress resource).", - "type": "string" - }, - "hostAliases": { - "description": "Optional list of hosts and IPs that will be injected into the Pod's\nhosts file if specified.", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string" - } - }, - "required": [ - "hostnames", - "ip" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "hostNetwork": { - "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/ ).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).", - "type": "boolean" - }, - "ignoreNamespaceSelectors": { - "description": "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject.", - "type": "boolean" - }, - "image": { - "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", - "enum": [ - "", - "Always", - "Never", - "IfNotPresent" - ], - "type": "string" - }, - "imagePullSecrets": { - "description": "An optional list of references to Secrets in the same namespace\nto use for pulling images from registries.\nSee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "initContainers": { - "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", - "format": "int64", - "type": "integer" - }, - "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", - "format": "int64", - "type": "integer" - }, - "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", - "format": "int64", - "type": "integer" - }, - "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", - "format": "int64", - "type": "integer" - }, - "listenLocal": { - "description": "When true, the Prometheus server listens on the loopback address\ninstead of the Pod IP's address.", - "type": "boolean" - }, - "logFormat": { - "description": "Log format for Log level for Prometheus and the config-reloader sidecar.", - "enum": [ - "", - "logfmt", - "json" - ], - "type": "string" - }, - "logLevel": { - "description": "Log level for Prometheus and the config-reloader sidecar.", - "enum": [ - "", - "debug", - "info", - "warn", - "error" - ], - "type": "string" - }, - "maximumStartupDurationSeconds": { - "description": "Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete.\nIf set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).", - "format": "int32", - "minimum": 60, - "type": "integer" - }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", - "format": "int32", - "type": "integer" - }, - "nameEscapingScheme": { - "description": "Specifies the character escaping scheme that will be requested when scraping\nfor metric and label names that do not conform to the legacy Prometheus\ncharacter set.\n\nIt requires Prometheus >= v3.4.0.", - "enum": [ - "AllowUTF8", - "Underscores", - "Dots", - "Values" - ], - "type": "string" - }, - "nameValidationScheme": { - "description": "Specifies the validation scheme for metric and label names.\n\nIt requires Prometheus >= v2.55.0.", - "enum": [ - "UTF8", - "Legacy" - ], - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "Defines on which Nodes the Pods are scheduled.", - "type": "object" - }, - "otlp": { - "description": "Settings related to the OTLP receiver feature.\nIt requires Prometheus >= v2.55.0.", - "properties": { - "convertHistogramsToNHCB": { - "description": "Configures optional translation of OTLP explicit bucket histograms into native histograms with custom buckets.\nIt requires Prometheus >= v3.4.0.", - "type": "boolean" - }, - "keepIdentifyingResourceAttributes": { - "description": "Enables adding `service.name`, `service.namespace` and `service.instance.id`\nresource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels.\n\nIt requires Prometheus >= v3.1.0.", - "type": "boolean" - }, - "promoteResourceAttributes": { - "description": "List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.", - "items": { - "minLength": 1, - "type": "string" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "translationStrategy": { - "description": "Configures how the OTLP receiver endpoint translates the incoming metrics.\n\nIt requires Prometheus >= v3.0.0.", - "enum": [ - "NoUTF8EscapingWithSuffixes", - "UnderscoreEscapingWithSuffixes", - "NoTranslation" - ], - "type": "string" - } - }, - "type": "object" - }, - "overrideHonorLabels": { - "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to \u201cexported_\u201d for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects.", - "type": "boolean" - }, - "overrideHonorTimestamps": { - "description": "When true, Prometheus ignores the timestamps for all the targets created\nfrom service and pod monitors.\nOtherwise the HonorTimestamps field of the service or pod monitor applies.", - "type": "boolean" - }, - "paused": { - "description": "When a Prometheus deployment is paused, no actions except for deletion\nwill be performed on the underlying objects.", - "type": "boolean" - }, - "persistentVolumeClaimRetentionPolicy": { - "description": "The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.\nThe default behavior is all PVCs are retained.\nThis is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.\nIt requires enabling the StatefulSetAutoDeletePVC feature gate.", - "properties": { - "whenDeleted": { - "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is deleted. The default policy\nof `Retain` causes PVCs to not be affected by StatefulSet deletion. The\n`Delete` policy causes those PVCs to be deleted.", - "type": "string" - }, - "whenScaled": { - "description": "WhenScaled specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is scaled down. The default\npolicy of `Retain` causes PVCs to not be affected by a scaledown. The\n`Delete` policy causes the associated PVCs for any excess pods above\nthe replica count to be deleted.", - "type": "string" - } - }, - "type": "object" - }, - "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "podMonitorNamespaceSelector": { - "description": "Namespaces to match for PodMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podMonitorSelector": { - "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podTargetLabels": { - "description": "PodTargetLabels are appended to the `spec.podTargetLabels` field of all\nPodMonitor and ServiceMonitor objects.", - "items": { - "type": "string" - }, - "type": "array" - }, - "portName": { - "default": "web", - "description": "Port name used for the pods and governing service.\nDefault: \"web\"", - "type": "string" - }, - "priorityClassName": { - "description": "Priority class assigned to the Pods.", - "type": "string" - }, - "probeNamespaceSelector": { - "description": "Namespaces to match for Probe discovery. An empty label\nselector matches all namespaces. A null label selector matches the\ncurrent namespace only.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "probeSelector": { - "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prometheusExternalLabelName": { - "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"", - "type": "string" - }, - "prometheusRulesExcludedFromEnforce": { - "description": "Defines the list of PrometheusRule objects to which the namespace label\nenforcement doesn't apply.\nThis is only relevant when `spec.enforcedNamespaceLabel` is set to true.\nDeprecated: use `spec.excludedFromEnforcement` instead.", - "items": { - "description": "PrometheusRuleExcludeConfig enables users to configure excluded\nPrometheusRule names and their namespaces to be ignored while enforcing\nnamespace label for alerts and metrics.", - "properties": { - "ruleName": { - "description": "Name of the excluded PrometheusRule object.", - "type": "string" - }, - "ruleNamespace": { - "description": "Namespace of the excluded PrometheusRule object.", - "type": "string" - } - }, - "required": [ - "ruleName", - "ruleNamespace" - ], - "type": "object" - }, - "type": "array" - }, - "query": { - "description": "QuerySpec defines the configuration of the Promethus query service.", - "properties": { - "lookbackDelta": { - "description": "The delta difference allowed for retrieving metrics during expression evaluations.", - "type": "string" - }, - "maxConcurrency": { - "description": "Number of concurrent queries that can be run at once.", - "format": "int32", - "minimum": 1, - "type": "integer" - }, - "maxSamples": { - "description": "Maximum number of samples a single query can load into memory. Note that\nqueries will fail if they would load more samples than this into memory,\nso this also limits the number of samples a query can return.", - "format": "int32", - "type": "integer" - }, - "timeout": { - "description": "Maximum time a query may take before being aborted.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "queryLogFile": { - "description": "queryLogFile specifies where the file to which PromQL queries are logged.\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream.", - "type": "string" - }, - "reloadStrategy": { - "description": "Defines the strategy used to reload the Prometheus configuration.\nIf not specified, the configuration is reloaded using the /-/reload HTTP endpoint.", - "enum": [ - "HTTP", - "ProcessSignal" - ], - "type": "string" - }, - "remoteRead": { - "description": "Defines the list of remote read configurations.", - "items": { - "description": "RemoteReadSpec defines the configuration for Prometheus to read back samples\nfrom a remote endpoint.", - "properties": { - "authorization": { - "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with `credentials`.", - "type": "string" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", - "type": "string" - }, - "bearerTokenFile": { - "description": "File from which to read the bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", - "type": "string" - }, - "filterExternalLabels": { - "description": "Whether to use the external labels as selectors for the remote read endpoint.\n\nIt requires Prometheus >= v2.34.0.", - "type": "boolean" - }, - "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0.", - "type": "boolean" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "description": "Custom HTTP headers to be sent along with each remote read request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\nOnly valid in Prometheus versions 2.26.0 and newer.", - "type": "object" - }, - "name": { - "description": "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\nIt requires Prometheus >= v2.15.0.", - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "readRecent": { - "description": "Whether reads should be made for queries for time ranges that\nthe local storage should have complete data for.", - "type": "boolean" - }, - "remoteTimeout": { - "description": "Timeout for requests to the remote read endpoint.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "requiredMatchers": { - "additionalProperties": { - "type": "string" - }, - "description": "An optional list of equality matchers which have to be present\nin a selector to query the remote read endpoint.", - "type": "object" - }, - "tlsConfig": { - "description": "TLS Config to use for the URL.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "url": { - "description": "The URL of the endpoint to query from.", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" - }, - "remoteWrite": { - "description": "Defines the list of remote write configurations.", - "items": { - "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", - "properties": { - "authorization": { - "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with `credentials`.", - "type": "string" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "azureAd": { - "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0 or Thanos >= v0.31.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", - "properties": { - "cloud": { - "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", - "enum": [ - "AzureChina", - "AzureGovernment", - "AzurePublic" - ], - "type": "string" - }, - "managedIdentity": { - "description": "ManagedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.", - "properties": { - "clientId": { - "description": "The client id", - "type": "string" - } - }, - "required": [ - "clientId" - ], - "type": "object" - }, - "oauth": { - "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.", - "properties": { - "clientId": { - "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", - "minLength": 1, - "type": "string" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tenantId": { - "description": "`tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.", - "minLength": 1, - "pattern": "^[0-9a-zA-Z-.]+$", - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tenantId" - ], - "type": "object" - }, - "sdk": { - "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.", - "properties": { - "tenantId": { - "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", - "pattern": "^[0-9a-zA-Z-.]+$", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", - "type": "string" - }, - "bearerTokenFile": { - "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", - "type": "string" - }, - "enableHTTP2": { - "description": "Whether to enable HTTP2.", - "type": "boolean" - }, - "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.", - "type": "boolean" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0 or Thanos >= v0.24.0.", - "type": "object" - }, - "messageVersion": { - "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0 or Thanos >= v0.37.0.", - "enum": [ - "V1.0", - "V2.0" - ], - "type": "string" - }, - "metadataConfig": { - "description": "MetadataConfig configures the sending of series metadata to the remote storage.", - "properties": { - "maxSamplesPerSend": { - "description": "MaxSamplesPerSend is the maximum number of metadata samples per send.\n\nIt requires Prometheus >= v2.29.0.", - "format": "int32", - "minimum": -1, - "type": "integer" - }, - "send": { - "description": "Defines whether metric metadata is sent to the remote storage or not.", - "type": "boolean" - }, - "sendInterval": { - "description": "Defines how frequently metric metadata is sent to the remote storage.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0 or Thanos >= 0.24.0.", - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "queueConfig": { - "description": "QueueConfig allows tuning of the remote write queue parameters.", - "properties": { - "batchSendDeadline": { - "description": "BatchSendDeadline is the maximum time a sample will wait in buffer.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "capacity": { - "description": "Capacity is the number of samples to buffer per shard before we start\ndropping them.", - "type": "integer" - }, - "maxBackoff": { - "description": "MaxBackoff is the maximum retry delay.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "maxRetries": { - "description": "MaxRetries is the maximum number of times to retry a batch on recoverable errors.", - "type": "integer" - }, - "maxSamplesPerSend": { - "description": "MaxSamplesPerSend is the maximum number of samples per send.", - "type": "integer" - }, - "maxShards": { - "description": "MaxShards is the maximum number of shards, i.e. amount of concurrency.", - "type": "integer" - }, - "minBackoff": { - "description": "MinBackoff is the initial retry delay. Gets doubled for every retry.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "minShards": { - "description": "MinShards is the minimum number of shards, i.e. amount of concurrency.", - "type": "integer" - }, - "retryOnRateLimit": { - "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "type": "boolean" - }, - "sampleAgeLimit": { - "description": "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0 or Thanos >= v0.32.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "remoteTimeout": { - "description": "Timeout for requests to the remote write endpoint.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "roundRobinDNS": { - "description": "When enabled:\n - The remote-write mechanism will resolve the hostname via DNS.\n - It will randomly select one of the resolved IP addresses and connect to it.\n\nWhen disabled (default behavior):\n - The Go standard library will handle hostname resolution.\n - It will attempt connections to each resolved IP address sequentially.\n\nNote: The connection timeout applies to the entire resolution and connection process.\n If disabled, the timeout is distributed across all connection attempts.\n\nIt requires Prometheus >= v3.1.0 or Thanos >= v0.38.0.", - "type": "boolean" - }, - "sendExemplars": { - "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.", - "type": "boolean" - }, - "sendNativeHistograms": { - "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0 or Thanos >= v0.30.0.", - "type": "boolean" - }, - "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "tlsConfig": { - "description": "TLS Config to use for the URL.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "url": { - "description": "The URL of the endpoint to send samples to.", - "minLength": 1, - "type": "string" - }, - "writeRelabelConfigs": { - "description": "The list of remote write relabel configurations.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" - }, - "remoteWriteReceiverMessageVersions": { - "description": "List of the protobuf message versions to accept when receiving the\nremote writes.\n\nIt requires Prometheus >= v2.54.0.", - "items": { - "enum": [ - "V1.0", - "V2.0" - ], - "type": "string" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "replicaExternalLabelName": { - "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"", - "type": "string" - }, - "replicas": { - "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Defines the resources requests and limits of the 'prometheus' container.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "retention": { - "description": "How long to retain the Prometheus data.\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "retentionSize": { - "description": "Maximum number of bytes used by the Prometheus data.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "routePrefix": { - "description": "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", - "type": "string" - }, - "ruleNamespaceSelector": { - "description": "Namespaces to match for PrometheusRule discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "ruleQueryOffset": { - "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\nIt requires Prometheus >= v2.53.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "ruleSelector": { - "description": "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "rules": { - "description": "Defines the configuration of the Prometheus rules' engine.", - "properties": { - "alert": { - "description": "Defines the parameters of the Prometheus rules' engine.\n\nAny update to these parameters trigger a restart of the pods.", - "properties": { - "forGracePeriod": { - "description": "Minimum duration between alert and restored 'for' state.\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period.", - "type": "string" - }, - "forOutageTolerance": { - "description": "Max time to tolerate prometheus outage for restoring 'for' state of\nalert.", - "type": "string" - }, - "resendDelay": { - "description": "Minimum amount of time to wait before resending an alert to\nAlertmanager.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "runtime": { - "description": "RuntimeConfig configures the values for the Prometheus process behavior", - "properties": { - "goGC": { - "description": "The Go garbage collection target percentage. Lowering this number may increase the CPU usage.\nSee: https://tip.golang.org/doc/gc-guide#GOGC", - "format": "int32", - "minimum": -1, - "type": "integer" - } - }, - "type": "object" - }, - "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", - "format": "int64", - "type": "integer" - }, - "scrapeClasses": { - "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "items": { - "properties": { - "attachMetadata": { - "description": "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration.", - "properties": { - "node": { - "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", - "type": "boolean" - } - }, - "type": "object" - }, - "authorization": { - "description": "Authorization section for the ScrapeClass.\nIt will only apply if the scrape resource doesn't specify any Authorization.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with `credentials`.", - "type": "string" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "default": { - "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default.", - "type": "boolean" - }, - "fallbackScrapeProtocol": { - "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\nIt will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol\n\nIt requires Prometheus >= v3.0.0.", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "metricRelabelings": { - "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Name of the scrape class.", - "minLength": 1, - "type": "string" - }, - "relabelings": { - "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "scrapeClassicHistograms": { - "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v3.5.0.", - "type": "boolean" - }, - "scrapeConfigNamespaceSelector": { - "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "scrapeConfigSelector": { - "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "scrapeFailureLogFile": { - "description": "File to which scrape failures are logged.\nReloading the configuration will reopen the file.\n\nIf the filename has an empty path, e.g. 'file.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/file.log', you\nmust mount a volume in the specified directory and it must be writable.\nIt requires Prometheus >= v2.55.0.", - "minLength": 1, - "type": "string" - }, - "scrapeInterval": { - "default": "30s", - "description": "Interval between consecutive scrapes.\n\nDefault: \"30s\"", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "scrapeProtocols": { - "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0.", - "items": { - "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "scrapeTimeout": { - "description": "Number of seconds to wait until a scrape request times out.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "secrets": { - "description": "Secrets is a list of Secrets in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", - "type": "string" - }, - "serviceDiscoveryRole": { - "description": "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role.", - "enum": [ - "Endpoints", - "EndpointSlice" - ], - "type": "string" - }, - "serviceMonitorNamespaceSelector": { - "description": "Namespaces to match for ServicedMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceMonitorSelector": { - "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceName": { - "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources,\nor `prometheus-agent-operated` for PrometheusAgent resources.\nWhen deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", - "minLength": 1, - "type": "string" - }, - "sha": { - "description": "Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name.", - "type": "string" - }, - "shardRetentionPolicy": { - "description": "ShardRetentionPolicy defines the retention policy for the Prometheus shards.\n(Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled.\n\nThe final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers,\nhowever, the feature is not yet fully implemented in this PR. The limitation being:\n* Retention duration is not settable, for now, shards are retained forever.", - "properties": { - "retain": { - "description": "Defines the config for retention when the retention policy is set to `Retain`.\nThis field is ineffective as of now.", - "properties": { - "retentionPeriod": { - "description": "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "required": [ - "retentionPeriod" - ], - "type": "object" - }, - "whenScaled": { - "description": "Defines the retention policy when the Prometheus shards are scaled down.\n* `Delete`, the operator will delete the pods from the scaled-down shard(s).\n* `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried.\n\nIf not defined, the operator assumes the `Delete` value.", - "enum": [ - "Retain", - "Delete" - ], - "type": "string" - } - }, - "type": "object" - }, - "shards": { - "description": "Number of shards to distribute the scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use either\n* Thanos sidecar + querier for query federation and Thanos Ruler for rules.\n* Remote-write to send metrics to a central location.\n\nBy default, the sharding of targets is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class).\n\nYou can also disable sharding on a specific target by setting the\n`__tmp_disable_sharding` label with relabeling configuration. When\nthe label value isn't empty, all Prometheus shards will scrape the target.", - "format": "int32", - "type": "integer" - }, - "storage": { - "description": "Storage defines the storage used by Prometheus.", - "properties": { - "disableMountSubPath": { - "description": "Deprecated: subPath usage will be removed in a future release.", - "type": "boolean" - }, - "emptyDir": { - "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "volumeClaimTemplate": { - "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "Deprecated: this field is never set.", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" - }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", - "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" - }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "tag": { - "description": "Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name.", - "type": "string" - }, - "targetLimit": { - "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", - "format": "int64", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 600 seconds.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "thanos": { - "description": "Defines the configuration of the optional Thanos sidecar.", - "properties": { - "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the Thanos container.\nThe arguments are passed as-is to the Thanos container which may cause issues\nif they are invalid or not supported the given Thanos version.\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", - "items": { - "description": "Argument as part of the AdditionalArgs list.", - "properties": { - "name": { - "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "baseImage": { - "description": "Deprecated: use 'image' instead.", - "type": "string" - }, - "blockSize": { - "default": "2h", - "description": "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "getConfigInterval": { - "description": "How often to retrieve the Prometheus configuration.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "getConfigTimeout": { - "description": "Maximum time to wait when retrieving the Prometheus configuration.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "grpcListenLocal": { - "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\nIt has no effect if `listenLocal` is true.", - "type": "boolean" - }, - "grpcServerTlsConfig": { - "description": "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "httpListenLocal": { - "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\nIt has no effect if `listenLocal` is true.", - "type": "boolean" - }, - "image": { - "description": "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released.", - "type": "string" - }, - "listenLocal": { - "description": "Deprecated: use `grpcListenLocal` and `httpListenLocal` instead.", - "type": "boolean" - }, - "logFormat": { - "description": "Log format for the Thanos sidecar.", - "enum": [ - "", - "logfmt", - "json" - ], - "type": "string" - }, - "logLevel": { - "description": "Log level for the Thanos sidecar.", - "enum": [ - "", - "debug", - "info", - "warn", - "error" - ], - "type": "string" - }, - "minTime": { - "description": "Defines the start of time range limit served by the Thanos sidecar's StoreAPI.\nThe field's value should be a constant time in RFC3339 format or a time\nduration relative to current time, such as -1d or 2h45m. Valid duration\nunits are ms, s, m, h, d, w, y.", - "type": "string" - }, - "objectStorageConfig": { - "description": "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nobjectStorageConfigFile takes precedence over this field.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "objectStorageConfigFile": { - "description": "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nThis field takes precedence over objectStorageConfig.", - "type": "string" - }, - "readyTimeout": { - "description": "ReadyTimeout is the maximum time that the Thanos sidecar will wait for\nPrometheus to start.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "resources": { - "description": "Defines the resources requests and limits of the Thanos sidecar.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "sha": { - "description": "Deprecated: use 'image' instead. The image digest can be specified as part of the image name.", - "type": "string" - }, - "tag": { - "description": "Deprecated: use 'image' instead. The image's tag can be specified as as part of the image name.", - "type": "string" - }, - "tracingConfig": { - "description": "Defines the tracing configuration for the Thanos sidecar.\n\n`tracingConfigFile` takes precedence over this field.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tracingConfigFile": { - "description": "Defines the tracing configuration file for the Thanos sidecar.\n\nThis field takes precedence over `tracingConfig`.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "type": "string" - }, - "version": { - "description": "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased.", - "type": "string" - }, - "volumeMounts": { - "description": "VolumeMounts allows configuration of additional VolumeMounts for Thanos.\nVolumeMounts specified will be appended to other VolumeMounts in the\n'thanos-sidecar' container.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Defines the Pods' tolerations if specified.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "Defines the pod's topology spread constraints if specified.", - "items": { - "properties": { - "additionalLabelSelectors": { - "description": "Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint.", - "enum": [ - "OnResource", - "OnShard" - ], - "type": "string" - }, - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "tracingConfig": { - "description": "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "properties": { - "clientType": { - "description": "Client used to export the traces. Supported values are `http` or `grpc`.", - "enum": [ - "http", - "grpc" - ], - "type": "string" - }, - "compression": { - "description": "Compression key for supported compression types. The only supported value is `gzip`.", - "enum": [ - "gzip" - ], - "type": "string" - }, - "endpoint": { - "description": "Endpoint to send the traces to. Should be provided in format :.", - "minLength": 1, - "type": "string" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "description": "Key-value pairs to be used as headers associated with gRPC or HTTP requests.", - "type": "object" - }, - "insecure": { - "description": "If disabled, the client will use a secure connection.", - "type": "boolean" - }, - "samplingFraction": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Sets the probability a given trace will be sampled. Must be a float from 0 through 1.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "timeout": { - "description": "Maximum time the exporter will wait for each batch export.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS Config to use when sending traces.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "endpoint" - ], - "type": "object" - }, - "tsdb": { - "description": "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", - "properties": { - "outOfOrderTimeWindow": { - "description": "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "version": { - "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", - "type": "string" - }, - "volumeMounts": { - "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumes": { - "description": "Volumes allows the configuration of additional volumes on the output\nStatefulSet definition. Volumes specified will be appended to other\nvolumes that are generated as a result of StorageSpec objects.", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "walCompression": { - "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above.", - "type": "boolean" - }, - "web": { - "description": "Defines the configuration of the Prometheus web server.", - "properties": { - "httpConfig": { - "description": "Defines HTTP parameters for web server.", - "properties": { - "headers": { - "description": "List of headers that can be added to HTTP responses.", - "properties": { - "contentSecurityPolicy": { - "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", - "type": "string" - }, - "strictTransportSecurity": { - "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", - "type": "string" - }, - "xContentTypeOptions": { - "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", - "enum": [ - "", - "NoSniff" - ], - "type": "string" - }, - "xFrameOptions": { - "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", - "enum": [ - "", - "Deny", - "SameOrigin" - ], - "type": "string" - }, - "xXSSProtection": { - "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", - "type": "string" - } - }, - "type": "object" - }, - "http2": { - "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", - "type": "boolean" - } - }, - "type": "object" - }, - "maxConnections": { - "description": "Defines the maximum number of simultaneous connections\nA zero value means that Prometheus doesn't accept any incoming connection.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "pageTitle": { - "description": "The prometheus web page title.", - "type": "string" - }, - "tlsConfig": { - "description": "Defines the TLS parameters for HTTPS.", - "properties": { - "cert": { - "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", - "type": "string" - }, - "cipherSuites": { - "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", - "items": { - "type": "string" - }, - "type": "array" - }, - "clientAuthType": { - "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", - "type": "string" - }, - "clientCAFile": { - "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", - "type": "string" - }, - "client_ca": { - "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "curvePreferences": { - "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", - "items": { - "type": "string" - }, - "type": "array" - }, - "keyFile": { - "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum TLS version that is acceptable.", - "type": "string" - }, - "minVersion": { - "description": "Minimum TLS version that is acceptable.", - "type": "string" - }, - "preferServerCipherSuites": { - "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "Most recent observed status of the Prometheus cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Prometheus deployment.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "The current state of the Prometheus deployment.", - "items": { - "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Human-readable message indicating details for the condition's last transition.", - "type": "string" - }, - "observedGeneration": { - "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", - "format": "int64", - "type": "integer" - }, - "reason": { - "description": "Reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition.", - "minLength": 1, - "type": "string" - }, - "type": { - "description": "Type of the condition being reported.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "paused": { - "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", - "type": "boolean" - }, - "replicas": { - "description": "Total number of non-terminated pods targeted by this Prometheus deployment\n(their labels match the selector).", - "format": "int32", - "type": "integer" - }, - "selector": { - "description": "The selector used to match the pods targeted by this Prometheus resource.", - "type": "string" - }, - "shardStatuses": { - "description": "The list has one entry per shard. Each entry provides a summary of the shard status.", - "items": { - "properties": { - "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this shard.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "Total number of pods targeted by this shard.", - "format": "int32", - "type": "integer" - }, - "shardID": { - "description": "Identifier of the shard.", - "type": "string" - }, - "unavailableReplicas": { - "description": "Total number of unavailable pods targeted by this shard.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "Total number of non-terminated pods targeted by this shard\nthat have the desired spec.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "availableReplicas", - "replicas", - "shardID", - "unavailableReplicas", - "updatedReplicas" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "shardID" - ], - "x-kubernetes-list-type": "map" - }, - "shards": { - "description": "Shards is the most recently observed number of shards.", - "format": "int32", - "type": "integer" - }, - "unavailableReplicas": { - "description": "Total number of unavailable pods targeted by this Prometheus deployment.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "Total number of non-terminated pods targeted by this Prometheus deployment\nthat have the desired version spec.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "availableReplicas", - "paused", - "replicas", - "unavailableReplicas", - "updatedReplicas" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "Prometheus", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/PrometheusList": { - "description": "PrometheusList is a list of Prometheus", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of prometheuses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.Prometheus" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "PrometheusList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/PrometheusRule": { - "description": "The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.\n\n`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of desired alerting rule definitions for Prometheus.", - "properties": { - "groups": { - "description": "Content of Prometheus rule file", - "items": { - "description": "RuleGroup is a list of sequentially evaluated recording and alerting rules.", - "properties": { - "interval": { - "description": "Interval determines how often rules in the group are evaluated.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Labels to add or overwrite before storing the result for its rules.\nThe labels defined at the rule level take precedence.\n\nIt requires Prometheus >= 3.0.0.\nThe field is ignored for Thanos Ruler.", - "type": "object" - }, - "limit": { - "description": "Limit the number of alerts an alerting rule and series a recording\nrule can produce.\nLimit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.", - "type": "integer" - }, - "name": { - "description": "Name of the rule group.", - "minLength": 1, - "type": "string" - }, - "partial_response_strategy": { - "description": "PartialResponseStrategy is only used by ThanosRuler and will\nbe ignored by Prometheus instances.\nMore info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response", - "pattern": "^(?i)(abort|warn)?$", - "type": "string" - }, - "query_offset": { - "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\n\nIt requires Prometheus >= v2.53.0.\nIt is not supported for ThanosRuler.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "rules": { - "description": "List of alerting and recording rules.", - "items": { - "description": "Rule describes an alerting or recording rule\nSee Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule", - "properties": { - "alert": { - "description": "Name of the alert. Must be a valid label value.\nOnly one of `record` and `alert` must be set.", - "type": "string" - }, - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations to add to each alert.\nOnly valid for alerting rules.", - "type": "object" - }, - "expr": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "PromQL expression to evaluate.", - "x-kubernetes-int-or-string": true - }, - "for": { - "description": "Alerts are considered firing once they have been returned for this long.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "keep_firing_for": { - "description": "KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared.", - "minLength": 1, - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Labels to add or overwrite.", - "type": "object" - }, - "record": { - "description": "Name of the time series to output to. Must be a valid metric name.\nOnly one of `record` and `alert` must be set.", - "type": "string" - } - }, - "required": [ - "expr" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "PrometheusRule", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/PrometheusRuleList": { - "description": "PrometheusRuleList is a list of PrometheusRule", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of prometheusrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.PrometheusRule" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "PrometheusRuleList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/ServiceMonitor": { - "description": "The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.\nAmong other things, it allows to specify:\n* The services to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of desired Service selection for target discovery by\nPrometheus.", - "properties": { - "attachMetadata": { - "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.37.0.", - "properties": { - "node": { - "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", - "type": "boolean" - } - }, - "type": "object" - }, - "bodySizeLimit": { - "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", - "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", - "type": "string" - }, - "convertClassicHistogramsToNHCB": { - "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", - "type": "boolean" - }, - "endpoints": { - "description": "List of endpoints part of this ServiceMonitor.\nDefines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects.\nIn most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.", - "items": { - "description": "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", - "properties": { - "authorization": { - "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenFile": { - "description": "File to read bearer token for scraping the target.\n\nDeprecated: use `authorization` instead.", - "type": "string" - }, - "bearerTokenSecret": { - "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "enableHttp2": { - "description": "`enableHttp2` can be used to disable HTTP2 when scraping the target.", - "type": "boolean" - }, - "filterRunning": { - "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", - "type": "boolean" - }, - "followRedirects": { - "description": "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects.", - "type": "boolean" - }, - "honorLabels": { - "description": "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels.", - "type": "boolean" - }, - "honorTimestamps": { - "description": "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target.", - "type": "boolean" - }, - "interval": { - "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "metricRelabelings": { - "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "params": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "params define optional HTTP URL parameters.", - "type": "object" - }, - "path": { - "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", - "type": "string" - }, - "port": { - "description": "Name of the Service port which this endpoint refers to.\n\nIt takes precedence over `targetPort`.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "relabelings": { - "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "scheme": { - "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", - "enum": [ - "http", - "https" - ], - "type": "string" - }, - "scrapeTimeout": { - "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the target port of the `Pod` object behind the\nService. The port must be specified with the container's port property.", - "x-kubernetes-int-or-string": true - }, - "tlsConfig": { - "description": "TLS configuration to use when scraping the target.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "trackTimestampsStaleness": { - "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", - "type": "boolean" - } - }, - "type": "object" - }, - "type": "array" - }, - "fallbackScrapeProtocol": { - "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "jobLabel": { - "description": "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`.", - "type": "string" - }, - "keepDroppedTargets": { - "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", - "format": "int64", - "type": "integer" - }, - "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", - "format": "int64", - "type": "integer" - }, - "namespaceSelector": { - "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the services.\nBy default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces.", - "properties": { - "any": { - "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", - "type": "boolean" - }, - "matchNames": { - "description": "List of namespace names to select from.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "nativeHistogramBucketLimit": { - "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", - "format": "int64", - "type": "integer" - }, - "nativeHistogramMinBucketFactor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "podTargetLabels": { - "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", - "items": { - "type": "string" - }, - "type": "array" - }, - "sampleLimit": { - "description": "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted.", - "format": "int64", - "type": "integer" - }, - "scrapeClass": { - "description": "The scrape class to apply.", - "minLength": 1, - "type": "string" - }, - "scrapeClassicHistograms": { - "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", - "type": "boolean" - }, - "scrapeProtocols": { - "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", - "items": { - "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", - "enum": [ - "PrometheusProto", - "OpenMetricsText0.0.1", - "OpenMetricsText1.0.0", - "PrometheusText0.0.4", - "PrometheusText1.0.0" - ], - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "selector": { - "description": "Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selectorMechanism": { - "description": "Mechanism used to select the endpoints to scrape.\nBy default, the selection process relies on relabel configurations to filter the discovered targets.\nAlternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.\nWhich strategy is best for your use case needs to be carefully evaluated.\n\nIt requires Prometheus >= v2.17.0.", - "enum": [ - "RelabelConfig", - "RoleSelector" - ], - "type": "string" - }, - "targetLabels": { - "description": "`targetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Service` object onto the ingested metrics.", - "items": { - "type": "string" - }, - "type": "array" - }, - "targetLimit": { - "description": "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "endpoints", - "selector" - ], - "type": "object" - }, - "status": { - "description": "This Status subresource is under active development and is updated only when the\n\"StatusForConfigurationResources\" feature gate is enabled.\n\nMost recent observed status of the ServiceMonitor. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "bindings": { - "description": "The list of workload resources (Prometheus or PrometheusAgent) which select the configuration resource.", - "items": { - "description": "WorkloadBinding is a link between a configuration resource and a workload resource.", - "properties": { - "conditions": { - "description": "The current state of the configuration resource when bound to the referenced Prometheus object.", - "items": { - "description": "ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager, or ThanosRuler.", - "properties": { - "lastTransitionTime": { - "description": "LastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Human-readable message indicating details for the condition's last transition.", - "type": "string" - }, - "observedGeneration": { - "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the object.", - "format": "int64", - "type": "integer" - }, - "reason": { - "description": "Reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition.", - "minLength": 1, - "type": "string" - }, - "type": { - "description": "Type of the condition being reported.\nCurrently, only \"Accepted\" is supported.", - "enum": [ - "Accepted" - ], - "minLength": 1, - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "group": { - "description": "The group of the referenced resource.", - "enum": [ - "monitoring.coreos.com" - ], - "type": "string" - }, - "name": { - "description": "The name of the referenced object.", - "minLength": 1, - "type": "string" - }, - "namespace": { - "description": "The namespace of the referenced object.", - "minLength": 1, - "type": "string" - }, - "resource": { - "description": "The type of resource being referenced (e.g. Prometheus or PrometheusAgent).", - "enum": [ - "prometheuses", - "prometheusagents" - ], - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "ServiceMonitor", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/ServiceMonitorList": { - "description": "ServiceMonitorList is a list of ServiceMonitor", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of servicemonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.ServiceMonitor" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "ServiceMonitorList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/ThanosRuler": { - "description": "The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.\n\nA `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).\n\nThe resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the ThanosRuler cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the ThanosRuler container.\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nThanosRuler container which may cause issues if they are invalid or not supported\nby the given ThanosRuler version.\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument the reconciliation will\nfail and an error will be logged.", - "items": { - "description": "Argument as part of the AdditionalArgs list.", - "properties": { - "name": { - "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "alertDropLabels": { - "description": "Configures the label names which should be dropped in Thanos Ruler\nalerts.\n\nThe replica label `thanos_ruler_replica` will always be dropped from the alerts.", - "items": { - "type": "string" - }, - "type": "array" - }, - "alertQueryUrl": { - "description": "The external Query URL the Thanos Ruler will set in the 'Source' field\nof all alerts.\nMaps to the '--alert.query-url' CLI arg.", - "type": "string" - }, - "alertRelabelConfigFile": { - "description": "Configures the path to the alert relabeling configuration file.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `alertRelabelConfig`.", - "type": "string" - }, - "alertRelabelConfigs": { - "description": "Configures alert relabeling in Thanos Ruler.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration.\n\n`alertRelabelConfigFile` takes precedence over this field.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "alertmanagersConfig": { - "description": "Configures the list of Alertmanager endpoints to send alerts to.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.\n\nIt requires Thanos >= v0.10.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `alertmanagersUrl`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "alertmanagersUrl": { - "description": "Configures the list of Alertmanager endpoints to send alerts to.\n\nFor Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead.\n\n`alertmanagersConfig` takes precedence over this field.", - "items": { - "type": "string" - }, - "type": "array" - }, - "containers": { - "description": "Containers allows injecting additional containers or modifying operator generated\ncontainers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or\nto change the behavior of an operator generated container. Containers described here modify\nan operator generated container if they share the same name and modifications are done via a\nstrategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`.\nOverriding containers is entirely outside the scope of what the maintainers will support and by doing\nso, you accept that this behaviour may break at any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "dnsConfig": { - "description": "Defines the DNS configuration for the pods.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is required and must be unique.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value is optional.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", - "items": { - "minLength": 1, - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "dnsPolicy": { - "description": "Defines the DNS policy for the pods.", - "enum": [ - "ClusterFirstWithHostNet", - "ClusterFirst", - "Default", - "None" - ], - "type": "string" - }, - "enableServiceLinks": { - "description": "Indicates whether information about services should be injected into pod's environment variables", - "type": "boolean" - }, - "enforcedNamespaceLabel": { - "description": "EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert\nand metric that is user created. The label value will always be the namespace of the object that is\nbeing created.", - "type": "string" - }, - "evaluationInterval": { - "default": "15s", - "description": "Interval between consecutive evaluations.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "excludedFromEnforcement": { - "description": "List of references to PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\nApplies only if enforcedNamespaceLabel set to true.", - "items": { - "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", - "properties": { - "group": { - "default": "monitoring.coreos.com", - "description": "Group of the referent. When not specified, it defaults to `monitoring.coreos.com`", - "enum": [ - "monitoring.coreos.com" - ], - "type": "string" - }, - "name": { - "description": "Name of the referent. When not set, all resources in the namespace are matched.", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "minLength": 1, - "type": "string" - }, - "resource": { - "description": "Resource of the referent.", - "enum": [ - "prometheusrules", - "servicemonitors", - "podmonitors", - "probes", - "scrapeconfigs" - ], - "type": "string" - } - }, - "required": [ - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array" - }, - "externalPrefix": { - "description": "The external URL the Thanos Ruler instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Thanos Ruler is not\nserved from root of a DNS name.", - "type": "string" - }, - "grpcServerTlsConfig": { - "description": "GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads\nrecorded rule data.\nNote: Currently only the CAFile, CertFile, and KeyFile fields are supported.\nMaps to the '--grpc-server-tls-*' CLI args.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "hostAliases": { - "description": "Pods' hostAliases configuration", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array" - }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string" - } - }, - "required": [ - "hostnames", - "ip" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "image": { - "description": "Thanos container image URL.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy for the 'thanos', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", - "enum": [ - "", - "Always", - "Never", - "IfNotPresent" - ], - "type": "string" - }, - "imagePullSecrets": { - "description": "An optional list of references to secrets in the same namespace\nto use for pulling thanos images from registries\nsee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "initContainers": { - "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the ThanosRuler configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nUsing initContainers for any use case other then secret fetching is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that this behaviour may break\nat any time without notice.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Configures the external label pairs of the ThanosRuler resource.\n\nA default replica label `thanos_ruler_replica` will be always added as a\nlabel with the value of the pod's name.", - "type": "object" - }, - "listenLocal": { - "description": "ListenLocal makes the Thanos ruler listen on loopback, so that it\ndoes not bind against the Pod IP.", - "type": "boolean" - }, - "logFormat": { - "description": "Log format for ThanosRuler to be configured with.", - "enum": [ - "", - "logfmt", - "json" - ], - "type": "string" - }, - "logLevel": { - "description": "Log level for ThanosRuler to be configured with.", - "enum": [ - "", - "debug", - "info", - "warn", - "error" - ], - "type": "string" - }, - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.", - "format": "int32", - "type": "integer" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "Define which Nodes the Pods are scheduled on.", - "type": "object" - }, - "objectStorageConfig": { - "description": "Configures object storage.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration.\n\n`objectStorageConfigFile` takes precedence over this field.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "objectStorageConfigFile": { - "description": "Configures the path of the object storage configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `objectStorageConfig`.", - "type": "string" - }, - "paused": { - "description": "When a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects.", - "type": "boolean" - }, - "podMetadata": { - "description": "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\".", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "portName": { - "default": "web", - "description": "Port name used for the pods and governing service.\nDefaults to `web`.", - "type": "string" - }, - "priorityClassName": { - "description": "Priority class assigned to the Pods", - "type": "string" - }, - "prometheusRulesExcludedFromEnforce": { - "description": "PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing\nof adding namespace labels. Works only if enforcedNamespaceLabel set to true.\nMake sure both ruleNamespace and ruleName are set for each pair\nDeprecated: use excludedFromEnforcement instead.", - "items": { - "description": "PrometheusRuleExcludeConfig enables users to configure excluded\nPrometheusRule names and their namespaces to be ignored while enforcing\nnamespace label for alerts and metrics.", - "properties": { - "ruleName": { - "description": "Name of the excluded PrometheusRule object.", - "type": "string" - }, - "ruleNamespace": { - "description": "Namespace of the excluded PrometheusRule object.", - "type": "string" - } - }, - "required": [ - "ruleName", - "ruleNamespace" - ], - "type": "object" - }, - "type": "array" - }, - "queryConfig": { - "description": "Configures the list of Thanos Query endpoints from which to query metrics.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api\n\nIt requires Thanos >= v0.11.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `queryEndpoints`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "queryEndpoints": { - "description": "Configures the list of Thanos Query endpoints from which to query metrics.\n\nFor Thanos >= v0.11.0, it is recommended to use `queryConfig` instead.\n\n`queryConfig` takes precedence over this field.", - "items": { - "type": "string" - }, - "type": "array" - }, - "remoteWrite": { - "description": "Defines the list of remote write configurations.\n\nWhen the list isn't empty, the ruler is configured with stateless mode.\n\nIt requires Thanos >= 0.24.0.", - "items": { - "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", - "properties": { - "authorization": { - "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with `credentials`.", - "type": "string" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "azureAd": { - "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0 or Thanos >= v0.31.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", - "properties": { - "cloud": { - "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", - "enum": [ - "AzureChina", - "AzureGovernment", - "AzurePublic" - ], - "type": "string" - }, - "managedIdentity": { - "description": "ManagedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.", - "properties": { - "clientId": { - "description": "The client id", - "type": "string" - } - }, - "required": [ - "clientId" - ], - "type": "object" - }, - "oauth": { - "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.", - "properties": { - "clientId": { - "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", - "minLength": 1, - "type": "string" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tenantId": { - "description": "`tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.", - "minLength": 1, - "pattern": "^[0-9a-zA-Z-.]+$", - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tenantId" - ], - "type": "object" - }, - "sdk": { - "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.", - "properties": { - "tenantId": { - "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", - "pattern": "^[0-9a-zA-Z-.]+$", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerToken": { - "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", - "type": "string" - }, - "bearerTokenFile": { - "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", - "type": "string" - }, - "enableHTTP2": { - "description": "Whether to enable HTTP2.", - "type": "boolean" - }, - "followRedirects": { - "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.", - "type": "boolean" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0 or Thanos >= v0.24.0.", - "type": "object" - }, - "messageVersion": { - "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0 or Thanos >= v0.37.0.", - "enum": [ - "V1.0", - "V2.0" - ], - "type": "string" - }, - "metadataConfig": { - "description": "MetadataConfig configures the sending of series metadata to the remote storage.", - "properties": { - "maxSamplesPerSend": { - "description": "MaxSamplesPerSend is the maximum number of metadata samples per send.\n\nIt requires Prometheus >= v2.29.0.", - "format": "int32", - "minimum": -1, - "type": "integer" - }, - "send": { - "description": "Defines whether metric metadata is sent to the remote storage or not.", - "type": "boolean" - }, - "sendInterval": { - "description": "Defines how frequently metric metadata is sent to the remote storage.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0 or Thanos >= 0.24.0.", - "type": "string" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "queueConfig": { - "description": "QueueConfig allows tuning of the remote write queue parameters.", - "properties": { - "batchSendDeadline": { - "description": "BatchSendDeadline is the maximum time a sample will wait in buffer.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "capacity": { - "description": "Capacity is the number of samples to buffer per shard before we start\ndropping them.", - "type": "integer" - }, - "maxBackoff": { - "description": "MaxBackoff is the maximum retry delay.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "maxRetries": { - "description": "MaxRetries is the maximum number of times to retry a batch on recoverable errors.", - "type": "integer" - }, - "maxSamplesPerSend": { - "description": "MaxSamplesPerSend is the maximum number of samples per send.", - "type": "integer" - }, - "maxShards": { - "description": "MaxShards is the maximum number of shards, i.e. amount of concurrency.", - "type": "integer" - }, - "minBackoff": { - "description": "MinBackoff is the initial retry delay. Gets doubled for every retry.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "minShards": { - "description": "MinShards is the minimum number of shards, i.e. amount of concurrency.", - "type": "integer" - }, - "retryOnRateLimit": { - "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", - "type": "boolean" - }, - "sampleAgeLimit": { - "description": "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0 or Thanos >= v0.32.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - } - }, - "type": "object" - }, - "remoteTimeout": { - "description": "Timeout for requests to the remote write endpoint.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "roundRobinDNS": { - "description": "When enabled:\n - The remote-write mechanism will resolve the hostname via DNS.\n - It will randomly select one of the resolved IP addresses and connect to it.\n\nWhen disabled (default behavior):\n - The Go standard library will handle hostname resolution.\n - It will attempt connections to each resolved IP address sequentially.\n\nNote: The connection timeout applies to the entire resolution and connection process.\n If disabled, the timeout is distributed across all connection attempts.\n\nIt requires Prometheus >= v3.1.0 or Thanos >= v0.38.0.", - "type": "boolean" - }, - "sendExemplars": { - "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.", - "type": "boolean" - }, - "sendNativeHistograms": { - "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0 or Thanos >= v0.30.0.", - "type": "boolean" - }, - "sigv4": { - "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "tlsConfig": { - "description": "TLS Config to use for the URL.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "caFile": { - "description": "Path to the CA cert in the Prometheus container to use for the targets.", - "type": "string" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the client cert file in the Prometheus container for the targets.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keyFile": { - "description": "Path to the client key file in the Prometheus container for the targets.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "url": { - "description": "The URL of the endpoint to send samples to.", - "minLength": 1, - "type": "string" - }, - "writeRelabelConfigs": { - "description": "The list of remote write relabel configurations.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" - }, - "replicas": { - "description": "Number of thanos ruler instances to deploy.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines the resource requirements for single Pods.\nIf not provided, no requests/limits will be set", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "retention": { - "default": "24h", - "description": "Time duration ThanosRuler shall retain data for. Default is '24h', and\nmust match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds\nseconds minutes hours days weeks years).\n\nThe field has no effect when remote-write is configured since the Ruler\noperates in stateless mode.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "routePrefix": { - "description": "The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.", - "type": "string" - }, - "ruleConcurrentEval": { - "description": "How many rules can be evaluated concurrently.\nIt requires Thanos >= v0.37.0.", - "format": "int32", - "minimum": 1, - "type": "integer" - }, - "ruleNamespaceSelector": { - "description": "Namespaces to be selected for Rules discovery. If unspecified, only\nthe same namespace as the ThanosRuler object is in is used.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "ruleOutageTolerance": { - "description": "Max time to tolerate prometheus outage for restoring \"for\" state of alert.\nIt requires Thanos >= v0.30.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "ruleQueryOffset": { - "description": "The default rule group's query offset duration to use.\nIt requires Thanos >= v0.38.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "ruleSelector": { - "description": "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nThanos Ruler Pods.", - "type": "string" - }, - "serviceName": { - "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the ThanosRuler resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `thanos-ruler-operated` for ThanosRuler resources.\nWhen deploying multiple ThanosRuler resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", - "minLength": 1, - "type": "string" - }, - "storage": { - "description": "Storage spec to specify how storage shall be used.", - "properties": { - "disableMountSubPath": { - "description": "Deprecated: subPath usage will be removed in a future release.", - "type": "boolean" - }, - "emptyDir": { - "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "volumeClaimTemplate": { - "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", - "type": "object" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "Deprecated: this field is never set.", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" - }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", - "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" - }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 120 seconds.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "If specified, the pod's topology spread constraints.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "tracingConfig": { - "description": "Configures tracing.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration.\n\n`tracingConfigFile` takes precedence over this field.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tracingConfigFile": { - "description": "Configures the path of the tracing configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `tracingConfig`.", - "type": "string" - }, - "version": { - "description": "Version of Thanos to be deployed.", - "type": "string" - }, - "volumeMounts": { - "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the ruler container,\nthat are generated as a result of StorageSpec objects.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumes": { - "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will\nbe appended to other volumes that are generated as a result of StorageSpec objects.", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "web": { - "description": "Defines the configuration of the ThanosRuler web server.", - "properties": { - "httpConfig": { - "description": "Defines HTTP parameters for web server.", - "properties": { - "headers": { - "description": "List of headers that can be added to HTTP responses.", - "properties": { - "contentSecurityPolicy": { - "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", - "type": "string" - }, - "strictTransportSecurity": { - "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", - "type": "string" - }, - "xContentTypeOptions": { - "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", - "enum": [ - "", - "NoSniff" - ], - "type": "string" - }, - "xFrameOptions": { - "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", - "enum": [ - "", - "Deny", - "SameOrigin" - ], - "type": "string" - }, - "xXSSProtection": { - "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", - "type": "string" - } - }, - "type": "object" - }, - "http2": { - "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", - "type": "boolean" - } - }, - "type": "object" - }, - "tlsConfig": { - "description": "Defines the TLS parameters for HTTPS.", - "properties": { - "cert": { - "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "certFile": { - "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", - "type": "string" - }, - "cipherSuites": { - "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", - "items": { - "type": "string" - }, - "type": "array" - }, - "clientAuthType": { - "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", - "type": "string" - }, - "clientCAFile": { - "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", - "type": "string" - }, - "client_ca": { - "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "curvePreferences": { - "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", - "items": { - "type": "string" - }, - "type": "array" - }, - "keyFile": { - "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", - "type": "string" - }, - "keySecret": { - "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum TLS version that is acceptable.", - "type": "string" - }, - "minVersion": { - "description": "Minimum TLS version that is acceptable.", - "type": "string" - }, - "preferServerCipherSuites": { - "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "Most recent observed status of the ThanosRuler cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this ThanosRuler deployment.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "The current state of the ThanosRuler object.", - "items": { - "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Human-readable message indicating details for the condition's last transition.", - "type": "string" - }, - "observedGeneration": { - "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", - "format": "int64", - "type": "integer" - }, - "reason": { - "description": "Reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition.", - "minLength": 1, - "type": "string" - }, - "type": { - "description": "Type of the condition being reported.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "paused": { - "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", - "type": "boolean" - }, - "replicas": { - "description": "Total number of non-terminated pods targeted by this ThanosRuler deployment\n(their labels match the selector).", - "format": "int32", - "type": "integer" - }, - "unavailableReplicas": { - "description": "Total number of unavailable pods targeted by this ThanosRuler deployment.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "description": "Total number of non-terminated pods targeted by this ThanosRuler deployment\nthat have the desired version spec.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "availableReplicas", - "paused", - "replicas", - "unavailableReplicas", - "updatedReplicas" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "ThanosRuler", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1/ThanosRulerList": { - "description": "ThanosRulerList is a list of ThanosRuler", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of thanosrulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1.ThanosRuler" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "ThanosRulerList", - "version": "v1" - } - ] - }, - "monitoring.coreos.com/v1alpha1/AlertmanagerConfig": { - "description": "AlertmanagerConfig configures the Prometheus Alertmanager,\nspecifying how alerts should be grouped, inhibited and notified to external systems.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the\nAlertmanager configuration.\nBy default, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig\nresource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the\nAlertmanager CRD).", - "properties": { - "inhibitRules": { - "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", - "items": { - "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other\nalerts are already firing.\nSee https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", - "properties": { - "equal": { - "description": "Labels that must have an equal value in the source and target alert for\nthe inhibition to take effect.", - "items": { - "type": "string" - }, - "type": "array" - }, - "sourceMatch": { - "description": "Matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the\nresource's namespace.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "regex": { - "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", - "type": "boolean" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "targetMatch": { - "description": "Matchers that have to be fulfilled in the alerts to be muted. The\noperator enforces that the alert matches the resource's namespace.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "regex": { - "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", - "type": "boolean" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - }, - "muteTimeIntervals": { - "description": "List of MuteTimeInterval specifying when the routes should be muted.", - "items": { - "description": "MuteTimeInterval specifies the periods in time when notifications will be muted", - "properties": { - "name": { - "description": "Name of the time interval", - "type": "string" - }, - "timeIntervals": { - "description": "TimeIntervals is a list of TimeInterval", - "items": { - "description": "TimeInterval describes intervals of time", - "properties": { - "daysOfMonth": { - "description": "DaysOfMonth is a list of DayOfMonthRange", - "items": { - "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", - "properties": { - "end": { - "description": "End of the inclusive range", - "maximum": 31, - "minimum": -31, - "type": "integer" - }, - "start": { - "description": "Start of the inclusive range", - "maximum": 31, - "minimum": -31, - "type": "integer" - } - }, - "type": "object" - }, - "type": "array" - }, - "months": { - "description": "Months is a list of MonthRange", - "items": { - "description": "MonthRange is an inclusive range of months of the year beginning in January\nMonths can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", - "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)", - "type": "string" - }, - "type": "array" - }, - "times": { - "description": "Times is a list of TimeRange", - "items": { - "description": "TimeRange defines a start and end time in 24hr format", - "properties": { - "endTime": { - "description": "EndTime is the end time in 24hr format.", - "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", - "type": "string" - }, - "startTime": { - "description": "StartTime is the start time in 24hr format.", - "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "weekdays": { - "description": "Weekdays is a list of WeekdayRange", - "items": { - "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday\nDays can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", - "pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)", - "type": "string" - }, - "type": "array" - }, - "years": { - "description": "Years is a list of YearRange", - "items": { - "description": "YearRange is an inclusive range of years", - "pattern": "^2\\d{3}(?::2\\d{3}|$)", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "receivers": { - "description": "List of receivers.", - "items": { - "description": "Receiver defines one or more notification integrations.", - "properties": { - "discordConfigs": { - "description": "List of Discord configurations.", - "items": { - "description": "DiscordConfig configures notifications via Discord.\nSee https://prometheus.io/docs/alerting/latest/configuration/#discord_config", - "properties": { - "apiURL": { - "description": "The secret's key that contains the Discord webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "avatarURL": { - "description": "The avatar url of the message sender.", - "pattern": "^https?://.+$", - "type": "string" - }, - "content": { - "description": "The template of the content's body.", - "minLength": 1, - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "The template of the message's body.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "title": { - "description": "The template of the message's title.", - "type": "string" - }, - "username": { - "description": "The username of the message sender.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "apiURL" - ], - "type": "object" - }, - "type": "array" - }, - "emailConfigs": { - "description": "List of Email configurations.", - "items": { - "description": "EmailConfig configures notifications via Email.", - "properties": { - "authIdentity": { - "description": "The identity to use for authentication.", - "type": "string" - }, - "authPassword": { - "description": "The secret's key that contains the password to use for authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "authSecret": { - "description": "The secret's key that contains the CRAM-MD5 secret.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "authUsername": { - "description": "The username to use for authentication.", - "type": "string" - }, - "from": { - "description": "The sender address.", - "type": "string" - }, - "headers": { - "description": "Further headers email header key/value pairs. Overrides any headers\npreviously set by the notification implementation.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hello": { - "description": "The hostname to identify to the SMTP server.", - "type": "string" - }, - "html": { - "description": "The HTML body of the email notification.", - "type": "string" - }, - "requireTLS": { - "description": "The SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", - "type": "boolean" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "smarthost": { - "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", - "type": "string" - }, - "text": { - "description": "The text body of the email notification.", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "to": { - "description": "The email address to send notifications to.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "msteamsConfigs": { - "description": "List of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.", - "items": { - "description": "MSTeamsConfig configures notifications via Microsoft Teams.\nIt requires Alertmanager >= 0.26.0.", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - }, - "summary": { - "description": "Message summary template.\nIt requires Alertmanager >= 0.27.0.", - "type": "string" - }, - "text": { - "description": "Message body template.", - "type": "string" - }, - "title": { - "description": "Message title template.", - "type": "string" - }, - "webhookUrl": { - "description": "MSTeams webhook URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "webhookUrl" - ], - "type": "object" - }, - "type": "array" - }, - "msteamsv2Configs": { - "description": "List of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.", - "items": { - "description": "MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows\nSee https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config\nIt requires Alertmanager >= 0.28.0.", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - }, - "text": { - "description": "Message body template.", - "minLength": 1, - "type": "string" - }, - "title": { - "description": "Message title template.", - "minLength": 1, - "type": "string" - }, - "webhookURL": { - "description": "MSTeams incoming webhook URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Name of the receiver. Must be unique across all items from the list.", - "minLength": 1, - "type": "string" - }, - "opsgenieConfigs": { - "description": "List of OpsGenie configurations.", - "items": { - "description": "OpsGenieConfig configures notifications via OpsGenie.\nSee https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", - "properties": { - "actions": { - "description": "Comma separated list of actions that will be available for the alert.", - "type": "string" - }, - "apiKey": { - "description": "The secret's key that contains the OpsGenie API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "apiURL": { - "description": "The URL to send OpsGenie API requests to.", - "type": "string" - }, - "description": { - "description": "Description of the incident.", - "type": "string" - }, - "details": { - "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "entity": { - "description": "Optional field that can be used to specify which domain alert is related to.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Alert text limited to 130 characters.", - "type": "string" - }, - "note": { - "description": "Additional alert note.", - "type": "string" - }, - "priority": { - "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", - "type": "string" - }, - "responders": { - "description": "List of responders responsible for notifications.", - "items": { - "description": "OpsGenieConfigResponder defines a responder to an incident.\nOne of `id`, `name` or `username` has to be defined.", - "properties": { - "id": { - "description": "ID of the responder.", - "type": "string" - }, - "name": { - "description": "Name of the responder.", - "type": "string" - }, - "type": { - "description": "Type of responder.", - "minLength": 1, - "type": "string" - }, - "username": { - "description": "Username of the responder.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "source": { - "description": "Backlink to the sender of the notification.", - "type": "string" - }, - "tags": { - "description": "Comma separated list of tags attached to the notifications.", - "type": "string" - }, - "updateAlerts": { - "description": "Whether to update message and description of the alert in OpsGenie if it already exists\nBy default, the alert is never updated in OpsGenie, the new message only appears in activity log.", - "type": "boolean" - } - }, - "type": "object" - }, - "type": "array" - }, - "pagerdutyConfigs": { - "description": "List of PagerDuty configurations.", - "items": { - "description": "PagerDutyConfig configures notifications via PagerDuty.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", - "properties": { - "class": { - "description": "The class/type of the event.", - "type": "string" - }, - "client": { - "description": "Client identification.", - "type": "string" - }, - "clientURL": { - "description": "Backlink to the sender of notification.", - "type": "string" - }, - "component": { - "description": "The part or component of the affected system that is broken.", - "type": "string" - }, - "description": { - "description": "Description of the incident.", - "type": "string" - }, - "details": { - "description": "Arbitrary key/value pairs that provide further detail about the incident.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "group": { - "description": "A cluster or grouping of sources.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "pagerDutyImageConfigs": { - "description": "A list of image details to attach that provide further detail about an incident.", - "items": { - "description": "PagerDutyImageConfig attaches images to an incident", - "properties": { - "alt": { - "description": "Alt is the optional alternative text for the image.", - "type": "string" - }, - "href": { - "description": "Optional URL; makes the image a clickable link.", - "type": "string" - }, - "src": { - "description": "Src of the image being attached to the incident", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pagerDutyLinkConfigs": { - "description": "A list of link details to attach that provide further detail about an incident.", - "items": { - "description": "PagerDutyLinkConfig attaches text links to an incident", - "properties": { - "alt": { - "description": "Text that describes the purpose of the link, and can be used as the link's text.", - "type": "string" - }, - "href": { - "description": "Href is the URL of the link to be attached", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "routingKey": { - "description": "The secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "serviceKey": { - "description": "The secret's key that contains the PagerDuty service key (when using\nintegration type \"Prometheus\"). Either this field or `routingKey` needs to\nbe defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "severity": { - "description": "Severity of the incident.", - "type": "string" - }, - "source": { - "description": "Unique location of the affected system.", - "type": "string" - }, - "url": { - "description": "The URL to send requests to.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pushoverConfigs": { - "description": "List of Pushover configurations.", - "items": { - "description": "PushoverConfig configures notifications via Pushover.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", - "properties": { - "device": { - "description": "The name of a device to send the notification to", - "type": "string" - }, - "expire": { - "description": "How long your notification will continue to be retried for, unless the user\nacknowledges the notification.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", - "type": "string" - }, - "html": { - "description": "Whether notification message is HTML or plain text.", - "type": "boolean" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Notification message.", - "type": "string" - }, - "priority": { - "description": "Priority, see https://pushover.net/api#priority", - "type": "string" - }, - "retry": { - "description": "How often the Pushover servers will send the same notification to the user.\nMust be at least 30 seconds.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "sound": { - "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", - "type": "string" - }, - "title": { - "description": "Notification title.", - "type": "string" - }, - "token": { - "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `token` or `tokenFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tokenFile": { - "description": "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - }, - "ttl": { - "description": "The time to live definition for the alert notification", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "url": { - "description": "A supplementary URL shown alongside the message.", - "type": "string" - }, - "urlTitle": { - "description": "A title for supplementary URL, otherwise just the URL is shown", - "type": "string" - }, - "userKey": { - "description": "The secret's key that contains the recipient user's user key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `userKey` or `userKeyFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userKeyFile": { - "description": "The user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "slackConfigs": { - "description": "List of Slack configurations.", - "items": { - "description": "SlackConfig configures notifications via Slack.\nSee https://prometheus.io/docs/alerting/latest/configuration/#slack_config", - "properties": { - "actions": { - "description": "A list of Slack actions that are sent with each notification.", - "items": { - "description": "SlackAction configures a single Slack action that is sent with each\nnotification.\nSee https://api.slack.com/docs/message-attachments#action_fields and\nhttps://api.slack.com/docs/message-buttons for more information.", - "properties": { - "confirm": { - "description": "SlackConfirmationField protect users from destructive actions or\nparticularly distinguished decisions by asking them to confirm their button\nclick one more time.\nSee https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields\nfor more information.", - "properties": { - "dismissText": { - "type": "string" - }, - "okText": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "name": { - "type": "string" - }, - "style": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - }, - "url": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "text", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "apiURL": { - "description": "The secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "callbackId": { - "type": "string" - }, - "channel": { - "description": "The channel or user to send notifications to.", - "type": "string" - }, - "color": { - "type": "string" - }, - "fallback": { - "type": "string" - }, - "fields": { - "description": "A list of Slack fields that are sent with each notification.", - "items": { - "description": "SlackField configures a single Slack field that is sent with each notification.\nEach field must contain a title, value, and optionally, a boolean value to indicate if the field\nis short enough to be displayed next to other fields designated as short.\nSee https://api.slack.com/docs/message-attachments#fields for more information.", - "properties": { - "short": { - "type": "boolean" - }, - "title": { - "minLength": 1, - "type": "string" - }, - "value": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "title", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "footer": { - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "iconEmoji": { - "type": "string" - }, - "iconURL": { - "type": "string" - }, - "imageURL": { - "type": "string" - }, - "linkNames": { - "type": "boolean" - }, - "mrkdwnIn": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pretext": { - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "shortFields": { - "type": "boolean" - }, - "text": { - "type": "string" - }, - "thumbURL": { - "type": "string" - }, - "title": { - "type": "string" - }, - "titleLink": { - "type": "string" - }, - "username": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "snsConfigs": { - "description": "List of SNS configurations", - "items": { - "description": "SNSConfig configures notifications via AWS SNS.\nSee https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", - "properties": { - "apiURL": { - "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.\nIf not specified, the SNS API URL from the SNS SDK will be used.", - "type": "string" - }, - "attributes": { - "additionalProperties": { - "type": "string" - }, - "description": "SNS message attributes.", - "type": "object" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "The message content of the SNS notification.", - "type": "string" - }, - "phoneNumber": { - "description": "Phone number if message is delivered via SMS in E.164 format.\nIf you don't specify this value, you must specify a value for the TopicARN or TargetARN.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "sigv4": { - "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "subject": { - "description": "Subject line when the message is delivered to email endpoints.", - "type": "string" - }, - "targetARN": { - "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications.\nIf you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", - "type": "string" - }, - "topicARN": { - "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic\nIf you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "telegramConfigs": { - "description": "List of Telegram configurations.", - "items": { - "description": "TelegramConfig configures notifications via Telegram.\nSee https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", - "properties": { - "apiURL": { - "description": "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used.", - "type": "string" - }, - "botToken": { - "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "botTokenFile": { - "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - }, - "chatID": { - "description": "The Telegram chat ID.", - "format": "int64", - "type": "integer" - }, - "disableNotifications": { - "description": "Disable telegram notifications", - "type": "boolean" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Message template", - "type": "string" - }, - "messageThreadID": { - "description": "The Telegram Group Topic ID.\nIt requires Alertmanager >= 0.26.0.", - "format": "int64", - "type": "integer" - }, - "parseMode": { - "description": "Parse mode for telegram message", - "enum": [ - "MarkdownV2", - "Markdown", - "HTML" - ], - "type": "string" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - } - }, - "required": [ - "chatID" - ], - "type": "object" - }, - "type": "array" - }, - "victoropsConfigs": { - "description": "List of VictorOps configurations.", - "items": { - "description": "VictorOpsConfig configures notifications via VictorOps.\nSee https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", - "properties": { - "apiKey": { - "description": "The secret's key that contains the API key to use when talking to the VictorOps API.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "apiUrl": { - "description": "The VictorOps API URL.", - "type": "string" - }, - "customFields": { - "description": "Additional custom fields for notification.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "entityDisplayName": { - "description": "Contains summary of the alerted problem.", - "type": "string" - }, - "httpConfig": { - "description": "The HTTP client's configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "messageType": { - "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", - "type": "string" - }, - "monitoringTool": { - "description": "The monitoring tool the state message is from.", - "type": "string" - }, - "routingKey": { - "description": "A key used to map the alert to a team.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "stateMessage": { - "description": "Contains long explanation of the alerted problem.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "webexConfigs": { - "description": "List of Webex configurations.", - "items": { - "description": "WebexConfig configures notification via Cisco Webex\nSee https://prometheus.io/docs/alerting/latest/configuration/#webex_config", - "properties": { - "apiURL": { - "description": "The Webex Teams API URL i.e. https://webexapis.com/v1/messages\nProvide if different from the default API URL.", - "pattern": "^https?://.+$", - "type": "string" - }, - "httpConfig": { - "description": "The HTTP client's configuration.\nYou must supply the bot token via the `httpConfig.authorization` field.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Message template", - "type": "string" - }, - "roomID": { - "description": "ID of the Webex Teams room where to send the messages.", - "minLength": 1, - "type": "string" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - } - }, - "required": [ - "roomID" - ], - "type": "object" - }, - "type": "array" - }, - "webhookConfigs": { - "description": "List of webhook configurations.", - "items": { - "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload.\nSee https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "maxAlerts": { - "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "timeout": { - "description": "The maximum time to wait for a webhook request to complete, before failing the\nrequest and allowing it to be retried.\nIt requires Alertmanager >= v0.28.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "url": { - "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over\n`url`. One of `urlSecret` and `url` should be defined.", - "type": "string" - }, - "urlSecret": { - "description": "The secret's key that contains the webhook URL to send HTTP requests to.\n`urlSecret` takes precedence over `url`. One of `urlSecret` and `url`\nshould be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "wechatConfigs": { - "description": "List of WeChat configurations.", - "items": { - "description": "WeChatConfig configures notifications via WeChat.\nSee https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", - "properties": { - "agentID": { - "type": "string" - }, - "apiSecret": { - "description": "The secret's key that contains the WeChat API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "apiURL": { - "description": "The WeChat API URL.", - "type": "string" - }, - "corpID": { - "description": "The corp id for authentication.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "API request data as defined by the WeChat API.", - "type": "string" - }, - "messageType": { - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "toParty": { - "type": "string" - }, - "toTag": { - "type": "string" - }, - "toUser": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "route": { - "description": "The Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.", - "properties": { - "activeTimeIntervals": { - "description": "ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.", - "items": { - "type": "string" - }, - "type": "array" - }, - "continue": { - "description": "Boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.", - "type": "boolean" - }, - "groupBy": { - "description": "List of labels to group by.\nLabels must not be repeated (unique list).\nSpecial label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", - "items": { - "type": "string" - }, - "type": "array" - }, - "groupInterval": { - "description": "How long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"", - "type": "string" - }, - "groupWait": { - "description": "How long to wait before sending the initial notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"30s\"", - "type": "string" - }, - "matchers": { - "description": "List of matchers that the alert's labels should match. For the first\nlevel route, the operator removes any existing equality and regexp\nmatcher on the `namespace` label and adds a `namespace: ` matcher.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "regex": { - "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", - "type": "boolean" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "muteTimeIntervals": { - "description": "Note: this comment applies to the field definition above but appears\nbelow otherwise it gets included in the generated manifest.\nCRD schema doesn't support self-referential types for now (see\nhttps://github.com/kubernetes/kubernetes/issues/62872). We have to use\nan alternative type to circumvent the limitation. The downside is that\nthe Kube API can't validate the data beyond the fact that it is a valid\nJSON representation.\nMuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", - "items": { - "type": "string" - }, - "type": "array" - }, - "receiver": { - "description": "Name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.", - "type": "string" - }, - "repeatInterval": { - "description": "How long to wait before repeating the last notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"4h\"", - "type": "string" - }, - "routes": { - "description": "Child routes.", - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "AlertmanagerConfig", - "version": "v1alpha1" - } - ] - }, - "monitoring.coreos.com/v1alpha1/AlertmanagerConfigList": { - "description": "AlertmanagerConfigList is a list of AlertmanagerConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of alertmanagerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1alpha1.AlertmanagerConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "AlertmanagerConfigList", - "version": "v1alpha1" - } - ] - }, - "monitoring.coreos.com/v1beta1/AlertmanagerConfig": { - "description": "The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.\n\n`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration.\nBy definition, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", - "properties": { - "inhibitRules": { - "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", - "items": { - "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other\nalerts are already firing.\nSee https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", - "properties": { - "equal": { - "description": "Labels that must have an equal value in the source and target alert for\nthe inhibition to take effect.", - "items": { - "type": "string" - }, - "type": "array" - }, - "sourceMatch": { - "description": "Matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the\nresource's namespace.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "targetMatch": { - "description": "Matchers that have to be fulfilled in the alerts to be muted. The\noperator enforces that the alert matches the resource's namespace.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - }, - "receivers": { - "description": "List of receivers.", - "items": { - "description": "Receiver defines one or more notification integrations.", - "properties": { - "discordConfigs": { - "description": "List of Slack configurations.", - "items": { - "description": "DiscordConfig configures notifications via Discord.\nSee https://prometheus.io/docs/alerting/latest/configuration/#discord_config", - "properties": { - "apiURL": { - "description": "The secret's key that contains the Discord webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "avatarURL": { - "description": "The avatar url of the message sender.", - "pattern": "^https?://.+$", - "type": "string" - }, - "content": { - "description": "The template of the content's body.", - "minLength": 1, - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "The template of the message's body.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "title": { - "description": "The template of the message's title.", - "type": "string" - }, - "username": { - "description": "The username of the message sender.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "apiURL" - ], - "type": "object" - }, - "type": "array" - }, - "emailConfigs": { - "description": "List of Email configurations.", - "items": { - "description": "EmailConfig configures notifications via Email.", - "properties": { - "authIdentity": { - "description": "The identity to use for authentication.", - "type": "string" - }, - "authPassword": { - "description": "The secret's key that contains the password to use for authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "authSecret": { - "description": "The secret's key that contains the CRAM-MD5 secret.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "authUsername": { - "description": "The username to use for authentication.", - "type": "string" - }, - "from": { - "description": "The sender address.", - "type": "string" - }, - "headers": { - "description": "Further headers email header key/value pairs. Overrides any headers\npreviously set by the notification implementation.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hello": { - "description": "The hostname to identify to the SMTP server.", - "type": "string" - }, - "html": { - "description": "The HTML body of the email notification.", - "type": "string" - }, - "requireTLS": { - "description": "The SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", - "type": "boolean" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "smarthost": { - "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", - "type": "string" - }, - "text": { - "description": "The text body of the email notification.", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "to": { - "description": "The email address to send notifications to.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "msteamsConfigs": { - "description": "List of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.", - "items": { - "description": "MSTeamsConfig configures notifications via Microsoft Teams.\nIt requires Alertmanager >= 0.26.0.", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - }, - "summary": { - "description": "Message summary template.\nIt requires Alertmanager >= 0.27.0.", - "type": "string" - }, - "text": { - "description": "Message body template.", - "type": "string" - }, - "title": { - "description": "Message title template.", - "type": "string" - }, - "webhookUrl": { - "description": "MSTeams webhook URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "webhookUrl" - ], - "type": "object" - }, - "type": "array" - }, - "msteamsv2Configs": { - "description": "List of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.", - "items": { - "description": "MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows\nSee https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config\nIt requires Alertmanager >= 0.28.0.", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - }, - "text": { - "description": "Message body template.", - "minLength": 1, - "type": "string" - }, - "title": { - "description": "Message title template.", - "minLength": 1, - "type": "string" - }, - "webhookURL": { - "description": "MSTeams incoming webhook URL.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Name of the receiver. Must be unique across all items from the list.", - "minLength": 1, - "type": "string" - }, - "opsgenieConfigs": { - "description": "List of OpsGenie configurations.", - "items": { - "description": "OpsGenieConfig configures notifications via OpsGenie.\nSee https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", - "properties": { - "actions": { - "description": "Comma separated list of actions that will be available for the alert.", - "type": "string" - }, - "apiKey": { - "description": "The secret's key that contains the OpsGenie API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "apiURL": { - "description": "The URL to send OpsGenie API requests to.", - "type": "string" - }, - "description": { - "description": "Description of the incident.", - "type": "string" - }, - "details": { - "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "entity": { - "description": "Optional field that can be used to specify which domain alert is related to.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Alert text limited to 130 characters.", - "type": "string" - }, - "note": { - "description": "Additional alert note.", - "type": "string" - }, - "priority": { - "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", - "type": "string" - }, - "responders": { - "description": "List of responders responsible for notifications.", - "items": { - "description": "OpsGenieConfigResponder defines a responder to an incident.\nOne of `id`, `name` or `username` has to be defined.", - "properties": { - "id": { - "description": "ID of the responder.", - "type": "string" - }, - "name": { - "description": "Name of the responder.", - "type": "string" - }, - "type": { - "description": "Type of responder.", - "enum": [ - "team", - "teams", - "user", - "escalation", - "schedule" - ], - "minLength": 1, - "type": "string" - }, - "username": { - "description": "Username of the responder.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "source": { - "description": "Backlink to the sender of the notification.", - "type": "string" - }, - "tags": { - "description": "Comma separated list of tags attached to the notifications.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pagerdutyConfigs": { - "description": "List of PagerDuty configurations.", - "items": { - "description": "PagerDutyConfig configures notifications via PagerDuty.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", - "properties": { - "class": { - "description": "The class/type of the event.", - "type": "string" - }, - "client": { - "description": "Client identification.", - "type": "string" - }, - "clientURL": { - "description": "Backlink to the sender of notification.", - "type": "string" - }, - "component": { - "description": "The part or component of the affected system that is broken.", - "type": "string" - }, - "description": { - "description": "Description of the incident.", - "type": "string" - }, - "details": { - "description": "Arbitrary key/value pairs that provide further detail about the incident.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "group": { - "description": "A cluster or grouping of sources.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "pagerDutyImageConfigs": { - "description": "A list of image details to attach that provide further detail about an incident.", - "items": { - "description": "PagerDutyImageConfig attaches images to an incident", - "properties": { - "alt": { - "description": "Alt is the optional alternative text for the image.", - "type": "string" - }, - "href": { - "description": "Optional URL; makes the image a clickable link.", - "type": "string" - }, - "src": { - "description": "Src of the image being attached to the incident", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pagerDutyLinkConfigs": { - "description": "A list of link details to attach that provide further detail about an incident.", - "items": { - "description": "PagerDutyLinkConfig attaches text links to an incident", - "properties": { - "alt": { - "description": "Text that describes the purpose of the link, and can be used as the link's text.", - "type": "string" - }, - "href": { - "description": "Href is the URL of the link to be attached", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "routingKey": { - "description": "The secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "serviceKey": { - "description": "The secret's key that contains the PagerDuty service key (when using\nintegration type \"Prometheus\"). Either this field or `routingKey` needs to\nbe defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "severity": { - "description": "Severity of the incident.", - "type": "string" - }, - "source": { - "description": "Unique location of the affected system.", - "type": "string" - }, - "url": { - "description": "The URL to send requests to.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pushoverConfigs": { - "description": "List of Pushover configurations.", - "items": { - "description": "PushoverConfig configures notifications via Pushover.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", - "properties": { - "device": { - "description": "The name of a device to send the notification to", - "type": "string" - }, - "expire": { - "description": "How long your notification will continue to be retried for, unless the user\nacknowledges the notification.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", - "type": "string" - }, - "html": { - "description": "Whether notification message is HTML or plain text.", - "type": "boolean" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Notification message.", - "type": "string" - }, - "priority": { - "description": "Priority, see https://pushover.net/api#priority", - "type": "string" - }, - "retry": { - "description": "How often the Pushover servers will send the same notification to the user.\nMust be at least 30 seconds.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "sound": { - "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", - "type": "string" - }, - "title": { - "description": "Notification title.", - "type": "string" - }, - "token": { - "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `token` or `tokenFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "tokenFile": { - "description": "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - }, - "ttl": { - "description": "The time to live definition for the alert notification", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "url": { - "description": "A supplementary URL shown alongside the message.", - "type": "string" - }, - "urlTitle": { - "description": "A title for supplementary URL, otherwise just the URL is shown", - "type": "string" - }, - "userKey": { - "description": "The secret's key that contains the recipient user's user key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `userKey` or `userKeyFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "userKeyFile": { - "description": "The user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "slackConfigs": { - "description": "List of Slack configurations.", - "items": { - "description": "SlackConfig configures notifications via Slack.\nSee https://prometheus.io/docs/alerting/latest/configuration/#slack_config", - "properties": { - "actions": { - "description": "A list of Slack actions that are sent with each notification.", - "items": { - "description": "SlackAction configures a single Slack action that is sent with each\nnotification.\nSee https://api.slack.com/docs/message-attachments#action_fields and\nhttps://api.slack.com/docs/message-buttons for more information.", - "properties": { - "confirm": { - "description": "SlackConfirmationField protect users from destructive actions or\nparticularly distinguished decisions by asking them to confirm their button\nclick one more time.\nSee https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields\nfor more information.", - "properties": { - "dismissText": { - "type": "string" - }, - "okText": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "name": { - "type": "string" - }, - "style": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - }, - "url": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "text", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "apiURL": { - "description": "The secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "callbackId": { - "type": "string" - }, - "channel": { - "description": "The channel or user to send notifications to.", - "type": "string" - }, - "color": { - "type": "string" - }, - "fallback": { - "type": "string" - }, - "fields": { - "description": "A list of Slack fields that are sent with each notification.", - "items": { - "description": "SlackField configures a single Slack field that is sent with each notification.\nEach field must contain a title, value, and optionally, a boolean value to indicate if the field\nis short enough to be displayed next to other fields designated as short.\nSee https://api.slack.com/docs/message-attachments#fields for more information.", - "properties": { - "short": { - "type": "boolean" - }, - "title": { - "minLength": 1, - "type": "string" - }, - "value": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "title", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "footer": { - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "iconEmoji": { - "type": "string" - }, - "iconURL": { - "type": "string" - }, - "imageURL": { - "type": "string" - }, - "linkNames": { - "type": "boolean" - }, - "mrkdwnIn": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pretext": { - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "shortFields": { - "type": "boolean" - }, - "text": { - "type": "string" - }, - "thumbURL": { - "type": "string" - }, - "title": { - "type": "string" - }, - "titleLink": { - "type": "string" - }, - "username": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "snsConfigs": { - "description": "List of SNS configurations", - "items": { - "description": "SNSConfig configures notifications via AWS SNS.\nSee https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", - "properties": { - "apiURL": { - "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.\nIf not specified, the SNS API URL from the SNS SDK will be used.", - "type": "string" - }, - "attributes": { - "additionalProperties": { - "type": "string" - }, - "description": "SNS message attributes.", - "type": "object" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "The message content of the SNS notification.", - "type": "string" - }, - "phoneNumber": { - "description": "Phone number if message is delivered via SMS in E.164 format.\nIf you don't specify this value, you must specify a value for the TopicARN or TargetARN.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "sigv4": { - "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "subject": { - "description": "Subject line when the message is delivered to email endpoints.", - "type": "string" - }, - "targetARN": { - "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications.\nIf you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", - "type": "string" - }, - "topicARN": { - "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic\nIf you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "telegramConfigs": { - "description": "List of Telegram configurations.", - "items": { - "description": "TelegramConfig configures notifications via Telegram.\nSee https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", - "properties": { - "apiURL": { - "description": "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used.", - "type": "string" - }, - "botToken": { - "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "botTokenFile": { - "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", - "type": "string" - }, - "chatID": { - "description": "The Telegram chat ID.", - "format": "int64", - "type": "integer" - }, - "disableNotifications": { - "description": "Disable telegram notifications", - "type": "boolean" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Message template", - "type": "string" - }, - "messageThreadID": { - "description": "The Telegram Group Topic ID.\nIt requires Alertmanager >= 0.26.0.", - "format": "int64", - "type": "integer" - }, - "parseMode": { - "description": "Parse mode for telegram message", - "enum": [ - "MarkdownV2", - "Markdown", - "HTML" - ], - "type": "string" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - } - }, - "required": [ - "chatID" - ], - "type": "object" - }, - "type": "array" - }, - "victoropsConfigs": { - "description": "List of VictorOps configurations.", - "items": { - "description": "VictorOpsConfig configures notifications via VictorOps.\nSee https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", - "properties": { - "apiKey": { - "description": "The secret's key that contains the API key to use when talking to the VictorOps API.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "apiUrl": { - "description": "The VictorOps API URL.", - "type": "string" - }, - "customFields": { - "description": "Additional custom fields for notification.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "entityDisplayName": { - "description": "Contains summary of the alerted problem.", - "type": "string" - }, - "httpConfig": { - "description": "The HTTP client's configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "messageType": { - "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", - "type": "string" - }, - "monitoringTool": { - "description": "The monitoring tool the state message is from.", - "type": "string" - }, - "routingKey": { - "description": "A key used to map the alert to a team.", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "stateMessage": { - "description": "Contains long explanation of the alerted problem.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "webexConfigs": { - "description": "List of Webex configurations.", - "items": { - "description": "WebexConfig configures notification via Cisco Webex\nSee https://prometheus.io/docs/alerting/latest/configuration/#webex_config", - "properties": { - "apiURL": { - "description": "The Webex Teams API URL i.e. https://webexapis.com/v1/messages", - "pattern": "^https?://.+$", - "type": "string" - }, - "httpConfig": { - "description": "The HTTP client's configuration.\nYou must use this configuration to supply the bot token as part of the HTTP `Authorization` header.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Message template", - "type": "string" - }, - "roomID": { - "description": "ID of the Webex Teams room where to send the messages.", - "minLength": 1, - "type": "string" - }, - "sendResolved": { - "description": "Whether to notify about resolved alerts.", - "type": "boolean" - } - }, - "required": [ - "roomID" - ], - "type": "object" - }, - "type": "array" - }, - "webhookConfigs": { - "description": "List of webhook configurations.", - "items": { - "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload.\nSee https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", - "properties": { - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "maxAlerts": { - "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "timeout": { - "description": "The maximum time to wait for a webhook request to complete, before failing the\nrequest and allowing it to be retried.\nIt requires Alertmanager >= v0.28.0.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "url": { - "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over\n`url`. One of `urlSecret` and `url` should be defined.", - "type": "string" - }, - "urlSecret": { - "description": "The secret's key that contains the webhook URL to send HTTP requests to.\n`urlSecret` takes precedence over `url`. One of `urlSecret` and `url`\nshould be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "wechatConfigs": { - "description": "List of WeChat configurations.", - "items": { - "description": "WeChatConfig configures notifications via WeChat.\nSee https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", - "properties": { - "agentID": { - "type": "string" - }, - "apiSecret": { - "description": "The secret's key that contains the WeChat API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "apiURL": { - "description": "The WeChat API URL.", - "type": "string" - }, - "corpID": { - "description": "The corp id for authentication.", - "type": "string" - }, - "httpConfig": { - "description": "HTTP client configuration.", - "properties": { - "authorization": { - "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", - "properties": { - "credentials": { - "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": { - "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", - "type": "string" - } - }, - "type": "object" - }, - "basicAuth": { - "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", - "properties": { - "password": { - "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "username": { - "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "minLength": 1, - "type": "string" - }, - "name": { - "description": "The name of the secret in the object's namespace to select from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "followRedirects": { - "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", - "type": "boolean" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "oauth2": { - "description": "OAuth2 client credentials used to fetch a token for the targets.", - "properties": { - "clientId": { - "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "clientSecret": { - "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", - "type": "object" - }, - "noProxy": { - "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "string" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "scopes": { - "description": "`scopes` defines the OAuth2 scopes used for the token request.", - "items": { - "type": "string" - }, - "type": "array" - }, - "tlsConfig": { - "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - }, - "tokenUrl": { - "description": "`tokenURL` configures the URL to fetch the token from.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" - }, - "proxyConnectHeader": { - "additionalProperties": { - "items": { - "description": "SecretKeySelector selects a key of a Secret.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "proxyFromEnvironment": { - "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", - "type": "boolean" - }, - "proxyURL": { - "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", - "type": "string" - }, - "proxyUrl": { - "description": "`proxyURL` defines the HTTP proxy server to use.", - "pattern": "^(http|https|socks5)://.+$", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration for the client.", - "properties": { - "ca": { - "description": "Certificate authority used when verifying server certificates.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "cert": { - "description": "Client certificate to present when doing client-authentication.", - "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret containing data to use for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "maxVersion": { - "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "minVersion": { - "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", - "enum": [ - "TLS10", - "TLS11", - "TLS12", - "TLS13" - ], - "type": "string" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "API request data as defined by the WeChat API.", - "type": "string" - }, - "messageType": { - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "toParty": { - "type": "string" - }, - "toTag": { - "type": "string" - }, - "toUser": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "route": { - "description": "The Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.", - "properties": { - "activeTimeIntervals": { - "description": "ActiveTimeIntervals is a list of TimeInterval names when this route should be active.", - "items": { - "type": "string" - }, - "type": "array" - }, - "continue": { - "description": "Boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.", - "type": "boolean" - }, - "groupBy": { - "description": "List of labels to group by.\nLabels must not be repeated (unique list).\nSpecial label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", - "items": { - "type": "string" - }, - "type": "array" - }, - "groupInterval": { - "description": "How long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"", - "type": "string" - }, - "groupWait": { - "description": "How long to wait before sending the initial notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"30s\"", - "type": "string" - }, - "matchers": { - "description": "List of matchers that the alert's labels should match. For the first\nlevel route, the operator removes any existing equality and regexp\nmatcher on the `namespace` label and adds a `namespace: ` matcher.", - "items": { - "description": "Matcher defines how to match on alert's labels.", - "properties": { - "matchType": { - "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", - "enum": [ - "!=", - "=", - "=~", - "!~" - ], - "type": "string" - }, - "name": { - "description": "Label to match.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Label value to match.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "muteTimeIntervals": { - "description": "Note: this comment applies to the field definition above but appears\nbelow otherwise it gets included in the generated manifest.\nCRD schema doesn't support self-referential types for now (see\nhttps://github.com/kubernetes/kubernetes/issues/62872). We have to use\nan alternative type to circumvent the limitation. The downside is that\nthe Kube API can't validate the data beyond the fact that it is a valid\nJSON representation.\nMuteTimeIntervals is a list of TimeInterval names that will mute this route when matched.", - "items": { - "type": "string" - }, - "type": "array" - }, - "receiver": { - "description": "Name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.", - "type": "string" - }, - "repeatInterval": { - "description": "How long to wait before repeating the last notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"4h\"", - "type": "string" - }, - "routes": { - "description": "Child routes.", - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - } - }, - "type": "object" - }, - "timeIntervals": { - "description": "List of TimeInterval specifying when the routes should be muted or active.", - "items": { - "description": "TimeInterval specifies the periods in time when notifications will be muted or active.", - "properties": { - "name": { - "description": "Name of the time interval.", - "type": "string" - }, - "timeIntervals": { - "description": "TimeIntervals is a list of TimePeriod.", - "items": { - "description": "TimePeriod describes periods of time.", - "properties": { - "daysOfMonth": { - "description": "DaysOfMonth is a list of DayOfMonthRange", - "items": { - "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", - "properties": { - "end": { - "description": "End of the inclusive range", - "maximum": 31, - "minimum": -31, - "type": "integer" - }, - "start": { - "description": "Start of the inclusive range", - "maximum": 31, - "minimum": -31, - "type": "integer" - } - }, - "type": "object" - }, - "type": "array" - }, - "months": { - "description": "Months is a list of MonthRange", - "items": { - "description": "MonthRange is an inclusive range of months of the year beginning in January\nMonths can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", - "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)", - "type": "string" - }, - "type": "array" - }, - "times": { - "description": "Times is a list of TimeRange", - "items": { - "description": "TimeRange defines a start and end time in 24hr format", - "properties": { - "endTime": { - "description": "EndTime is the end time in 24hr format.", - "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", - "type": "string" - }, - "startTime": { - "description": "StartTime is the start time in 24hr format.", - "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "weekdays": { - "description": "Weekdays is a list of WeekdayRange", - "items": { - "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday\nDays can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", - "pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)", - "type": "string" - }, - "type": "array" - }, - "years": { - "description": "Years is a list of YearRange", - "items": { - "description": "YearRange is an inclusive range of years", - "pattern": "^2\\d{3}(?::2\\d{3}|$)", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "AlertmanagerConfig", - "version": "v1beta1" - } - ] - }, - "monitoring.coreos.com/v1beta1/AlertmanagerConfigList": { - "description": "AlertmanagerConfigList is a list of AlertmanagerConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of alertmanagerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.monitoring.v1beta1.AlertmanagerConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.coreos.com", - "kind": "AlertmanagerConfigList", - "version": "v1beta1" - } - ] - }, - "monitoring.openshift.io/v1/AlertRelabelConfig": { - "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the desired state of this AlertRelabelConfig object.", - "properties": { - "configs": { - "description": "configs is a list of sequentially evaluated alert relabel configs.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of label sets for alerts.\nSee Prometheus documentation:\n- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "Replace", - "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep',\n'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", - "enum": [ - "Replace", - "Keep", - "Drop", - "HashMod", - "LabelMap", - "LabelDrop", - "LabelKeep" - ], - "type": "string" - }, - "modulus": { - "description": "modulus to take of the hash of the source label values. This can be\ncombined with the 'HashMod' action to set 'target_label' to the 'modulus'\nof a hash of the concatenated 'source_labels'. This is only valid if\nsourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", - "format": "int64", - "type": "integer" - }, - "regex": { - "default": "(.*)", - "description": "regex against which the extracted value is matched. Default is: '(.*)'\nregex is required for all actions except 'HashMod'", - "maxLength": 2048, - "type": "string" - }, - "replacement": { - "description": "replacement value against which a regex replace is performed if the regular\nexpression matches. This is required if the action is 'Replace' or\n'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'.\nRegex capture groups are available. Default is: '$1'", - "maxLength": 2048, - "type": "string" - }, - "separator": { - "description": "separator placed between concatenated source label values. When omitted,\nPrometheus will use its default value of ';'.", - "maxLength": 2048, - "type": "string" - }, - "sourceLabels": { - "description": "sourceLabels select values from existing labels. Their content is\nconcatenated using the configured separator and matched against the\nconfigured regular expression for the 'Replace', 'Keep', and 'Drop' actions.\nNot allowed for actions 'LabelKeep' and 'LabelDrop'.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, and underscores.", - "maxLength": 2048, - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "targetLabel to which the resulting value is written in a 'Replace' action.\nIt is required for 'Replace' and 'HashMod' actions and forbidden for\nactions 'LabelKeep' and 'LabelDrop'. Regex capture groups\nare available.", - "maxLength": 2048, - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "relabel action hashmod requires non-zero modulus", - "rule": "self.action != 'HashMod' || self.modulus != 0" - }, - { - "message": "targetLabel is required when action is Replace or HashMod", - "rule": "(self.action != 'Replace' && self.action != 'HashMod') || has(self.targetLabel)" - }, - { - "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found sourceLabels)", - "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.sourceLabels)" - }, - { - "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found targetLabel)", - "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.targetLabel)" - }, - { - "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found modulus)", - "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.modulus)" - }, - { - "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found separator)", - "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.separator)" - }, - { - "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found replacement)", - "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.replacement)" - }, - { - "message": "modulus requires sourceLabels to be present", - "rule": "!has(self.modulus) || (has(self.modulus) && size(self.sourceLabels) > 0)" - }, - { - "message": "sourceLabels is required for actions Replace, Keep, Drop, HashMod and LabelMap", - "rule": "(self.action == 'LabelDrop' || self.action == 'LabelKeep') || has(self.sourceLabels)" - }, - { - "message": "replacement is required for actions Replace and LabelMap", - "rule": "(self.action != 'Replace' && self.action != 'LabelMap') || has(self.replacement)" - } - ] - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "configs" - ], - "type": "object" - }, - "status": { - "description": "status describes the current state of this AlertRelabelConfig object.", - "properties": { - "conditions": { - "description": "conditions contains details on the state of the AlertRelabelConfig, may be\nempty.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.openshift.io", - "kind": "AlertRelabelConfig", - "version": "v1" - } - ] - }, - "monitoring.openshift.io/v1/AlertRelabelConfigList": { - "description": "AlertRelabelConfigList is a list of AlertRelabelConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of alertrelabelconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.monitoring.v1.AlertRelabelConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.openshift.io", - "kind": "AlertRelabelConfigList", - "version": "v1" - } - ] - }, - "monitoring.openshift.io/v1/AlertingRule": { - "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing\nalerting rules. This resource is the supported method for cluster admins to\ncreate alerts based on metrics recorded by the platform monitoring stack in\nOpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring\nnamespace. You might use this to create custom alerting rules not shipped with\nOpenShift based on metrics from components such as the node_exporter, which\nprovides machine-level metrics such as CPU usage, or kube-state-metrics, which\nprovides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the\nprometheus-operator. The primary difference being that recording rules are not\nallowed here -- only alerting rules. For each AlertingRule resource created, a\ncorresponding PrometheusRule will be created in the openshift-monitoring\nnamespace. OpenShift requires admins to use the AlertingRule resource rather\nthan the upstream type in order to allow better OpenShift specific defaulting\nand validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec describes the desired state of this AlertingRule object.", - "properties": { - "groups": { - "description": "groups is a list of grouped alerting rules. Rule groups are the unit at\nwhich Prometheus parallelizes rule processing. All rules in a single group\nshare a configured evaluation interval. All rules in the group will be\nprocessed together on this interval, sequentially, and all rules will be\nprocessed.\n\nIt's common to group related alerting rules into a single AlertingRule\nresources, and within that resource, closely related alerts, or simply\nalerts with the same interval, into individual groups. You are also free\nto create AlertingRule resources with only a single rule group, but be\naware that this can have a performance impact on Prometheus if the group is\nextremely large or has very complex query expressions to evaluate.\nSpreading very complex rules across multiple groups to allow them to be\nprocessed in parallel is also a common use-case.", - "items": { - "description": "RuleGroup is a list of sequentially evaluated alerting rules.", - "properties": { - "interval": { - "description": "interval is how often rules in the group are evaluated. If not specified,\nit defaults to the global.evaluation_interval configured in Prometheus,\nwhich itself defaults to 30 seconds. You can check if this value has been\nmodified from the default on your cluster by inspecting the platform\nPrometheus configuration:\nThe relevant field in that resource is: spec.evaluationInterval", - "maxLength": 2048, - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "name": { - "description": "name is the name of the group.", - "maxLength": 2048, - "minLength": 1, - "type": "string" - }, - "rules": { - "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may\nprocess rule groups in parallel, but rules within a single group are always\nprocessed sequentially, and all rules are processed.", - "items": { - "description": "Rule describes an alerting rule.\nSee Prometheus documentation:\n- https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", - "properties": { - "alert": { - "description": "alert is the name of the alert. Must be a valid label value, i.e. may\ncontain any Unicode character.", - "maxLength": 2048, - "minLength": 1, - "type": "string" - }, - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "annotations to add to each alert. These are values that can be used to\nstore longer additional information that you won't query on, such as alert\ndescriptions or runbook links.", - "type": "object" - }, - "expr": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is\nevaluated at the current time, and all resultant time series become pending\nor firing alerts. This is most often a string representing a PromQL\nexpression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr\nIn rare cases this could be a simple integer, e.g. a simple \"1\" if the\nintent is to create an alert that is always firing. This is sometimes used\nto create an always-firing \"Watchdog\" alert in order to ensure the alerting\npipeline is functional.", - "x-kubernetes-int-or-string": true - }, - "for": { - "description": "for is the time period after which alerts are considered firing after first\nreturning results. Alerts which have not yet fired for long enough are\nconsidered pending.", - "maxLength": 2048, - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "labels to add or overwrite for each alert. The results of the PromQL\nexpression for the alert will result in an existing set of labels for the\nalert, after evaluating the expression, for any label specified here with\nthe same name as a label in that set, the label here wins and overwrites\nthe previous value. These should typically be short identifying values\nthat may be useful to query against. A common example is the alert\nseverity, where one sets `severity: warning` under the `labels` key:", - "type": "object" - } - }, - "required": [ - "alert", - "expr" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "name", - "rules" - ], - "type": "object" - }, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "groups" - ], - "type": "object" - }, - "status": { - "description": "status describes the current state of this AlertOverrides object.", - "properties": { - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with.", - "format": "int64", - "type": "integer" - }, - "prometheusRule": { - "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each\nAlertingRule instance results in a generated PrometheusRule object in the\nsame namespace, which is always the openshift-monitoring namespace.", - "properties": { - "name": { - "description": "name of the referenced PrometheusRule.", - "maxLength": 2048, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.openshift.io", - "kind": "AlertingRule", - "version": "v1" - } - ] - }, - "monitoring.openshift.io/v1/AlertingRuleList": { - "description": "AlertingRuleList is a list of AlertingRule", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of alertingrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.monitoring.v1.AlertingRule" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "monitoring.openshift.io", - "kind": "AlertingRuleList", - "version": "v1" - } - ] - }, - "network.openshift.io/v1alpha1/DNSNameResolver": { - "description": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNSNameResolver.", - "properties": { - "name": { - "description": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", - "maxLength": 254, - "pattern": "^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "spec.name is immutable", - "rule": "self == oldSelf" - } - ] - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the DNSNameResolver.", - "properties": { - "resolvedNames": { - "description": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", - "items": { - "description": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", - "properties": { - "conditions": { - "description": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "dnsName": { - "description": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", - "maxLength": 254, - "pattern": "^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$", - "type": "string" - }, - "resolutionFailures": { - "description": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", - "format": "int32", - "type": "integer" - }, - "resolvedAddresses": { - "description": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", - "items": { - "description": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", - "properties": { - "ip": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ], - "description": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "type": "string" - }, - "lastLookupTime": { - "description": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "format": "date-time", - "type": "string" - }, - "ttlSeconds": { - "description": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "ip", - "lastLookupTime", - "ttlSeconds" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "dnsName", - "resolvedAddresses" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "dnsName" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.openshift.io", - "kind": "DNSNameResolver", - "version": "v1alpha1" - } - ] - }, - "network.openshift.io/v1alpha1/DNSNameResolverList": { - "description": "DNSNameResolverList is a list of DNSNameResolver", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of dnsnameresolvers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.network.v1alpha1.DNSNameResolver" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.openshift.io", - "kind": "DNSNameResolverList", - "version": "v1alpha1" - } - ] - }, - "network.operator.openshift.io/v1/EgressRouter": { - "description": "EgressRouter is a feature allowing the user to define an egress router\nthat acts as a bridge between pods and external systems. The egress router runs\na service that redirects egress traffic originating from a pod or a group of\npods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator.\nMore specifically, given an EgressRouter CR with , the CNO will create and manage:\n- A service called \n- An egress pod called \n- A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired egress router.", - "oneOf": [ - { - "properties": { - "mode": { - "enum": [ - "Redirect" - ] - } - }, - "required": [ - "redirect" - ] - } - ], - "properties": { - "addresses": { - "description": "List of IP addresses to configure on the pod's secondary interface.", - "items": { - "description": "EgressRouterAddress contains a pair of IP CIDR and gateway to be configured on the router's interface", - "properties": { - "gateway": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ], - "description": "IP address of the next-hop gateway, if it cannot be automatically determined. Can be IPv4 or IPv6.", - "type": "string" - }, - "ip": { - "description": "ip is the address to configure on the router's interface. Can be IPv4 or IPv6.", - "type": "string" - } - }, - "required": [ - "ip" - ], - "type": "object" - }, - "type": "array" - }, - "mode": { - "default": "Redirect", - "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", - "enum": [ - "Redirect" - ], - "type": "string" - }, - "networkInterface": { - "default": { - "macvlan": { - "mode": "Bridge" - } - }, - "description": "Specification of interface to create/use. The default is macvlan.\nCurrently only macvlan is supported.", - "oneOf": [ - { - "required": [ - "macvlan" - ] - } - ], - "properties": { - "macvlan": { - "default": { - "mode": "Bridge" - }, - "description": "Arguments specific to the interfaceType macvlan", - "properties": { - "master": { - "description": "Name of the master interface. Need not be specified if it can be inferred from the IP address.", - "type": "string" - }, - "mode": { - "default": "Bridge", - "description": "mode depicts the mode that is used for the macvlan interface; one of Bridge|Private|VEPA|Passthru. The default mode is \"Bridge\".", - "enum": [ - "Bridge", - "Private", - "VEPA", - "Passthru" - ], - "type": "string" - } - }, - "required": [ - "mode" - ], - "type": "object" - } - }, - "type": "object" - }, - "redirect": { - "description": "redirect represents the configuration parameters specific to redirect mode.", - "properties": { - "fallbackIP": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ], - "description": "fallbackIP specifies the remote destination's IP address. Can be IPv4 or IPv6.\nIf no redirect rules are specified, all traffic from the router are redirected to this IP.\nIf redirect rules are specified, then any connections on any other port (undefined in the rules) on the router will be redirected to this IP.\nIf redirect rules are specified and no fallback IP is provided, connections on other ports will simply be rejected.", - "type": "string" - }, - "redirectRules": { - "description": "List of L4RedirectRules that define the DNAT redirection from the pod to the destination in redirect mode.", - "items": { - "description": "L4RedirectRule defines a DNAT redirection from a given port to a destination IP and port.", - "properties": { - "destinationIP": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ], - "description": "IP specifies the remote destination's IP address. Can be IPv4 or IPv6.", - "type": "string" - }, - "port": { - "description": "port is the port number to which clients should send traffic to be redirected.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "description": "protocol can be TCP, SCTP or UDP.", - "enum": [ - "TCP", - "UDP", - "SCTP" - ], - "type": "string" - }, - "targetPort": { - "description": "targetPort allows specifying the port number on the remote destination to which the traffic gets redirected to.\nIf unspecified, the value from \"Port\" is used.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "destinationIP", - "port", - "protocol" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "addresses", - "mode", - "networkInterface" - ], - "type": "object" - }, - "status": { - "description": "Observed status of EgressRouter.", - "properties": { - "conditions": { - "description": "Observed status of the egress router", - "items": { - "description": "EgressRouterStatusCondition represents the state of the egress router's\nmanaged and monitored components.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", - "type": "string" - }, - "reason": { - "description": "reason is the CamelCase reason for the condition's current status.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type specifies the aspect reported by this condition; one of Available, Progressing, Degraded", - "enum": [ - "Available", - "Progressing", - "Degraded" - ], - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "conditions" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.operator.openshift.io", - "kind": "EgressRouter", - "version": "v1" - } - ] - }, - "network.operator.openshift.io/v1/EgressRouterList": { - "description": "EgressRouterList is a list of EgressRouter", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of egressrouters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.network.v1.EgressRouter" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.operator.openshift.io", - "kind": "EgressRouterList", - "version": "v1" - } - ] - }, - "network.operator.openshift.io/v1/OperatorPKI": { - "description": "OperatorPKI is a simple certificate authority. It is not intended for external\nuse - rather, it is internal to the network operator. The CNO creates a CA and\na certificate signed by that CA. The certificate has both ClientAuth\nand ServerAuth extended usages enabled.\n\n\tMore specifically, given an OperatorPKI with , the CNO will manage:\n\n- A Secret called -ca with two data keys:\n - tls.key - the private key\n - tls.crt - the CA certificate\n\n- A ConfigMap called -ca with a single data key:\n - cabundle.crt - the CA certificate(s)\n\n- A Secret called -cert with two data keys:\n - tls.key - the private key\n - tls.crt - the certificate, signed by the CA\n\nThe CA certificate will have a validity of 10 years, rotated after 9.\nThe target certificate will have a validity of 6 months, rotated after 3\n\nThe CA certificate will have a CommonName of \"_-ca@\", where\n is the last rotation time.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "OperatorPKISpec is the PKI configuration.", - "properties": { - "targetCert": { - "description": "targetCert configures the certificate signed by the CA. It will have\nboth ClientAuth and ServerAuth enabled", - "properties": { - "commonName": { - "description": "commonName is the value in the certificate's CN", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "commonName" - ], - "type": "object" - } - }, - "required": [ - "targetCert" - ], - "type": "object" - }, - "status": { - "description": "OperatorPKIStatus is not implemented.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.operator.openshift.io", - "kind": "OperatorPKI", - "version": "v1" - } - ] - }, - "network.operator.openshift.io/v1/OperatorPKIList": { - "description": "OperatorPKIList is a list of OperatorPKI", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of operatorpkis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.network.v1.OperatorPKI" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "network.operator.openshift.io", - "kind": "OperatorPKIList", - "version": "v1" - } - ] - }, - "networkaddonsoperator.network.kubevirt.io/v1/NetworkAddonsConfig": { - "description": "NetworkAddonsConfig is the Schema for the networkaddonsconfigs API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "NetworkAddonsConfigSpec defines the desired state of NetworkAddonsConfig", - "properties": { - "imagePullPolicy": { - "description": "PullPolicy describes a policy for if/when to pull a container image", - "type": "string" - }, - "kubeMacPool": { - "description": "KubeMacPool plugin manages MAC allocation to Pods and VMs in Kubernetes", - "properties": { - "rangeEnd": { - "description": "RangeEnd defines the first mac in range", - "type": "string" - }, - "rangeStart": { - "description": "RangeStart defines the first mac in range", - "type": "string" - } - }, - "type": "object" - }, - "kubeSecondaryDNS": { - "description": "KubeSecondaryDNS plugin allows to support FQDN for VMI's secondary networks", - "properties": { - "domain": { - "description": "Domain defines the FQDN domain", - "type": "string" - }, - "nameServerIP": { - "description": "NameServerIp defines the name server IP", - "type": "string" - } - }, - "type": "object" - }, - "kubevirtIpamController": { - "description": "KubevirtIpamController plugin allows to support IPAM for secondary networks", - "properties": { - "defaultNetworkNADNamespace": { - "description": "DefaultNetworkNADNamespace is the namespace of the cluster default network NetworkAttachmentDefinition exist. When a VM is attached to OVN-Kubernetes user-defined network, with persistent IPs, ipam-controller mutates the pod according to the provided default network NAD namespace.", - "type": "string" - } - }, - "type": "object" - }, - "linuxBridge": { - "description": "LinuxBridge plugin allows users to create a bridge and add the host and the container to it", - "type": "object" - }, - "macvtap": { - "description": "MacvtapCni plugin allows users to define Kubernetes networks on top of existing host interfaces", - "properties": { - "devicePluginConfig": { - "description": "DevicePluginConfig allows the user to override the name of the `ConfigMap` where the device plugin configuration is held", - "type": "string" - } - }, - "type": "object" - }, - "multus": { - "description": "Multus plugin enables attaching multiple network interfaces to Pods in Kubernetes", - "type": "object" - }, - "multusDynamicNetworks": { - "description": "A multus extension enabling hot-plug and hot-unplug of Pod interfaces", - "type": "object" - }, - "ovs": { - "description": "Ovs plugin allows users to define Kubernetes networks on top of Open vSwitch bridges available on nodes", - "type": "object" - }, - "placementConfiguration": { - "description": "PlacementConfiguration defines node placement configuration", - "properties": { - "infra": { - "description": "Infra defines placement configuration for control-plane nodes", - "properties": { - "affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "tolerations": { - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "workloads": { - "properties": { - "affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "tolerations": { - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "selfSignConfiguration": { - "description": "SelfSignConfiguration defines self sign configuration", - "properties": { - "caOverlapInterval": { - "description": "CAOverlapInterval defines the duration where expired CA certificate can overlap with new one, in order to allow fluent CA rotation transitioning", - "type": "string" - }, - "caRotateInterval": { - "description": "CARotateInterval defines duration for CA expiration", - "type": "string" - }, - "certOverlapInterval": { - "description": "CertOverlapInterval defines the duration where expired service certificate can overlap with new one, in order to allow fluent service rotation transitioning", - "type": "string" - }, - "certRotateInterval": { - "description": "CertRotateInterval defines duration for of service certificate expiration", - "type": "string" - } - }, - "type": "object" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "nullable": true, - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n ciphers: - DES-CBC3-SHA", - "items": { - "enum": [ - "TLS_AES_128_GCM_SHA256", - "TLS_AES_256_GCM_SHA384", - "TLS_CHACHA20_POLY1305_SHA256", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-RSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-RSA-AES256-SHA384", - "ECDHE-ECDSA-AES256-SHA", - "ECDHE-RSA-AES256-SHA", - "DHE-RSA-AES128-SHA256", - "DHE-RSA-AES256-SHA256", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "AES128-SHA256", - "AES256-SHA256", - "AES128-SHA", - "AES256-SHA", - "DES-CBC3-SHA" - ], - "type": "string" - }, - "type": "array" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n minTLSVersion: TLSv1.1\n NOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml):\n ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AE,SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AE,SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE,POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported.", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA256,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA256,AES256-SHA256,AES128-SHA,AES256-SHA,DES-CBC3-SHA minTLSVersion: TLSv1.0", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "NetworkAddonsConfigStatus defines the observed state of NetworkAddonsConfig", - "properties": { - "conditions": { - "items": { - "description": "Condition represents the state of the operator's reconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "containers": { - "items": { - "properties": { - "image": { - "type": "string" - }, - "name": { - "type": "string" - }, - "parentKind": { - "type": "string" - }, - "parentName": { - "type": "string" - } - }, - "required": [ - "image", - "name", - "parentKind", - "parentName" - ], - "type": "object" - }, - "type": "array" - }, - "observedVersion": { - "type": "string" - }, - "operatorVersion": { - "type": "string" - }, - "targetVersion": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networkaddonsoperator.network.kubevirt.io", - "kind": "NetworkAddonsConfig", - "version": "v1" - } - ] - }, - "networkaddonsoperator.network.kubevirt.io/v1/NetworkAddonsConfigList": { - "description": "NetworkAddonsConfigList is a list of NetworkAddonsConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of networkaddonsconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.network.networkaddonsoperator.v1.NetworkAddonsConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networkaddonsoperator.network.kubevirt.io", - "kind": "NetworkAddonsConfigList", - "version": "v1" - } - ] - }, - "networkaddonsoperator.network.kubevirt.io/v1alpha1/NetworkAddonsConfig": { - "description": "NetworkAddonsConfig is the Schema for the networkaddonsconfigs API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "NetworkAddonsConfigSpec defines the desired state of NetworkAddonsConfig", - "properties": { - "imagePullPolicy": { - "description": "PullPolicy describes a policy for if/when to pull a container image", - "type": "string" - }, - "kubeMacPool": { - "description": "KubeMacPool plugin manages MAC allocation to Pods and VMs in Kubernetes", - "properties": { - "rangeEnd": { - "description": "RangeEnd defines the first mac in range", - "type": "string" - }, - "rangeStart": { - "description": "RangeStart defines the first mac in range", - "type": "string" - } - }, - "type": "object" - }, - "kubeSecondaryDNS": { - "description": "KubeSecondaryDNS plugin allows to support FQDN for VMI's secondary networks", - "properties": { - "domain": { - "description": "Domain defines the FQDN domain", - "type": "string" - }, - "nameServerIP": { - "description": "NameServerIp defines the name server IP", - "type": "string" - } - }, - "type": "object" - }, - "kubevirtIpamController": { - "description": "KubevirtIpamController plugin allows to support IPAM for secondary networks", - "properties": { - "defaultNetworkNADNamespace": { - "description": "DefaultNetworkNADNamespace is the namespace of the cluster default network NetworkAttachmentDefinition exist. When a VM is attached to OVN-Kubernetes user-defined network, with persistent IPs, ipam-controller mutates the pod according to the provided default network NAD namespace.", - "type": "string" - } - }, - "type": "object" - }, - "linuxBridge": { - "description": "LinuxBridge plugin allows users to create a bridge and add the host and the container to it", - "type": "object" - }, - "macvtap": { - "description": "MacvtapCni plugin allows users to define Kubernetes networks on top of existing host interfaces", - "properties": { - "devicePluginConfig": { - "description": "DevicePluginConfig allows the user to override the name of the `ConfigMap` where the device plugin configuration is held", - "type": "string" - } - }, - "type": "object" - }, - "multus": { - "description": "Multus plugin enables attaching multiple network interfaces to Pods in Kubernetes", - "type": "object" - }, - "multusDynamicNetworks": { - "description": "A multus extension enabling hot-plug and hot-unplug of Pod interfaces", - "type": "object" - }, - "ovs": { - "description": "Ovs plugin allows users to define Kubernetes networks on top of Open vSwitch bridges available on nodes", - "type": "object" - }, - "placementConfiguration": { - "description": "PlacementConfiguration defines node placement configuration", - "properties": { - "infra": { - "description": "Infra defines placement configuration for control-plane nodes", - "properties": { - "affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "tolerations": { - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "workloads": { - "properties": { - "affinity": { - "description": "Affinity is a group of affinity scheduling rules.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object" - }, - "namespaces": { - "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", - "items": { - "type": "string" - }, - "type": "array" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" } }, "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "tolerations": { - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" } }, + "required": [ + "metadata", + "spec" + ], "type": "object" } }, - "type": "object" - }, - "selfSignConfiguration": { - "description": "SelfSignConfiguration defines self sign configuration", - "properties": { - "caOverlapInterval": { - "description": "CAOverlapInterval defines the duration where expired CA certificate can overlap with new one, in order to allow fluent CA rotation transitioning", - "type": "string" - }, - "caRotateInterval": { - "description": "CARotateInterval defines duration for CA expiration", - "type": "string" - }, - "certOverlapInterval": { - "description": "CertOverlapInterval defines the duration where expired service certificate can overlap with new one, in order to allow fluent service rotation transitioning", - "type": "string" - }, - "certRotateInterval": { - "description": "CertRotateInterval defines duration for of service certificate expiration", - "type": "string" - } - }, - "type": "object" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "nullable": true, - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n ciphers: - DES-CBC3-SHA", - "items": { - "enum": [ - "TLS_AES_128_GCM_SHA256", - "TLS_AES_256_GCM_SHA384", - "TLS_CHACHA20_POLY1305_SHA256", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-RSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-RSA-AES256-SHA384", - "ECDHE-ECDSA-AES256-SHA", - "ECDHE-RSA-AES256-SHA", - "DHE-RSA-AES128-SHA256", - "DHE-RSA-AES256-SHA256", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "AES128-SHA256", - "AES256-SHA256", - "AES128-SHA", - "AES256-SHA", - "DES-CBC3-SHA" - ], - "type": "string" - }, - "type": "array" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n minTLSVersion: TLSv1.1\n NOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml):\n ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AE,SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AE,SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE,POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported.", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA256,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA256,AES256-SHA256,AES128-SHA,AES256-SHA,DES-CBC3-SHA minTLSVersion: TLSv1.0", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" + "required": [ + "machineType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise", + "rule": "has(self.machineType) && self.machineType == 'machines_v1beta1_machine_openshift_io' ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)" } - }, - "type": "object" + ] } }, + "required": [ + "replicas", + "selector", + "template" + ], "type": "object" }, "status": { - "description": "NetworkAddonsConfigStatus defines the observed state of NetworkAddonsConfig", + "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", "properties": { "conditions": { + "description": "conditions represents the observations of the ControlPlaneMachineSet's current state.\nKnown .status.conditions.type are: Available, Degraded and Progressing.", "items": { - "description": "Condition represents the state of the operator's reconciliation functionality.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", - "nullable": true, "type": "string" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "containers": { - "items": { - "properties": { - "image": { - "type": "string" - }, - "name": { - "type": "string" - }, - "parentKind": { - "type": "string" - }, - "parentName": { - "type": "string" - } - }, - "required": [ - "image", - "name", - "parentKind", - "parentName" - ], - "type": "object" - }, - "type": "array" + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed for this\nControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation,\nwhich is updated on mutation by the API Server.", + "format": "int64", + "type": "integer" }, - "observedVersion": { - "type": "string" + "readyReplicas": { + "description": "readyReplicas is the number of Control Plane Machines created by the\nControlPlaneMachineSet controller which are ready.\nNote that this value may be higher than the desired number of replicas\nwhile rolling updates are in-progress.", + "format": "int32", + "type": "integer" }, - "operatorVersion": { - "type": "string" + "replicas": { + "description": "replicas is the number of Control Plane Machines created by the\nControlPlaneMachineSet controller.\nNote that during update operations this value may differ from the\ndesired replica count.", + "format": "int32", + "type": "integer" }, - "targetVersion": { - "type": "string" + "unavailableReplicas": { + "description": "unavailableReplicas is the number of Control Plane Machines that are\nstill required before the ControlPlaneMachineSet reaches the desired\navailable capacity. When this value is non-zero, the number of\nReadyReplicas is less than the desired Replicas.", + "format": "int32", + "type": "integer" + }, + "updatedReplicas": { + "description": "updatedReplicas is the number of non-terminated Control Plane Machines\ncreated by the ControlPlaneMachineSet controller that have the desired\nprovider spec and are ready.\nThis value is set to 0 when a change is detected to the desired spec.\nWhen the update strategy is RollingUpdate, this will also coincide\nwith starting the process of updating the Machines.\nWhen the update strategy is OnDelete, this value will remain at 0 until\na user deletes an existing replica and its replacement has become ready.", + "format": "int32", + "type": "integer" } }, "type": "object" @@ -219242,14 +133253,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networkaddonsoperator.network.kubevirt.io", - "kind": "NetworkAddonsConfig", - "version": "v1alpha1" + "group": "machine.openshift.io", + "kind": "ControlPlaneMachineSet", + "version": "v1" } ] }, - "networkaddonsoperator.network.kubevirt.io/v1alpha1/NetworkAddonsConfigList": { - "description": "NetworkAddonsConfigList is a list of NetworkAddonsConfig", + "machine.openshift.io/v1/ControlPlaneMachineSetList": { + "description": "ControlPlaneMachineSetList is a list of ControlPlaneMachineSet", "namespaced": true, "properties": { "apiVersion": { @@ -219257,9 +133268,9 @@ "type": "string" }, "items": { - "description": "List of networkaddonsconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of controlplanemachinesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.network.networkaddonsoperator.v1alpha1.NetworkAddonsConfig" + "$ref": "#/components/schemas/io.openshift.machine.v1.ControlPlaneMachineSet" }, "type": "array" }, @@ -219282,102 +133293,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networkaddonsoperator.network.kubevirt.io", - "kind": "NetworkAddonsConfigList", - "version": "v1alpha1" - } - ] - }, - "networking.k8s.io/v1/IPAddress": { - "description": "IPAddress represents a single IP of a single IP Family. The object is designed to be used by APIs that operate on IP addresses. The object is used by the Service core API for allocation of IP addresses. An IP address can be represented in different formats, to guarantee the uniqueness of the IP, the name of the object is the IP address in canonical format, four decimal digits separated by dots suppressing leading zeros for IPv4 and the representation defined by RFC 5952 for IPv6. Valid: 192.168.1.5 or 2001:db8::1 or 2001:db8:aaaa:bbbb:cccc:dddd:eeee:1 Invalid: 10.01.2.3 or 2001:db8:0:0:0::1", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IPAddressSpec" - } - ], - "default": {}, - "description": "spec is the desired state of the IPAddress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "IPAddress", + "group": "machine.openshift.io", + "kind": "ControlPlaneMachineSetList", "version": "v1" } ] }, - "networking.k8s.io/v1/IPAddressList": { - "description": "IPAddressList contains a list of IPAddress.", + "machine.openshift.io/v1beta1/Machine": { + "description": "Machine is the Schema for the machines API\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of IPAddresses.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IPAddress" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "IPAddressList", - "version": "v1" - } - ] - }, - "networking.k8s.io/v1/Ingress": { - "description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.", - "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -219393,41 +133317,373 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressSpec" + "description": "MachineSpec defines the desired state of Machine", + "properties": { + "lifecycleHooks": { + "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", + "properties": { + "preDrain": { + "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", + "items": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", + "properties": { + "name": { + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + }, + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, + "type": "string" + } + }, + "required": [ + "name", + "owner" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "preTerminate": { + "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", + "items": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", + "properties": { + "name": { + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + }, + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, + "type": "string" + } + }, + "required": [ + "name", + "owner" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", + "items": { + "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" + }, + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "providerID": { + "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", + "type": "string" + }, + "providerSpec": { + "description": "providerSpec details Provider-specific configuration to use during node creation.", + "properties": { + "value": { + "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", + "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", + "properties": { + "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string" + }, + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" + } + }, + "required": [ + "effect", + "key" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } - ], - "default": {}, - "description": "spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "type": "object" }, "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressStatus" + "description": "MachineStatus defines the observed state of Machine", + "properties": { + "addresses": { + "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", + "items": { + "description": "NodeAddress contains information for the node's address.", + "properties": { + "address": { + "description": "The node address.", + "type": "string" + }, + "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", + "type": "string" + } + }, + "required": [ + "address", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "conditions": { + "description": "conditions defines the current state of the Machine", + "items": { + "description": "Condition defines an observation of a Machine API resource operational state.", + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "A human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", + "type": "string" + }, + "severity": { + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "errorMessage": { + "description": "errorMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", + "type": "string" + }, + "errorReason": { + "description": "errorReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output.", + "type": "string" + }, + "lastOperation": { + "description": "lastOperation describes the last-operation performed by the machine-controller.\nThis API should be useful as a history in terms of the latest operation performed on the\nspecific machine. It should also convey the state of the latest-operation for example if\nit is still on-going, failed or completed successfully.", + "properties": { + "description": { + "description": "description is the human-readable description of the last operation.", + "type": "string" + }, + "lastUpdated": { + "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", + "format": "date-time", + "type": "string" + }, + "state": { + "description": "state is the current status of the last performed operation.\nE.g. Processing, Failed, Successful etc", + "type": "string" + }, + "type": { + "description": "type is the type of operation which was last performed.\nE.g. Create, Delete, Update etc", + "type": "string" + } + }, + "type": "object" + }, + "lastUpdated": { + "description": "lastUpdated identifies when this status was last observed.", + "format": "date-time", + "type": "string" + }, + "nodeRef": { + "description": "nodeRef will point to the corresponding Node if it exists.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "phase": { + "description": "phase represents the current phase of machine actuation.\nOne of: Failed, Provisioning, Provisioned, Running, Deleting", + "type": "string" + }, + "providerStatus": { + "description": "providerStatus details a Provider-specific status.\nIt is recommended that providers maintain their\nown versioned API types that should be\nserialized/deserialized from this field.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } - ], - "default": {}, - "description": "status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "type": "object" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networking.k8s.io", - "kind": "Ingress", - "version": "v1" + "group": "machine.openshift.io", + "kind": "Machine", + "version": "v1beta1" } ] }, - "networking.k8s.io/v1/IngressClass": { - "description": "IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.", - "namespaced": false, + "machine.openshift.io/v1beta1/MachineHealthCheck": { + "description": "MachineHealthCheck is the Schema for the machinehealthchecks API\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -219443,164 +133699,217 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressClassSpec" - } - ], - "default": {}, - "description": "spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "IngressClass", - "version": "v1" - } - ] - }, - "networking.k8s.io/v1/IngressClassList": { - "description": "IngressClassList is a collection of IngressClasses.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of IngressClasses.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressClass" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "description": "Specification of machine health check policy", + "properties": { + "maxUnhealthy": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "default": "100%", + "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by\n\"selector\" are not healthy.\nExpects either a postive integer value or a percentage value.\nPercentage values must be positive whole numbers and are capped at 100%.\nBoth 0 and 0% are valid and will block all remediation.\nDefaults to 100% if not set.", + "pattern": "^((100|[0-9]{1,2})%|[0-9]+)$", + "x-kubernetes-int-or-string": true + }, + "nodeStartupTimeout": { + "default": "10m", + "description": "Machines older than this duration without a node will be considered to have\nfailed and will be remediated.\nTo prevent Machines without Nodes from being removed, disable startup checks\nby setting this value explicitly to \"0\".\nExpects an unsigned duration string of decimal numbers each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".", + "pattern": "^0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$", + "type": "string" + }, + "remediationTemplate": { + "description": "remediationTemplate is a reference to a remediation template\nprovided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller\ncreates a new object from the template referenced and hands off remediation of the machine to\na controller that lives outside of Machine API Operator.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "selector": { + "description": "Label selector to match machines whose health will be exercised.\nNote: An empty selector will match all machines.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "unhealthyConditions": { + "description": "unhealthyConditions contains a list of the conditions that determine\nwhether a node is considered unhealthy. The conditions are combined in a\nlogical OR, i.e. if any of the conditions is met, the node is unhealthy.", + "items": { + "description": "UnhealthyCondition represents a Node condition type and value with a timeout\nspecified as a duration. When the named condition has been in the given\nstatus for at least the timeout value, a node is considered unhealthy.", + "properties": { + "status": { + "minLength": 1, + "type": "string" + }, + "timeout": { + "description": "Expects an unsigned duration string of decimal numbers each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".", + "pattern": "^([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|ms|s|m|h))+$", + "type": "string" + }, + "type": { + "minLength": 1, + "type": "string" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" } - ], - "default": {}, - "description": "Standard list metadata." - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "IngressClassList", - "version": "v1" - } - ] - }, - "networking.k8s.io/v1/IngressList": { - "description": "IngressList is a collection of Ingress.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of Ingress.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.Ingress" - } - ], - "default": {} }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "IngressList", - "version": "v1" - } - ] - }, - "networking.k8s.io/v1/NetworkPolicy": { - "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "type": "object" }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.NetworkPolicySpec" + "status": { + "description": "Most recently observed status of MachineHealthCheck resource", + "properties": { + "conditions": { + "description": "conditions defines the current state of the MachineHealthCheck", + "items": { + "description": "Condition defines an observation of a Machine API resource operational state.", + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "A human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", + "type": "string" + }, + "severity": { + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentHealthy": { + "description": "total number of machines counted by this machine health check", + "minimum": 0, + "type": "integer" + }, + "expectedMachines": { + "description": "total number of machines counted by this machine health check", + "minimum": 0, + "type": "integer" + }, + "remediationsAllowed": { + "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before\nmaxUnhealthy short circuiting will be applied", + "format": "int32", + "minimum": 0, + "type": "integer" } - ], - "default": {}, - "description": "spec represents the specification of the desired behavior for this NetworkPolicy." + }, + "type": "object" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networking.k8s.io", - "kind": "NetworkPolicy", - "version": "v1" + "group": "machine.openshift.io", + "kind": "MachineHealthCheck", + "version": "v1beta1" } ] }, - "networking.k8s.io/v1/NetworkPolicyList": { - "description": "NetworkPolicyList is a list of NetworkPolicy objects.", + "machine.openshift.io/v1beta1/MachineHealthCheckList": { + "description": "MachineHealthCheckList is a list of MachineHealthCheck", "namespaced": true, "properties": { "apiVersion": { @@ -219608,14 +133917,9 @@ "type": "string" }, "items": { - "description": "items is a list of schema objects.", + "description": "List of machinehealthchecks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.NetworkPolicy" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.machine.v1beta1.MachineHealthCheck" }, "type": "array" }, @@ -219629,8 +133933,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -219639,64 +133942,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networking.k8s.io", - "kind": "NetworkPolicyList", - "version": "v1" - } - ] - }, - "networking.k8s.io/v1/ServiceCIDR": { - "description": "ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). This range is used to allocate ClusterIPs to Service objects.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDRSpec" - } - ], - "default": {}, - "description": "spec is the desired state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDRStatus" - } - ], - "default": {}, - "description": "status represents the current state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "networking.k8s.io", - "kind": "ServiceCIDR", - "version": "v1" + "group": "machine.openshift.io", + "kind": "MachineHealthCheckList", + "version": "v1beta1" } ] }, - "networking.k8s.io/v1/ServiceCIDRList": { - "description": "ServiceCIDRList contains a list of ServiceCIDR objects.", + "machine.openshift.io/v1beta1/MachineList": { + "description": "MachineList is a list of Machine", "namespaced": true, "properties": { "apiVersion": { @@ -219704,14 +133957,9 @@ "type": "string" }, "items": { - "description": "items is the list of ServiceCIDRs.", + "description": "List of machines. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDR" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.machine.v1beta1.Machine" }, "type": "array" }, @@ -219725,8 +133973,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -219735,15 +133982,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "networking.k8s.io", - "kind": "ServiceCIDRList", - "version": "v1" + "group": "machine.openshift.io", + "kind": "MachineList", + "version": "v1beta1" } ] }, - "nmstate.io/v1/NMState": { - "description": "NMState is the Schema for the nmstates API", - "namespaced": false, + "machine.openshift.io/v1beta1/MachineSet": { + "description": "MachineSet ensures that a specified number of machines replicas are running at any given time.\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -219752,1686 +133999,445 @@ "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "default": {}, - "description": "NMStateSpec defines the desired state of NMState", - "properties": { - "affinity": { - "description": "Affinity is an optional affinity selector that will be added to handler DaemonSet manifest.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "MachineSetSpec defines the desired state of MachineSet", + "properties": { + "deletePolicy": { + "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling.\nDefaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", + "enum": [ + "Random", + "Newest", + "Oldest" + ], + "type": "string" + }, + "minReadySeconds": { + "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.\nDefaults to 0 (machine will be considered available as soon as it is ready)", + "format": "int32", + "type": "integer" + }, + "replicas": { + "default": 1, + "description": "replicas is the number of desired replicas.\nThis is a pointer to distinguish between explicit zero and unspecified.\nDefaults to 1.", + "format": "int32", + "type": "integer" + }, + "selector": { + "description": "selector is a label query over machines that should match the replica count.\nLabel keys and values that must match in order to be controlled by this MachineSet.\nIt must match the machine template's labels.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "infraAffinity": { - "description": "InfraAffinity is an optional affinity selector that will be added to webhook, metrics & console-plugin Deployment manifests.", + "template": { + "description": "template is the object that describes the machine that will be created if\ninsufficient replicas are detected.", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "annotations": { + "additionalProperties": { + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "apiVersion": { + "description": "API version of the referent.", + "type": "string" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", "type": "string" } }, "required": [ - "topologyKey" + "apiVersion", + "kind", + "name", + "uid" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map" } }, "type": "object" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "spec": { + "description": "Specification of the desired behavior of the machine.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "lifecycleHooks": { + "description": "lifecycleHooks allow users to pause operations on the machine at\ncertain predefined points within the machine lifecycle.", + "properties": { + "preDrain": { + "description": "preDrain hooks prevent the machine from being drained.\nThis also blocks further lifecycle events, such as termination.", + "items": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, "type": "string" } }, "required": [ - "topologyKey" + "name", + "owner" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "preTerminate": { + "description": "preTerminate hooks prevent the machine from being terminated.\nPreTerminate hooks be actioned after the Machine has been drained.", + "items": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name defines a unique name for the lifcycle hook.\nThe name should be unique and descriptive, ideally 1-3 words, in CamelCase or\nit may be namespaced, eg. foo.example.com/CamelCase.\nNames must be unique and should only be managed by a single entity.", + "maxLength": 256, + "minLength": 3, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "owner": { + "description": "owner defines the owner of the lifecycle hook.\nThis should be descriptive enough so that users can identify\nwho/what is responsible for blocking the lifecycle.\nThis could be the name of a controller (e.g. clusteroperator/etcd)\nor an administrator managing the hook.", + "maxLength": 512, + "minLength": 3, + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name", + "owner" + ], + "type": "object" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to\nindicate what labels, annotations, name prefix, etc., should be used\nwhen creating the Node.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", + "items": { + "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "API version of the referent.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" + }, + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" } }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "infraNodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "InfraNodeSelector is an optional selector that will be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraNodeSelector is specified, the webhook, metrics and the console plugin will run only on nodes that have each\nof the indicated key-value pairs as labels applied to the node.", - "type": "object" - }, - "infraTolerations": { - "description": "InfraTolerations is an optional list of tolerations to be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraTolerations is specified, the webhook, metrics and the console plugin will be able to be scheduled on nodes with\ncorresponding taints", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is an optional selector that will be added to handler DaemonSet manifest\nfor both workers and control-plane (https://github.com/nmstate/kubernetes-nmstate/blob/main/deploy/handler/operator.yaml).\nIf NodeSelector is specified, the handler will run only on nodes that have each of the indicated key-value pairs\nas labels applied to the node.", - "type": "object" - }, - "probeConfiguration": { - "default": {}, - "description": "ProbeConfiguration is an optional configuration of NMstate probes testing various functionalities.\nIf ProbeConfiguration is specified, the handler will use the config defined here instead of its default values.", - "properties": { - "dns": { - "default": { - "host": "root-servers.net" - }, - "properties": { - "host": { - "default": "root-servers.net", + "type": "object" + }, + "providerID": { + "description": "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider.", "type": "string" + }, + "providerSpec": { + "description": "providerSpec details Provider-specific configuration to use during node creation.", + "properties": { + "value": { + "description": "value is an inlined, serialized representation of the resource\nconfiguration. It is recommended that providers maintain their own\nversioned API types that should be serialized/deserialized from this\nfield, akin to component config.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive\nmanner. This list will not overwrite any other taints added to the Node on\nan ongoing basis by other entities. These taints should be actively reconciled\ne.g. if you ask the machine controller to apply a taint and then manually remove\nthe taint the machine controller will put it back) but not have the machine controller\nremove any taints", + "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", + "properties": { + "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string" + }, + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" + } + }, + "required": [ + "effect", + "key" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "host" - ], "type": "object" } }, "type": "object" - }, - "selfSignConfiguration": { - "description": "SelfSignConfiguration defines self signed certificate configuration", - "properties": { - "caOverlapInterval": { - "description": "CAOverlapInterval defines the duration where expired CA certificate\ncan overlap with new one, in order to allow fluent CA rotation transitioning", - "type": "string" - }, - "caRotateInterval": { - "description": "CARotateInterval defines duration for CA expiration", - "type": "string" - }, - "certOverlapInterval": { - "description": "CertOverlapInterval defines the duration where expired service certificate\ncan overlap with new one, in order to allow fluent service rotation transitioning", - "type": "string" - }, - "certRotateInterval": { - "description": "CertRotateInterval defines duration for of service certificate expiration", - "type": "string" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations is an optional list of tolerations to be added to handler DaemonSet manifest\nIf Tolerations is specified, the handler daemonset will be also scheduled on nodes with corresponding taints", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" } }, "type": "object" }, "status": { - "description": "NMStateStatus defines the observed state of NMState", + "description": "MachineSetStatus defines the observed state of MachineSet", "properties": { + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", + "format": "int32", + "type": "integer" + }, "conditions": { + "description": "conditions defines the current state of the MachineSet", "items": { + "description": "Condition defines an observation of a Machine API resource operational state.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { + "description": "A human readable message indicating details about the transition.\nThis field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", + "type": "string" + }, + "severity": { + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, "required": [ + "lastTransitionTime", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "errorMessage": { + "type": "string" + }, + "errorReason": { + "description": "In the event that there is a terminal problem reconciling the\nreplicas, both ErrorReason and ErrorMessage will be set. ErrorReason\nwill be populated with a succinct value suitable for machine\ninterpretation, while ErrorMessage will contain a more verbose\nstring suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a\ncontroller faces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the MachineTemplate's spec or the configuration of\nthe machine controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the machine controller, or the\nresponsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the MachineSet object and/or logged in the\ncontroller's output.", + "type": "string" + }, + "fullyLabeledReplicas": { + "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + "format": "int32", + "type": "integer" + }, + "observedGeneration": { + "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", + "format": "int32", + "type": "integer" + }, + "replicas": { + "description": "replicas is the most recently observed number of replicas.", + "format": "int32", + "type": "integer" } }, "type": "object" @@ -221441,14 +134447,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NMState", - "version": "v1" + "group": "machine.openshift.io", + "kind": "MachineSet", + "version": "v1beta1" } ] }, - "nmstate.io/v1/NMStateList": { - "description": "NMStateList is a list of NMState", + "machine.openshift.io/v1beta1/MachineSetList": { + "description": "MachineSetList is a list of MachineSet", "namespaced": true, "properties": { "apiVersion": { @@ -221456,9 +134462,9 @@ "type": "string" }, "items": { - "description": "List of nmstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of machinesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.nmstate.v1.NMState" + "$ref": "#/components/schemas/io.openshift.machine.v1beta1.MachineSet" }, "type": "array" }, @@ -221481,14 +134487,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NMStateList", - "version": "v1" + "group": "machine.openshift.io", + "kind": "MachineSetList", + "version": "v1beta1" } ] }, - "nmstate.io/v1/NodeNetworkConfigurationPolicy": { - "description": "NodeNetworkConfigurationPolicy is the Schema for the nodenetworkconfigurationpolicies API", + "machineconfiguration.openshift.io/v1/ContainerRuntimeConfig": { + "description": "ContainerRuntimeConfig describes a customized Container Runtime configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -221508,102 +134514,167 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "NodeNetworkConfigurationPolicySpec defines the desired state of NodeNetworkConfigurationPolicy", + "description": "spec contains the desired container runtime configuration.", "properties": { - "capture": { - "additionalProperties": { - "type": "string" + "containerRuntimeConfig": { + "description": "containerRuntimeConfig defines the tuneables of the container runtime.", + "properties": { + "defaultRuntime": { + "description": "defaultRuntime is the name of the OCI runtime to be used as the default for containers.\nAllowed values are `runc` and `crun`.\nWhen set to `runc`, OpenShift will use runc to execute the container\nWhen set to `crun`, OpenShift will use crun to execute the container\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default,\nwhich is subject to change over time. Currently, the default is `crun`.", + "enum": [ + "crun", + "runc" + ], + "type": "string" + }, + "logLevel": { + "description": "logLevel specifies the verbosity of the logs based on the level it is set to.\nOptions are fatal, panic, error, warn, info, and debug.", + "type": "string" + }, + "logSizeMax": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "logSizeMax specifies the Maximum size allowed for the container log file.\nNegative numbers indicate that no size limit is imposed.\nIf it is positive, it must be >= 8192 to match/exceed conmon's read buffer.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "overlaySize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "overlaySize specifies the maximum size of a container image.\nThis flag can be used to set quota on the size of container images. (default: 10GB)", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "pidsLimit": { + "description": "pidsLimit specifies the maximum number of processes allowed in a container", + "format": "int64", + "type": "integer" + } }, - "description": "Capture contains expressions with an associated name than can be referenced\nat the DesiredState.", "type": "object" }, - "desiredState": { - "description": "The desired configuration of the policy", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" + "machineConfigPoolSelector": { + "description": "machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to.\nA nil selector will result in no pools being selected.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "description": "MaxUnavailable specifies percentage or number\nof machines that can be updating at a time. Default is \"50%\".", - "x-kubernetes-int-or-string": true - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" }, - "description": "NodeSelector is a selector which must be true for the policy to be applied to the node.\nSelector which must match a node's labels for the policy to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, + "required": [ + "containerRuntimeConfig" + ], "type": "object" }, "status": { - "description": "NodeNetworkConfigurationPolicyStatus defines the observed state of NodeNetworkConfigurationPolicy", + "description": "status contains observed information about the container runtime configuration.", "properties": { "conditions": { + "description": "conditions represents the latest available observations of current state.", "items": { + "description": "ContainerRuntimeConfigCondition defines the state of the ContainerRuntimeConfig", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status object.", "format": "date-time", + "nullable": true, "type": "string" }, "message": { + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", "type": "string" }, "reason": { + "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type specifies the state of the operator's reconciliation functionality.", "type": "string" } }, - "required": [ - "status", - "type" - ], "type": "object" }, - "type": "array" - }, - "lastUnavailableNodeCountUpdate": { - "description": "LastUnavailableNodeCountUpdate is time of the last UnavailableNodeCount update", - "format": "date-time", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "unavailableNodeCount": { - "description": "UnavailableNodeCount represents the total number of potentially unavailable nodes that are\nprocessing a NodeNetworkConfigurationPolicy", + "observedGeneration": { + "description": "observedGeneration represents the generation observed by the controller.", + "format": "int64", "type": "integer" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationPolicy", + "group": "machineconfiguration.openshift.io", + "kind": "ContainerRuntimeConfig", "version": "v1" } ] }, - "nmstate.io/v1/NodeNetworkConfigurationPolicyList": { - "description": "NodeNetworkConfigurationPolicyList is a list of NodeNetworkConfigurationPolicy", + "machineconfiguration.openshift.io/v1/ContainerRuntimeConfigList": { + "description": "ContainerRuntimeConfigList is a list of ContainerRuntimeConfig", "namespaced": true, "properties": { "apiVersion": { @@ -221611,9 +134682,9 @@ "type": "string" }, "items": { - "description": "List of nodenetworkconfigurationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of containerruntimeconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.nmstate.v1.NodeNetworkConfigurationPolicy" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.ContainerRuntimeConfig" }, "type": "array" }, @@ -221636,14 +134707,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationPolicyList", + "group": "machineconfiguration.openshift.io", + "kind": "ContainerRuntimeConfigList", "version": "v1" } ] }, - "nmstate.io/v1beta1/NMState": { - "description": "NMState is the Schema for the nmstates API", + "machineconfiguration.openshift.io/v1/ControllerConfig": { + "description": "ControllerConfig describes configuration for MachineConfigController.\nThis is currently only used to drive the MachineConfig objects generated by the TemplateController.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -221663,1836 +134734,2473 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "default": {}, - "description": "NMStateSpec defines the desired state of NMState", + "description": "spec contains the desired controller config configuration.", "properties": { - "affinity": { - "description": "Affinity is an optional affinity selector that will be added to handler DaemonSet manifest.", + "additionalTrustBundle": { + "description": "additionalTrustBundle is a certificate bundle that will be added to the nodes\ntrusted certificate store.", + "format": "byte", + "nullable": true, + "type": "string" + }, + "baseOSContainerImage": { + "description": "baseOSContainerImage is the new-format container image for operating system updates.", + "type": "string" + }, + "baseOSExtensionsContainerImage": { + "description": "baseOSExtensionsContainerImage is the matching extensions container for the new-format container", + "type": "string" + }, + "cloudProviderCAData": { + "description": "cloudProviderCAData specifies the cloud provider CA data", + "format": "byte", + "nullable": true, + "type": "string" + }, + "cloudProviderConfig": { + "description": "cloudProviderConfig is the configuration for the given cloud provider", + "type": "string" + }, + "clusterDNSIP": { + "description": "clusterDNSIP is the cluster DNS IP address", + "type": "string" + }, + "dns": { + "description": "dns holds the cluster dns details", + "nullable": true, "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "baseDomain": { + "description": "baseDomain is the base domain of the cluster. All managed DNS records will\nbe sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server\nDNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", + "type": "string" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "platform": { + "description": "platform holds configuration specific to the underlying\ninfrastructure provider for DNS.\nWhen omitted, this means the user has no opinion and the platform is left\nto choose reasonable defaults. These defaults are subject to change over time.", "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "aws": { + "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", + "properties": { + "privateZoneIAMRole": { + "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing\noperations on the cluster's private hosted zone specified in the cluster DNS config.\nWhen left empty, no role should be assumed.", + "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster.\nAllowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms,\nand must handle unrecognized platforms with best-effort defaults.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "allowed values are '' and 'AWS'", + "rule": "self in ['','AWS']" + } + ] } }, "required": [ - "nodeSelectorTerms" + "type" ], "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "aws configuration is required when platform is AWS, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)" + } + ] + }, + "privateZone": { + "description": "privateZone is the location where all the DNS records that are only available internally\nto the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "properties": { + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object" + } + }, + "type": "object" + }, + "publicZone": { + "description": "publicZone is the location where all the DNS records that are publicly accessible to\nthe internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", + "properties": { + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1]\non Azure zone can be fetched using `ID` as a pre-determined name in [2],\non GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options\n[2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show\n[3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object" + } + }, + "type": "object" } }, "type": "object" }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "type": "object" + } + }, + "required": [ + "spec", + "kind", + "apiVersion" + ], + "type": "object", + "x-kubernetes-embedded-resource": true + }, + "etcdDiscoveryDomain": { + "description": "etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain instead", + "type": "string" + }, + "imageRegistryBundleData": { + "description": "imageRegistryBundleData is the ImageRegistryData", + "items": { + "description": "ImageRegistryBundle contains information for writing image registry certificates", + "properties": { + "data": { + "description": "data holds the contents of the bundle that will be written to the file location", + "format": "byte", + "type": "string" + }, + "file": { + "description": "file holds the name of the file where the bundle will be written to disk", + "type": "string" + } + }, + "required": [ + "data", + "file" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "imageRegistryBundleUserData": { + "description": "imageRegistryBundleUserData is Image Registry Data provided by the user", + "items": { + "description": "ImageRegistryBundle contains information for writing image registry certificates", + "properties": { + "data": { + "description": "data holds the contents of the bundle that will be written to the file location", + "format": "byte", + "type": "string" + }, + "file": { + "description": "file holds the name of the file where the bundle will be written to disk", + "type": "string" + } + }, + "required": [ + "data", + "file" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "images": { + "additionalProperties": { + "type": "string" + }, + "description": "images is map of images that are used by the controller to render templates under ./templates/", + "type": "object" + }, + "infra": { + "description": "infra holds the infrastructure details", + "nullable": true, + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "cloudConfig": { + "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.\nThis configuration file is used to configure the Kubernetes cloud provider integration\nwhen using the built-in cloud provider integration or the external cloud controller manager.\nThe namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller.\nThe controller is responsible for using the user configuration in the spec\nfor various platforms and combining that with the user provided ConfigMap in this field\nto create a stitched kube cloud config.\nThe controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace\nwith the kube cloud config is stored in `cloud.conf` key.\nAll the clients are expected to use the generated ConfigMap only.", + "properties": { + "key": { + "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", + "type": "string" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "name": { + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "platformSpec": { + "description": "platformSpec holds desired information specific to the underlying\ninfrastructure provider.", + "properties": { + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "type": "object" + }, + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "properties": { + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default\nservice endpoint of AWS Services.\nThere must be only one ServiceEndpoint for a service.", + "items": { + "description": "AWSServiceEndpoint store the configuration of a custom url to\noverride existing defaults of AWS Services.", + "properties": { + "name": { + "description": "name is the name of the AWS service.\nThe list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html\nThis must be provided and cannot be empty.", + "pattern": "^[a-z0-9-]+$", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", + "pattern": "^https://", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "azure": { + "description": "azure contains settings specific to the Azure infrastructure provider.", + "type": "object" + }, + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] + }, + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + } }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs list is required once set", + "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "message": "ingressIPs list is required once set", + "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" + } + ] + }, + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "type": "object" + }, + "external": { + "description": "ExternalPlatformType represents generic infrastructure provider.\nPlatform-specific components should be supplemented separately.", + "properties": { + "platformName": { + "default": "Unknown", + "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time.\nThis field is solely for informational and reporting purposes and is not expected to be used for decision-making.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "platform name cannot be changed once set", + "rule": "oldSelf == 'Unknown' || self == oldSelf" + } + ] + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "gcp": { + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "type": "object" + }, + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "type": "object" + }, + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "type": "object" + }, + "nutanix": { + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "properties": { + "failureDomains": { + "description": "failureDomains configures failure domains information for the Nutanix platform.\nWhen set, the failure domains defined here may be used to spread Machines across\nprism element clusters to improve fault tolerance of the cluster.", + "items": { + "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "cluster": { + "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central),\nin which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained\nfrom the Prism Central console or using the prism_central API.", + "properties": { + "name": { + "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", + "type": "string" + }, + "type": { + "description": "type is the identifier type to use for this resource.", + "enum": [ + "UUID", + "Name" + ], + "type": "string" + }, + "uuid": { + "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "uuid configuration is required when type is UUID, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)" + }, + { + "message": "name configuration is required when type is Name, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)" + } + ] + }, + "name": { + "description": "name defines the unique name of a failure domain.\nName is required and must be at most 64 characters in length.\nIt must consist of only lower case alphanumeric characters and hyphens (-).\nIt must start and end with an alphanumeric character.\nThis value is arbitrary and is used to identify the failure domain within the platform.", + "maxLength": 64, + "minLength": 1, + "pattern": "[a-z0-9]([-a-z0-9]*[a-z0-9])?", + "type": "string" + }, + "subnets": { + "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets\nIf the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured.\nfor the Machine's VM to connect to. The subnet identifiers (uuid or name) can be\nobtained from the Prism Central console or using the prism_central API.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "name": { + "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": { + "description": "type is the identifier type to use for this resource.", + "enum": [ + "UUID", + "Name" + ], "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "uuid": { + "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "type": "string" } }, "required": [ - "key", - "operator" + "type" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "uuid configuration is required when type is UUID, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)" + }, + { + "message": "name configuration is required when type is Name, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)" + } + ] }, + "maxItems": 1, + "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "cluster", + "name", + "subnets" + ], + "type": "object" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "prismCentral": { + "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central.\nWhen a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.\nShould you wish for communication with this endpoint not to be proxied, please add the endpoint to the\nproxy spec.noProxy list.", + "properties": { + "address": { + "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "maxLength": 256, "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "port": { + "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "required": [ + "address", + "port" + ], + "type": "object" + }, + "prismElements": { + "description": "prismElements holds one or more endpoint address and port data to access the Nutanix\nPrism Elements (clusters) of the Nutanix Prism Central. Currently we only support one\nPrism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.)\nused in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.)\nspread over multiple Prism Elements (clusters) of the Prism Central.", + "items": { + "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "endpoint": { + "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster).\nWhen a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy.\nShould you wish for communication with this endpoint not to be proxied, please add the endpoint to the\nproxy spec.noProxy list.", + "properties": { + "address": { + "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "maxLength": 256, + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "port": { + "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "address", + "port" + ], "type": "object" + }, + "name": { + "description": "name is the name of the Prism Element (cluster). This value will correspond with\nthe cluster field configured on other resources (eg Machines, PVCs, etc).", + "maxLength": 256, + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "endpoint", + "name" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "required": [ + "prismCentral", + "prismElements" + ], + "type": "object" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "openstack": { + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + } }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs list is required once set", + "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + { + "message": "ingressIPs list is required once set", + "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" + } + ] + }, + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "type": "object" + }, + "powervs": { + "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", + "properties": { + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of a Power VS service.", + "items": { + "description": "PowervsServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of PowerVS Services.", + "properties": { + "name": { + "description": "name is the name of the Power VS service.\nFew of the services are\nIAM - https://cloud.ibm.com/apidocs/iam-identity-token-api\nResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller\nPower Cloud - https://cloud.ibm.com/apidocs/power-cloud", + "enum": [ + "CIS", + "COS", + "COSConfig", + "DNSServices", + "GlobalCatalog", + "GlobalSearch", + "GlobalTagging", + "HyperProtect", + "IAM", + "KeyProtect", + "Power", + "ResourceController", + "ResourceManager", + "VPC" + ], + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", + "format": "uri", + "pattern": "^https://", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "name", + "url" + ], "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "infraAffinity": { - "description": "InfraAffinity is an optional affinity selector that will be added to webhook, metrics & console-plugin Deployment manifests.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This\nvalue controls whether infrastructure automation such as service load\nbalancers, dynamic volume provisioning, machine creation and deletion, and\nother integrations are enabled. If None, no infrastructure automation is\nenabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\",\n\"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\",\n\"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms,\nand must handle unrecognized platforms as None if they do not support that platform.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string" + }, + "vsphere": { + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.apiServerInternalIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] + }, + "failureDomains": { + "description": "failureDomains contains the definition of region, zone and the vCenter topology.\nIf this is omitted failure domains (regions and zones) will not be used.", + "items": { + "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "properties": { + "name": { + "description": "name defines the arbitrary but unique name\nof a failure domain.", + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "region": { + "description": "region defines the name of a region tag that will\nbe attached to a vCenter datacenter. The tag\ncategory in vCenter must be named openshift-region.", + "maxLength": 80, + "minLength": 1, + "type": "string" + }, + "regionAffinity": { + "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster.\nWhen set to Datacenter, this means the region is a vCenter Datacenter as defined in topology.\nWhen set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", + "properties": { + "type": { + "description": "type determines the vSphere object type for a region within this failure domain.\nAvailable types are Datacenter and ComputeCluster.\nWhen set to Datacenter, this means the vCenter Datacenter defined is the region.\nWhen set to ComputeCluster, this means the vCenter cluster defined is the region.", + "enum": [ + "ComputeCluster", + "Datacenter" + ], + "type": "string" + } }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "required": [ + "type" + ], + "type": "object" + }, + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "maxLength": 255, + "minLength": 1, + "type": "string" + }, + "topology": { + "description": "topology describes a given failure domain using vSphere constructs", + "properties": { + "computeCluster": { + "description": "computeCluster the absolute path of the vCenter cluster\nin which virtual machine will be located.\nThe absolute path is of the form //host/.\nThe maximum length of the path is 2048 characters.", + "maxLength": 2048, + "pattern": "^/.*?/host/.*?", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "datacenter": { + "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located.\nThe maximum length of the datacenter name is 80 characters.", + "maxLength": 80, "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "datastore": { + "description": "datastore is the absolute path of the datastore in which the\nvirtual machine is located.\nThe absolute path is of the form //datastore/\nThe maximum length of the path is 2048 characters.", + "maxLength": 2048, + "pattern": "^/.*?/datastore/.*?", + "type": "string" + }, + "folder": { + "description": "folder is the absolute path of the folder where\nvirtual machines are located. The absolute path\nis of the form //vm/.\nThe maximum length of the path is 2048 characters.", + "maxLength": 2048, + "pattern": "^/.*?/vm/.*?", + "type": "string" + }, + "networks": { + "description": "networks is the list of port group network names within this failure domain.\nIf feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined.\n10 is the maximum number of virtual network devices which may be attached to a VM as defined by:\nhttps://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`\nNetworks should be in the form of an absolute path:\n//network/.", + "items": { + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resourcePool": { + "description": "resourcePool is the absolute path of the resource pool where virtual machines will be\ncreated. The absolute path is of the form //host//Resources/.\nThe maximum length of the path is 2048 characters.", + "maxLength": 2048, + "pattern": "^/.*?/host/.*?/Resources.*", + "type": "string" + }, + "template": { + "description": "template is the full inventory path of the virtual machine or template\nthat will be cloned when creating new machines in this failure domain.\nThe maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane\nmachineset operator based on the region and zone defined in\nVSpherePlatformFailureDomainSpec.\nFor example, for zone=zonea, region=region1, and infrastructure name=test,\nthe template path would be calculated as //vm/test-rhcos-region1-zonea.", + "maxLength": 2048, + "minLength": 1, + "pattern": "^/.*?/vm/.*?", + "type": "string" + } + }, + "required": [ + "computeCluster", + "datacenter", + "datastore", + "networks" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "zone": { + "description": "zone defines the name of a zone tag that will\nbe attached to a vCenter cluster. The tag\ncategory in vCenter must be named openshift-zone.", + "maxLength": 80, + "minLength": 1, + "type": "string" + }, + "zoneAffinity": { + "description": "zoneAffinity holds the type of the zone and the hostGroup which\nvmGroup and the hostGroup names in vCenter corresponds to\na vm-host group of type Virtual Machine and Host respectively. Is also\ncontains the vmHostRule which is an affinity vm-host rule in vCenter.", + "properties": { + "hostGroup": { + "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter\ncorresponds to a vm-host group of type Virtual Machine and Host respectively. Is also\ncontains the vmHostRule which is an affinity vm-host rule in vCenter.", + "properties": { + "hostGroup": { + "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain.\nhostGroup is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", + "maxLength": 80, + "minLength": 1, + "type": "string" + }, + "vmGroup": { + "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain.\nvmGroup is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", + "maxLength": 80, + "minLength": 1, + "type": "string" + }, + "vmHostRule": { + "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain.\nvmHostRule is limited to 80 characters.\nThis field is required when the VSphereFailureDomain ZoneType is HostGroup", + "maxLength": 80, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "hostGroup", + "vmGroup", + "vmHostRule" + ], + "type": "object" + }, + "type": { + "description": "type determines the vSphere object type for a zone within this failure domain.\nAvailable types are ComputeCluster and HostGroup.\nWhen set to ComputeCluster, this means the vCenter cluster defined is the zone.\nWhen set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and\nthis means the zone is defined by the grouping of those fields.", + "enum": [ + "HostGroup", + "ComputeCluster" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "hostGroup is required when type is HostGroup, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'HostGroup' ? has(self.hostGroup) : !has(self.hostGroup)" + } + ] + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "required": [ + "name", + "region", + "server", + "topology", + "zone" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names.\nIn dual stack clusters this list contains two IP addresses, one from IPv4\nfamily and one from IPv6.\nIn single stack clusters a single IP address is expected.\nWhen omitted, values from the status.ingressIPs will be used.\nOnce set, the list cannot be completely removed (but its second entry can).", + "items": { + "description": "IP is an IP address (for example, \"10.0.0.0\" or \"fd00::\").", + "maxLength": 39, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid IP address", + "rule": "isIP(self)" + } + ] + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true" + } + ] + }, + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster\nnodes. Each network is provided in the CIDR format and should be IPv4 or IPv6,\nfor example \"10.0.0.0/8\" or \"fd00::/8\".", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + }, + "nodeNetworking": { + "description": "nodeNetworking contains the definition of internal and external network constraints for\nassigning the node's networking.\nIf this field is omitted, networking defaults to the legacy\naddress selection behavior which is to only support a single address and\nreturn the first one found.", + "properties": { + "external": { + "description": "external represents the network configuration of the node that is externally routable.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" + "excludeNetworkSubnetCidr": { + "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting\nthe IP address from the VirtualMachine's VM for use in the status.addresses fields.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "network": { + "description": "network VirtualMachine's VM Network names that will be used to when searching\nfor status.addresses fields. Note that if internal.networkSubnetCIDR and\nexternal.networkSubnetCIDR are not set, then the vNIC associated to this network must\nonly have a single IP address assigned to it.\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "networkSubnetCidr": { + "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs\nthat will be used in respective status.addresses fields.", "items": { "type": "string" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "internal": { + "description": "internal represents the network configuration of the node that is routable only within the cluster.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" + "excludeNetworkSubnetCidr": { + "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting\nthe IP address from the VirtualMachine's VM for use in the status.addresses fields.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "network": { + "description": "network VirtualMachine's VM Network names that will be used to when searching\nfor status.addresses fields. Note that if internal.networkSubnetCIDR and\nexternal.networkSubnetCIDR are not set, then the vNIC associated to this network must\nonly have a single IP address assigned to it.\nThe available networks (port groups) can be listed using\n`govc ls 'network/*'`", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "networkSubnetCidr": { + "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs\nthat will be used in respective status.addresses fields.", "items": { "type": "string" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" } }, - "required": [ - "key", - "operator" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + } + }, + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "vcenters": { + "description": "vcenters holds the connection details for services to communicate with vCenter.\nCurrently, only a single vCenter is supported, but in tech preview 3 vCenters are supported.\nOnce the cluster has been installed, you are unable to change the current number of defined\nvCenters except in the case where the cluster has been upgraded from a version of OpenShift\nwhere the vsphere platform spec was not present. You may make modifications to the existing\nvCenters that are defined in the vcenters list in order to match with any added or modified\nfailure domains.", + "items": { + "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields.\nThis is used by the vSphere CCM.", + "properties": { + "datacenters": { + "description": "The vCenter Datacenters in which the RHCOS\nvm guests are located. This field will\nbe used by the Cloud Controller Manager.\nEach datacenter listed here should be used within\na topology.", + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "port": { + "description": "port is the TCP port that will be used to communicate to\nthe vCenter endpoint.\nWhen omitted, this means the user has no opinion and\nit is up to the platform to choose a sensible default,\nwhich is subject to change over time.", + "format": "int32", + "maximum": 32767, + "minimum": 1, + "type": "integer" + }, + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "maxLength": 255, + "type": "string" + } + }, + "required": [ + "datacenters", + "server" + ], + "type": "object" + }, + "maxItems": 3, + "minItems": 0, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "vcenters cannot be added or removed once set", + "rule": "size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true" + } + ] + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs list is required once set", + "rule": "!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)" + }, + { + "message": "ingressIPs list is required once set", + "rule": "!has(oldSelf.ingressIPs) || has(self.ingressIPs)" + }, + { + "message": "vcenters can have at most 1 item when configured post-install", + "rule": "!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true" + } + ] } }, - "required": [ - "nodeSelectorTerms" - ], "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "vcenters can have at most 1 item when configured post-install", + "rule": "!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true" + } + ] } }, "type": "object" }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "apiServerInternalURI": { + "description": "apiServerInternalURL is a valid URI with scheme 'https',\naddress and optionally a port (defaulting to 443). apiServerInternalURL can be used by components\nlike kubelets, to contact the Kubernetes API server using the\ninfrastructure provider rather than Kubernetes networking.", + "type": "string" + }, + "apiServerURL": { + "description": "apiServerURL is a valid URI with scheme 'https', address and\noptionally a port (defaulting to 443). apiServerURL can be used by components like the web console\nto tell users where to find the Kubernetes API.", + "type": "string" + }, + "controlPlaneTopology": { + "default": "HighlyAvailable", + "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes.\nThe default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster.\nThe 'SingleReplica' mode will be used in single-node deployments\nand the operators should not configure the operand for highly-available operation\nThe 'External' mode indicates that the control plane is hosted externally to the cluster and that\nits components are not visible within the cluster.", + "enum": [ + "HighlyAvailable", + "HighlyAvailableArbiter", + "SingleReplica", + "External" + ], + "type": "string" + }, + "cpuPartitioning": { + "default": "None", + "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster.\nCPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets.\nValid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\".\nThe default value of \"None\" indicates that no nodes will be setup with CPU partitioning.\nThe \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning,\nand can then be further configured via the PerformanceProfile API.", + "enum": [ + "None", + "AllNodes" + ], + "type": "string" + }, + "etcdDiscoveryDomain": { + "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering\netcd servers and clients.\nFor more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery\ndeprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "type": "string" + }, + "infrastructureName": { + "description": "infrastructureName uniquely identifies a cluster with a human friendly name.\nOnce set it should not be changed. Must be of max length 27 and must have only\nalphanumeric or hyphen characters.", + "type": "string" + }, + "infrastructureTopology": { + "default": "HighlyAvailable", + "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control\nplane nodes, usually indicated by a node selector for a `role` value\nother than `master`.\nThe default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster.\nThe 'SingleReplica' mode will be used in single-node deployments\nand the operators should not configure the operand for highly-available operation\nNOTE: External topology mode is not applicable for this field.", + "enum": [ + "HighlyAvailable", + "SingleReplica" + ], + "type": "string" + }, + "platform": { + "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string" + }, + "platformStatus": { + "description": "platformStatus holds status information specific to the underlying\ninfrastructure provider.", + "properties": { + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "properties": { + "region": { + "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "pattern": "^[0-9A-Za-z-]+$", + "type": "string" + }, + "resourceGroupID": { + "description": "resourceGroupID is the ID of the resource group for the cluster.", + "pattern": "^(rg-[0-9A-Za-z]+)?$", + "type": "string" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", + "items": { + "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "key is the key of the tag.", + "maxLength": 128, + "minLength": 1, + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "value": { + "description": "value is the value of the tag.", + "maxLength": 128, + "minLength": 1, + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "key", + "value" + ], + "type": "object" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "region" + ], + "type": "object" + }, + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "properties": { + "region": { + "description": "region holds the default AWS region for new AWS resources created by the cluster.", + "type": "string" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster.\nSee https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources.\nAWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags\navailable for the user.", + "items": { + "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", + "properties": { + "key": { + "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag.\nKey should consist of between 1 and 128 characters, and may\ncontain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "maxLength": 128, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid AWS resource tag key. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'", + "rule": "self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')" + } + ] + }, + "value": { + "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag.\nValue should consist of between 1 and 256 characters, and may\ncontain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.\nSome AWS service do not support empty values. Since tags are added to resources in many services, the\nlength of the tag value must meet the requirements of all services.", + "maxLength": 256, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid AWS resource tag value. The string can contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', '@'", + "rule": "self.matches('^[0-9A-Za-z_.:/=+-@ ]+$')" + } + ] + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "value" + ], + "type": "object" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "maxItems": 25, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default\nservice endpoint of AWS Services.\nThere must be only one ServiceEndpoint for a service.", + "items": { + "description": "AWSServiceEndpoint store the configuration of a custom url to\noverride existing defaults of AWS Services.", + "properties": { + "name": { + "description": "name is the name of the AWS service.\nThe list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html\nThis must be provided and cannot be empty.", + "pattern": "^[a-z0-9-]+$", + "type": "string" + }, + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", + "pattern": "^https://", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "azure": { + "description": "azure contains settings specific to the Azure infrastructure provider.", + "properties": { + "armEndpoint": { + "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", + "type": "string" + }, + "cloudName": { + "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK\nwith the appropriate Azure API endpoints.\nIf empty, the value is equal to `AzurePublicCloud`.", + "enum": [ + "", + "AzurePublicCloud", + "AzureUSGovernmentCloud", + "AzureChinaCloud", + "AzureGermanCloud", + "AzureStackCloud" + ], + "type": "string" + }, + "networkResourceGroupName": { + "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.\nIf empty, the value is same as ResourceGroupName.", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "type": "string" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster.\nSee https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources.\nDue to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags\nmay be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + "items": { + "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key\nmust begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric\ncharacters and the following special characters `_ . -`.", + "maxLength": 128, + "minLength": 1, + "pattern": "^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value\nmust contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", + "maxLength": 256, + "minLength": 1, + "pattern": "^[0-9A-Za-z_.=+-@]+$", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "key", + "value" + ], + "type": "object" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "resourceTags are immutable and may only be configured during installation", + "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "resourceTags may only be configured during installation", + "rule": "!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)" + } + ] + }, + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", + "format": "ip", + "items": { "type": "string" - } + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] }, - "required": [ - "topologyKey" - ], - "type": "object" + "loadBalancer": { + "default": { + "type": "OpenShiftManagedDefault" + }, + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "properties": { + "type": { + "default": "OpenShiftManagedDefault", + "description": "type defines the type of load balancer used by the cluster on BareMetal platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", + "enum": [ + "OpenShiftManagedDefault", + "UserManaged" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "type is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + } + }, + "type": "object" + }, + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + }, + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nBareMetal deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", + "type": "string" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "object" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.", + "type": "string" + }, + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "type": "string" + } + }, + "type": "object" + }, + "external": { + "description": "external contains settings specific to the generic External infrastructure provider.", + "properties": { + "cloudControllerManager": { + "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI).\nWhen omitted, new nodes will be not tainted\nand no extra initialization from the cloud controller manager is expected.", + "properties": { + "state": { + "description": "state determines whether or not an external Cloud Controller Manager is expected to\nbe installed within the cluster.\nhttps://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted.\nWhen set to \"External\", new nodes will be tainted as uninitialized when created,\npreventing them from running workloads until they are initialized by the cloud controller manager.\nWhen omitted or set to \"None\", new nodes will be not tainted\nand no extra initialization from the cloud controller manager is expected.", + "enum": [ + "", + "External", + "None" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "state is immutable once set", + "rule": "self == oldSelf" } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "state may not be added or removed once set", + "rule": "(has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != \"External\")" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "cloudControllerManager may not be added or removed once set", + "rule": "has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)" + } + ] + }, + "gcp": { + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "properties": { + "projectID": { + "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "type": "string" + }, + "region": { + "description": "region holds the region for new GCP resources created for the cluster.", + "type": "string" + }, + "resourceLabels": { + "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster.\nSee https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources.\nGCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use,\nallowing 32 labels for user configuration.", + "items": { + "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "properties": { + "key": { + "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty.\nLabel key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters,\nand the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io`\nand `openshift-io`.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z][0-9a-z_-]{0,62}$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "label keys must not start with either `openshift-io` or `kubernetes-io`", + "rule": "!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')" + } + ] }, - "required": [ - "key", - "operator" + "value": { + "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty.\nValue must contain only lowercase letters, numeric characters, and the following special characters `_-`.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[0-9a-z_-]{1,63}$", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "resourceLabels are immutable and may only be configured during installation", + "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" + } + ] + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster.\nSee https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on\ntagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "items": { + "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "properties": { + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty.\nTag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase\nalphanumeric characters, and the following special characters `._-`.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$", + "type": "string" + }, + "parentID": { + "description": "parentID is the ID of the hierarchical resource where the tags are defined,\ne.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages:\nhttps://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id,\nhttps://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects.\nAn OrganizationID must consist of decimal numbers, and cannot have leading zeroes.\nA ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers,\nand hyphens, and must start with a letter, and cannot end with a hyphen.", + "maxLength": 32, + "minLength": 1, + "pattern": "(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)", + "type": "string" + }, + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty.\nTag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase\nalphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\\[\\]{}\\-\\s]{0,61}[a-zA-Z0-9])?$", + "type": "string" + } + }, + "required": [ + "key", + "parentID", + "value" + ], + "type": "object" + }, + "maxItems": 50, + "type": "array", + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "resourceTags are immutable and may only be configured during installation", + "rule": "self.all(x, x in oldSelf) && oldSelf.all(x, x in self)" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "resourceLabels may only be configured during installation", + "rule": "!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)" + }, + { + "message": "resourceTags may only be configured during installation", + "rule": "!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)" + } + ] + }, + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "properties": { + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing\nthe DNS zone for the cluster's base domain", + "type": "string" + }, + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone\nfor the cluster's base domain", + "type": "string" + }, + "location": { + "description": "location is where the cluster has been deployed", + "type": "string" + }, + "providerType": { + "description": "providerType indicates the type of cluster that was created", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", + "type": "string" + }, + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of an IBM service. These endpoints are used by components\nwithin the cluster when trying to reach the IBM Cloud Services that have been\noverriden. The CCCMO reads in the IBMCloudPlatformSpec and validates each\nendpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus\nare updated to reflect the same custom endpoints.", + "items": { + "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of IBM Cloud Services.", + "properties": { + "name": { + "description": "name is the name of the IBM Cloud service.\nPossible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC.\nFor example, the IBM Cloud Private IAM service could be configured with the\nservice `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com`\nWhereas the IBM Cloud Private VPC service for US South (Dallas) could be configured\nwith the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", + "enum": [ + "CIS", + "COS", + "COSConfig", + "DNSServices", + "GlobalCatalog", + "GlobalSearch", + "GlobalTagging", + "HyperProtect", + "IAM", + "KeyProtect", + "ResourceController", + "ResourceManager", + "VPC" + ], + "type": "string" + }, + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty. The path must follow the pattern\n/v[0,9]+ or /api/v[0,9]+", + "maxLength": 300, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "url must be a valid absolute URL", + "rule": "isURL(self)" + } + ] + } + }, + "required": [ + "name", + "url" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.", + "type": "string" + }, + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "type": "string" + } + }, + "type": "object" + }, + "nutanix": { + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "loadBalancer": { + "default": { + "type": "OpenShiftManagedDefault" + }, + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "properties": { + "type": { + "default": "OpenShiftManagedDefault", + "description": "type defines the type of load balancer used by the cluster on Nutanix platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", + "enum": [ + "OpenShiftManagedDefault", + "UserManaged" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "type is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "openstack": { + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "cloudName": { + "description": "cloudName is the name of the desired OpenStack cloud in the\nclient configuration file (`clouds.yaml`).", + "type": "string" + }, + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "loadBalancer": { + "default": { + "type": "OpenShiftManagedDefault" + }, + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "properties": { + "type": { + "default": "OpenShiftManagedDefault", + "description": "type defines the type of load balancer used by the cluster on OpenStack platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", + "enum": [ + "OpenShiftManagedDefault", + "UserManaged" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "type is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nOpenStack deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", + "type": "string" + } }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "type": "object" + }, + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] + }, + "loadBalancer": { + "default": { + "type": "OpenShiftManagedDefault" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "properties": { + "type": { + "default": "OpenShiftManagedDefault", + "description": "type defines the type of load balancer used by the cluster on Ovirt platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", + "enum": [ + "OpenShiftManagedDefault", + "UserManaged" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "type is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + } }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object" + }, + "nodeDNSIP": { + "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", + "type": "string" + } + }, + "type": "object" + }, + "powervs": { + "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", + "properties": { + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing\nthe DNS zone for the cluster's base domain", + "type": "string" + }, + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone\nfor the cluster's base domain", + "type": "string" + }, + "region": { + "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "type": "string" + }, + "resourceGroup": { + "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster.\nThe resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry.\nMore about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs.\nWhen omitted, the image registry operator won't be able to configure storage,\nwhich results in the image registry cluster operator not being in an available state.", + "maxLength": 40, + "pattern": "^[a-zA-Z0-9-_ ]+$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "resourceGroup is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + }, + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default\nservice endpoints of a Power VS service.", + "items": { + "description": "PowervsServiceEndpoint stores the configuration of a custom url to\noverride existing defaults of PowerVS Services.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name is the name of the Power VS service.\nFew of the services are\nIAM - https://cloud.ibm.com/apidocs/iam-identity-token-api\nResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller\nPower Cloud - https://cloud.ibm.com/apidocs/power-cloud", + "enum": [ + "CIS", + "COS", + "COSConfig", + "DNSServices", + "GlobalCatalog", + "GlobalSearch", + "GlobalTagging", + "HyperProtect", + "IAM", + "KeyProtect", + "Power", + "ResourceController", + "ResourceManager", + "VPC" + ], + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated\nendpoint for a client.\nThis must be provided and cannot be empty.", + "format": "uri", + "pattern": "^https://", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "name", + "url" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "topologyKey" - ], - "type": "object" + "zone": { + "description": "zone holds the default zone for the new Power VS resources created by the cluster.\nNote: Currently only single-zone OCP clusters are supported", + "type": "string" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "object", + "x-kubernetes-validations": [ + { + "message": "cannot unset resourceGroup once set", + "rule": "!has(oldSelf.resourceGroup) || has(self.resourceGroup)" + } + ] }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This\nvalue controls whether infrastructure automation such as service load\nbalancers, dynamic volume provisioning, machine creation and deletion, and\nother integrations are enabled. If None, no infrastructure automation is\nenabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\",\n\"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\".\nIndividual components may not support all platforms, and must handle\nunrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`.\nCurrently this value cannot be changed once set.", + "enum": [ + "", + "AWS", + "Azure", + "BareMetal", + "GCP", + "Libvirt", + "OpenStack", + "None", + "VSphere", + "oVirt", + "IBMCloud", + "KubeVirt", + "EquinixMetal", + "PowerVS", + "AlibabaCloud", + "Nutanix", + "External" + ], + "type": "string" + }, + "vsphere": { + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used\nby components inside the cluster, like kubelets using the infrastructure rather\nthan Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI\npoints to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API\nserver that can be used by components inside the cluster, like kubelets\nusing the infrastructure rather than Kubernetes networking. These are the\nIPs for a self-hosted load balancer in front of the API servers. In dual\nstack clusters this list contains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller.\nThe IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress\ncontroller. The IPs are suitable targets of a wildcard DNS record used to\nresolve default route host names. In dual stack clusters this list\ncontains two IPs otherwise only one.", + "format": "ip", + "items": { + "type": "string" + }, + "maxItems": 2, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "ingressIPs must contain at most one IPv4 address and at most one IPv6 address", + "rule": "self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)" + } + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" + "loadBalancer": { + "default": { + "type": "OpenShiftManagedDefault" + }, + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "properties": { + "type": { + "default": "OpenShiftManagedDefault", + "description": "type defines the type of load balancer used by the cluster on VSphere platform\nwhich can be a user-managed or openshift-managed load balancer\nthat is to be used for the OpenShift API and Ingress endpoints.\nWhen set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing\ndefined in the machine config operator will be deployed.\nWhen set to UserManaged these static pods will not be deployed and it is expected that\nthe load balancer is configured out of band by the deployer.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default.\nThe default value is OpenShiftManagedDefault.", + "enum": [ + "OpenShiftManagedDefault", + "UserManaged" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "type is immutable once set", + "rule": "oldSelf == '' || self == oldSelf" + } + ] + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "value must be a valid CIDR network address", + "rule": "isCIDR(self)" + } + ] + }, + "maxItems": 32, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the\nnodes. Unlike the one managed by the DNS operator, `NodeDNSIP`\nprovides name resolution for the nodes themselves. There is no DNS-as-a-service for\nvSphere deployments. In order to minimize necessary changes to the\ndatacenter DNS, a DNS service is hosted as a static pod to serve those hostnames\nto the nodes in the cluster.", + "type": "string" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" } }, "type": "object" } }, - "type": "object" + "required": [ + "spec", + "kind", + "apiVersion" + ], + "type": "object", + "x-kubernetes-embedded-resource": true }, - "infraNodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "InfraNodeSelector is an optional selector that will be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraNodeSelector is specified, the webhook, metrics and the console plugin will run only on nodes that have each\nof the indicated key-value pairs as labels applied to the node.", - "type": "object" + "internalRegistryPullSecret": { + "description": "internalRegistryPullSecret is the pull secret for the internal registry, used by\nrpm-ostree to pull images from the internal registry if present", + "format": "byte", + "nullable": true, + "type": "string" }, - "infraTolerations": { - "description": "InfraTolerations is an optional list of tolerations to be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraTolerations is specified, the webhook, metrics and the console plugin will be able to be scheduled on nodes with\ncorresponding taints", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" + "ipFamilies": { + "description": "ipFamilies indicates the IP families in use by the cluster network", + "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is an optional selector that will be added to handler DaemonSet manifest\nfor both workers and control-plane (https://github.com/nmstate/kubernetes-nmstate/blob/main/deploy/handler/operator.yaml).\nIf NodeSelector is specified, the handler will run only on nodes that have each of the indicated key-value pairs\nas labels applied to the node.", - "type": "object" + "kubeAPIServerServingCAData": { + "description": "kubeAPIServerServingCAData managed Kubelet to API Server Cert... Rotated automatically", + "format": "byte", + "type": "string" }, - "probeConfiguration": { - "default": {}, - "description": "ProbeConfiguration is an optional configuration of NMstate probes testing various functionalities.\nIf ProbeConfiguration is specified, the handler will use the config defined here instead of its default values.", + "network": { + "description": "network contains additional network related information", + "nullable": true, "properties": { - "dns": { - "default": { - "host": "root-servers.net" - }, + "mtuMigration": { + "description": "mtuMigration contains the MTU migration configuration.", + "nullable": true, "properties": { - "host": { - "default": "root-servers.net", - "type": "string" + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink.", + "properties": { + "from": { + "description": "from is the MTU to migrate from.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "to": { + "description": "to is the MTU to migrate to.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "network": { + "description": "network contains MTU migration configuration for the default network.", + "properties": { + "from": { + "description": "from is the MTU to migrate from.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "to": { + "description": "to is the MTU to migrate to.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" } }, - "required": [ - "host" - ], "type": "object" } }, + "required": [ + "mtuMigration" + ], "type": "object" }, - "selfSignConfiguration": { - "description": "SelfSignConfiguration defines self signed certificate configuration", + "networkType": { + "description": "networkType holds the type of network the cluster is using\nXXX: this is temporary and will be dropped as soon as possible in favor of a better support\nto start network related services the proper way.\nNobody is also changing this once the cluster is up and running the first time, so, disallow\nregeneration if this changes.", + "type": "string" + }, + "osImageURL": { + "description": "osImageURL is the old-format container image that contains the OS update payload.", + "type": "string" + }, + "platform": { + "description": "platform is deprecated, use Infra.Status.PlatformStatus.Type instead", + "type": "string" + }, + "proxy": { + "description": "proxy holds the current proxy configuration for the nodes", + "nullable": true, "properties": { - "caOverlapInterval": { - "description": "CAOverlapInterval defines the duration where expired CA certificate\ncan overlap with new one, in order to allow fluent CA rotation transitioning", - "type": "string" - }, - "caRotateInterval": { - "description": "CARotateInterval defines duration for CA expiration", + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests.", "type": "string" }, - "certOverlapInterval": { - "description": "CertOverlapInterval defines the duration where expired service certificate\ncan overlap with new one, in order to allow fluent service rotation transitioning", + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests.", "type": "string" }, - "certRotateInterval": { - "description": "CertRotateInterval defines duration for of service certificate expiration", + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", "type": "string" } }, "type": "object" }, - "tolerations": { - "description": "Tolerations is an optional list of tolerations to be added to handler DaemonSet manifest\nIf Tolerations is specified, the handler daemonset will be also scheduled on nodes with corresponding taints", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } + "pullSecret": { + "description": "pullSecret is the default pull secret that needs to be installed\non all machines.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "NMStateStatus defines the observed state of NMState", - "properties": { - "conditions": { - "items": { - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "nmstate.io", - "kind": "NMState", - "version": "v1beta1" - } - ] - }, - "nmstate.io/v1beta1/NMStateList": { - "description": "NMStateList is a list of NMState", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of nmstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.nmstate.v1beta1.NMState" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "nmstate.io", - "kind": "NMStateList", - "version": "v1beta1" - } - ] - }, - "nmstate.io/v1beta1/NodeNetworkConfigurationEnactment": { - "description": "NodeNetworkConfigurationEnactment is the Schema for the nodenetworkconfigurationenactments API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "status": { - "description": "NodeNetworkConfigurationEnactmentStatus defines the observed state of NodeNetworkConfigurationEnactment", - "properties": { - "capturedStates": { - "additionalProperties": { - "properties": { - "metaInfo": { - "properties": { - "time": { - "format": "date-time", - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "type": "object" + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } }, - "description": "A cache containing the resolved captures after processing the capture at NNCP", - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "releaseImage": { + "description": "releaseImage is the image used when installing the cluster", + "type": "string" }, + "rootCAData": { + "description": "rootCAData specifies the root CA data", + "format": "byte", + "type": "string" + } + }, + "required": [ + "additionalTrustBundle", + "baseOSContainerImage", + "cloudProviderCAData", + "cloudProviderConfig", + "clusterDNSIP", + "dns", + "images", + "infra", + "ipFamilies", + "kubeAPIServerServingCAData", + "network", + "proxy", + "releaseImage", + "rootCAData" + ], + "type": "object" + }, + "status": { + "description": "status contains observed information about the controller config.", + "properties": { "conditions": { + "description": "conditions represents the latest available observations of current state.", "items": { + "description": "ControllerConfigStatusCondition contains condition information for ControllerConfigStatus", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status object.", "format": "date-time", + "nullable": true, "type": "string" }, "message": { + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", "type": "string" }, "reason": { + "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type specifies the state of the operator's reconciliation functionality.", "type": "string" } }, "required": [ + "lastTransitionTime", "status", "type" ], "type": "object" }, - "type": "array" - }, - "desiredState": { - "description": "The desired state rendered for the enactment's node using\nthe policy desiredState as template", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "desiredStateMetaInfo": { - "properties": { - "time": { - "format": "date-time", - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "features": { + "controllerCertificates": { + "description": "controllerCertificates represents the latest available observations of the automatically rotating certificates in the MCO.", "items": { - "type": "string" + "description": "ControllerCertificate contains info about a specific cert.", + "properties": { + "bundleFile": { + "description": "bundleFile is the larger bundle a cert comes from", + "type": "string" + }, + "notAfter": { + "description": "notAfter is the upper boundary for validity", + "format": "date-time", + "type": "string" + }, + "notBefore": { + "description": "notBefore is the lower boundary for validity", + "format": "date-time", + "type": "string" + }, + "signer": { + "description": "signer is the cert Issuer", + "type": "string" + }, + "subject": { + "description": "subject is the cert subject", + "type": "string" + } + }, + "required": [ + "bundleFile", + "signer", + "subject" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "policyGeneration": { - "description": "The generation from policy needed to check if an enactment\ncondition status belongs to the same policy version", + "observedGeneration": { + "description": "observedGeneration represents the generation observed by the controller.", "format": "int64", "type": "integer" } @@ -223500,18 +137208,20 @@ "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationEnactment", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "ControllerConfig", + "version": "v1" } ] }, - "nmstate.io/v1beta1/NodeNetworkConfigurationEnactmentList": { - "description": "NodeNetworkConfigurationEnactmentList is a list of NodeNetworkConfigurationEnactment", + "machineconfiguration.openshift.io/v1/ControllerConfigList": { + "description": "ControllerConfigList is a list of ControllerConfig", "namespaced": true, "properties": { "apiVersion": { @@ -223519,9 +137229,9 @@ "type": "string" }, "items": { - "description": "List of nodenetworkconfigurationenactments. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of controllerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkConfigurationEnactment" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.ControllerConfig" }, "type": "array" }, @@ -223544,14 +137254,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationEnactmentList", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "ControllerConfigList", + "version": "v1" } ] }, - "nmstate.io/v1beta1/NodeNetworkConfigurationPolicy": { - "description": "NodeNetworkConfigurationPolicy is the Schema for the nodenetworkconfigurationpolicies API", + "machineconfiguration.openshift.io/v1/KubeletConfig": { + "description": "KubeletConfig describes a customized Kubelet configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -223571,102 +137281,182 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "NodeNetworkConfigurationPolicySpec defines the desired state of NodeNetworkConfigurationPolicy", + "description": "spec contains the desired kubelet configuration.", "properties": { - "capture": { - "additionalProperties": { - "type": "string" - }, - "description": "Capture contains expressions with an associated name than can be referenced\nat the DesiredState.", - "type": "object" + "autoSizingReserved": { + "type": "boolean" }, - "desiredState": { - "description": "The desired configuration of the policy", + "kubeletConfig": { + "description": "kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by\nOpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from\nupstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes\nfor the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" + "logLevel": { + "format": "int32", + "type": "integer" + }, + "machineConfigPoolSelector": { + "description": "machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to.\nA nil selector will result in no pools being selected.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "description": "MaxUnavailable specifies percentage or number\nof machines that can be updating at a time. Default is \"50%\".", - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" + "tlsSecurityProfile": { + "description": "If unset, the default is based on the apiservers.config.openshift.io/cluster resource.\nNote that only Old and Intermediate profiles are currently supported, and\nthe maximum available minTLSVersion is VersionTLS12.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" + } }, - "description": "NodeSelector is a selector which must be true for the policy to be applied to the node.\nSelector which must match a node's labels for the policy to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object" } }, "type": "object" }, "status": { - "description": "NodeNetworkConfigurationPolicyStatus defines the observed state of NodeNetworkConfigurationPolicy", + "description": "status contains observed information about the kubelet configuration.", "properties": { "conditions": { + "description": "conditions represents the latest available observations of current state.", "items": { + "description": "KubeletConfigCondition defines the state of the KubeletConfig", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status object.", "format": "date-time", + "nullable": true, "type": "string" }, "message": { + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans.", "type": "string" }, "reason": { + "description": "reason is the reason for the condition's last transition. Reasons are PascalCase", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type specifies the state of the operator's reconciliation functionality.", "type": "string" } }, - "required": [ - "status", - "type" - ], "type": "object" }, "type": "array" }, - "lastUnavailableNodeCountUpdate": { - "description": "LastUnavailableNodeCountUpdate is time of the last UnavailableNodeCount update", - "format": "date-time", - "type": "string" - }, - "unavailableNodeCount": { - "description": "UnavailableNodeCount represents the total number of potentially unavailable nodes that are\nprocessing a NodeNetworkConfigurationPolicy", + "observedGeneration": { + "description": "observedGeneration represents the generation observed by the controller.", + "format": "int64", "type": "integer" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationPolicy", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "KubeletConfig", + "version": "v1" } ] }, - "nmstate.io/v1beta1/NodeNetworkConfigurationPolicyList": { - "description": "NodeNetworkConfigurationPolicyList is a list of NodeNetworkConfigurationPolicy", + "machineconfiguration.openshift.io/v1/KubeletConfigList": { + "description": "KubeletConfigList is a list of KubeletConfig", "namespaced": true, "properties": { "apiVersion": { @@ -223674,9 +137464,9 @@ "type": "string" }, "items": { - "description": "List of nodenetworkconfigurationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of kubeletconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkConfigurationPolicy" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.KubeletConfig" }, "type": "array" }, @@ -223699,14 +137489,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkConfigurationPolicyList", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "KubeletConfigList", + "version": "v1" } ] }, - "nmstate.io/v1beta1/NodeNetworkState": { - "description": "NodeNetworkState is the Schema for the nodenetworkstates API", + "machineconfiguration.openshift.io/v1/MachineConfig": { + "description": "MachineConfig defines the configuration for a machine\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -223725,56 +137515,45 @@ ], "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "status": { - "description": "NodeNetworkStateStatus is the status of the NodeNetworkState of a specific node", + "spec": { + "description": "MachineConfigSpec is the spec for MachineConfig", "properties": { - "conditions": { - "items": { - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "baseOSExtensionsContainerImage": { + "description": "baseOSExtensionsContainerImage specifies the remote location that will be used\nto fetch the extensions container matching a new-format OS image", + "type": "string" }, - "currentState": { + "config": { + "description": "config is a Ignition Config object.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, - "handlerNetworkManagerVersion": { - "type": "string" + "extensions": { + "description": "extensions contains a list of additional features that can be enabled on host", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "handlerNmstateVersion": { - "type": "string" + "fips": { + "description": "fips controls FIPS mode", + "type": "boolean" }, - "hostNetworkManagerVersion": { + "kernelArguments": { + "description": "kernelArguments contains a list of kernel arguments to be added", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "kernelType": { + "description": "kernelType contains which kernel we want to be running like default\n(traditional), realtime, 64k-pages (aarch64 only).", "type": "string" }, - "lastSuccessfulUpdateTime": { - "format": "date-time", + "osImageURL": { + "description": "osImageURL specifies the remote location that will be used to\nfetch the OS.", "type": "string" } }, @@ -223785,14 +137564,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkState", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfig", + "version": "v1" } ] }, - "nmstate.io/v1beta1/NodeNetworkStateList": { - "description": "NodeNetworkStateList is a list of NodeNetworkState", + "machineconfiguration.openshift.io/v1/MachineConfigList": { + "description": "MachineConfigList is a list of MachineConfig", "namespaced": true, "properties": { "apiVersion": { @@ -223800,9 +137579,9 @@ "type": "string" }, "items": { - "description": "List of nodenetworkstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of machineconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkState" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfig" }, "type": "array" }, @@ -223825,25 +137604,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "nmstate.io", - "kind": "NodeNetworkStateList", - "version": "v1beta1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfigList", + "version": "v1" } ] }, - "node.k8s.io/v1/RuntimeClass": { - "description": "RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod. For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/", + "machineconfiguration.openshift.io/v1/MachineConfigNode": { + "description": "MachineConfigNode describes the health of the Machines on the system\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "handler": { - "default": "", - "description": "handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called \"runc\" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -223854,40 +137628,287 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "overhead": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.node.v1.Overhead" + "spec": { + "description": "spec describes the configuration of the machine config node.", + "properties": { + "configVersion": { + "description": "configVersion holds the desired config version for the node targeted by this machine config node resource.\nThe desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates\nthe new machine config against the current machine config.", + "properties": { + "desired": { + "description": "desired is the name of the machine config that the the node should be upgraded to.\nThis value is set when the machine config pool generates a new version of its rendered configuration.\nWhen this value is changed, the machine config daemon starts the node upgrade process.\nThis value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "desired" + ], + "type": "object" + }, + "node": { + "description": "node contains a reference to the node for this machine config node.", + "properties": { + "name": { + "description": "name is the name of the object being referenced. For example, this can represent a machine\nconfig pool or node name.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "pool": { + "description": "pool contains a reference to the machine config pool that this machine config node's\nreferenced node belongs to.", + "properties": { + "name": { + "description": "name is the name of the object being referenced. For example, this can represent a machine\nconfig pool or node name.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "name" + ], + "type": "object" } + }, + "required": [ + "configVersion", + "node", + "pool" ], - "description": "overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see\n https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/" + "type": "object" }, - "scheduling": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.node.v1.Scheduling" + "status": { + "description": "status describes the last observed state of this machine config node.", + "properties": { + "conditions": { + "description": "conditions represent the observations of a machine config node's current state. Valid types are:\nUpdatePrepared, UpdateExecuted, UpdatePostActionComplete, UpdateComplete, Updated, Resumed,\nDrained, AppliedFilesAndOS, Cordoned, Uncordoned, RebootedNode, NodeDegraded, PinnedImageSetsProgressing,\nand PinnedImageSetsDegraded.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "configVersion": { + "description": "configVersion describes the current and desired machine config version for this node.", + "properties": { + "current": { + "description": "current is the name of the machine config currently in use on the node.\nThis value is updated once the machine config daemon has completed the update of the configuration for the node.\nThis value should match the desired version unless an upgrade is in progress.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + }, + "desired": { + "description": "desired is the MachineConfig the node wants to upgrade to.\nThis value gets set in the machine config node status once the machine config has been validated\nagainst the current machine config.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "desired" + ], + "type": "object" + }, + "observedGeneration": { + "description": "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller.\nThis field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", + "format": "int64", + "minimum": 1, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "observedGeneration must not decrease", + "rule": "self >= oldSelf" + } + ] + }, + "pinnedImageSets": { + "description": "pinnedImageSets describes the current and desired pinned image sets for this node.", + "items": { + "description": "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", + "properties": { + "currentGeneration": { + "description": "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", + "format": "int32", + "minimum": 1, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "currentGeneration must not decrease", + "rule": "self >= oldSelf" + } + ] + }, + "desiredGeneration": { + "description": "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", + "format": "int32", + "minimum": 1, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "desiredGeneration must not decrease", + "rule": "self >= oldSelf" + } + ] + }, + "lastFailedGeneration": { + "description": "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", + "format": "int32", + "minimum": 1, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "lastFailedGeneration must not decrease", + "rule": "self >= oldSelf" + } + ] + }, + "lastFailedGenerationError": { + "description": "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned.\nThe error is an empty string if the image pull and pin is successful.", + "maxLength": 32768, + "type": "string" + }, + "name": { + "description": "name is the name of the pinned image set.\nMust be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting\nof only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end\nwith an alphanumeric character, and be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "name" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "desired generation must be greater than or equal to the current generation", + "rule": "has(self.desiredGeneration) && has(self.currentGeneration) ? self.desiredGeneration >= self.currentGeneration : true" + }, + { + "message": "desired generation must be greater than or equal to the last failed generation", + "rule": "has(self.lastFailedGeneration) && has(self.desiredGeneration) ? self.desiredGeneration >= self.lastFailedGeneration : true" + }, + { + "message": "last failed generation error must be defined on image pull and pin failure", + "rule": "has(self.lastFailedGeneration) ? has(self.lastFailedGenerationError) : true" + } + ] + }, + "maxItems": 100, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } - ], - "description": "scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes." + }, + "type": "object" } }, "required": [ - "handler" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "node.k8s.io", - "kind": "RuntimeClass", + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfigNode", "version": "v1" } ] }, - "node.k8s.io/v1/RuntimeClassList": { - "description": "RuntimeClassList is a list of RuntimeClass objects.", + "machineconfiguration.openshift.io/v1/MachineConfigNodeList": { + "description": "MachineConfigNodeList is a list of MachineConfigNode", "namespaced": true, "properties": { "apiVersion": { @@ -223895,14 +137916,9 @@ "type": "string" }, "items": { - "description": "items is a list of schema objects.", + "description": "List of machineconfignodes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.node.v1.RuntimeClass" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfigNode" }, "type": "array" }, @@ -223916,8 +137932,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -223926,15 +137941,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "node.k8s.io", - "kind": "RuntimeClassList", + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfigNodeList", "version": "v1" } ] }, - "noobaa.io/v1alpha1/BackingStore": { - "description": "BackingStore is the Schema for the backingstores API", - "namespaced": true, + "machineconfiguration.openshift.io/v1/MachineConfigPool": { + "description": "MachineConfigPool describes a pool of MachineConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -223953,373 +137968,496 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the noobaa BackingStore.", + "description": "spec contains the desired machine config pool configuration.", "properties": { - "awsS3": { - "description": "AWSS3Spec specifies a backing store of type aws-s3", + "configuration": { + "description": "The targeted MachineConfig object for the machine config pool.", "properties": { - "awsSTSRoleARN": { - "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", + "apiVersion": { + "description": "API version of the referent.", "type": "string" }, - "region": { - "description": "Region is the AWS region", + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", "type": "string" }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslDisabled": { - "description": "SSLDisabled allows to disable SSL and use plain http", - "type": "boolean" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "required": [ - "targetBucket" - ], - "type": "object" - }, - "azureBlob": { - "description": "AzureBlob specifies a backing store of type azure-blob", - "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" }, - "targetBlobContainer": { - "description": "TargetBlobContainer is the name of the target Azure Blob container", + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - } - }, - "required": [ - "secret", - "targetBlobContainer" - ], - "type": "object" - }, - "googleCloudStorage": { - "description": "GoogleCloudStorage specifies a backing store of type google-cloud-storage", - "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" - } - }, - "required": [ - "secret", - "targetBucket" - ], - "type": "object" - }, - "ibmCos": { - "description": "IBMCos specifies a backing store of type ibm-cos", - "properties": { - "endpoint": { - "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" + "source": { + "description": "source is the list of MachineConfig objects that were used to generate the single MachineConfig object specified in `content`.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "targetBucket": { - "description": "TargetBucket is the name of the target IBM COS bucket", + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "required": [ - "endpoint", - "secret", - "targetBucket" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "pvPool": { - "description": "PVPool specifies a backing store of type pv-pool", + "machineConfigSelector": { + "description": "machineConfigSelector specifies a label selector for MachineConfigs.\nRefer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work.", "properties": { - "numVolumes": { - "description": "NumVolumes is the number of volumes to allocate", - "type": "integer" - }, - "resources": { - "description": "VolumeResources represents the minimum resources each volume should have.", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secret": { - "description": "Secret refers to a secret that provides the agent configuration\nThe secret should define AGENT_CONFIG containing agent_configuration from noobaa-core.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" }, - "storageClass": { - "description": "StorageClass is the name of the storage class to use for the PV's", + { "type": "string" } - }, - "required": [ - "numVolumes" ], - "type": "object" + "description": "maxUnavailable defines either an integer number or percentage\nof nodes in the pool that can go Unavailable during an update.\nThis includes nodes Unavailable for any reason, including user\ninitiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during\nthe update, which may affect your workload stress on the remaining nodes.\nYou cannot set this value to 0 to stop updates (it will default back to 1);\nto stop updates, use the 'paused' property instead. Drain will respect\nPod Disruption Budgets (PDBs) such as etcd quorum guards, even if\nmaxUnavailable is greater than one.", + "x-kubernetes-int-or-string": true }, - "s3Compatible": { - "description": "S3Compatible specifies a backing store of type s3-compatible", + "nodeSelector": { + "description": "nodeSelector specifies a label selector for Machines", "properties": { - "endpoint": { - "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", - "type": "string" - }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "endpoint", - "secret", - "targetBucket" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": { - "description": "Type is an enum of supported types", - "type": "string" + "paused": { + "description": "paused specifies whether or not changes to this machine config pool should be stopped.\nThis includes generating new desiredMachineConfig and update of machines.", + "type": "boolean" + }, + "pinnedImageSets": { + "description": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the\npool. Nodes within this pool will preload and pin images defined in the\nPinnedImageSet. Before pulling images the MachineConfigDaemon will ensure\nthe total uncompressed size of all the images does not exceed available\nresources. If the total size of the images exceeds the available\nresources the controller will report a Degraded status to the\nMachineConfigPool and not attempt to pull any images. Also to help ensure\nthe kubelet can mitigate storage risk, the pinned_image configuration and\nsubsequent service reload will happen only after all of the images have\nbeen pulled for each set. Images from multiple PinnedImageSets are loaded\nand pinned sequentially as listed. Duplicate and existing images will be\nskipped.\n\nAny failure to prefetch or pin images will result in a Degraded pool.\nResolving these failures is the responsibility of the user. The admin\nshould be proactive in ensuring adequate storage and proper image\nauthentication exists in advance.", + "items": { + "properties": { + "name": { + "description": "name is a reference to the name of a PinnedImageSet. Must adhere to\nRFC-1123 (https://tools.ietf.org/html/rfc1123).\nMade up of one of more period-separated (.) segments, where each segment\nconsists of alphanumeric characters and hyphens (-), must begin and end\nwith an alphanumeric character, and is at most 63 characters in length.\nThe total length of the name must not exceed 253 characters.", + "maxLength": 253, + "minLength": 1, + "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } }, - "required": [ - "type" - ], "type": "object" }, "status": { - "description": "Most recently observed status of the noobaa BackingStore.", + "description": "status contains observed information about the machine config pool.", "properties": { - "conditions": { - "description": "Conditions is a list of conditions related to operator reconciliation", + "certExpirys": { + "description": "certExpirys keeps track of important certificate expiration data", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "ceryExpiry contains the bundle name and the expiry date", "properties": { - "lastHeartbeatTime": { + "bundle": { + "description": "bundle is the name of the bundle in which the subject certificate resides", + "type": "string" + }, + "expiry": { + "description": "expiry is the date after which the certificate will no longer be valid", "format": "date-time", "type": "string" }, + "subject": { + "description": "subject is the subject of the certificate", + "type": "string" + } + }, + "required": [ + "bundle", + "subject" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "conditions": { + "description": "conditions represents the latest available observations of current state.", + "items": { + "description": "MachineConfigPoolCondition contains condition information for an MachineConfigPool.", + "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the timestamp corresponding to the last status\nchange of this condition.", "format": "date-time", + "nullable": true, "type": "string" }, "message": { + "description": "message is a human readable description of the details of the last\ntransition, complementing reason.", "type": "string" }, "reason": { + "description": "reason is a brief machine readable explanation for the condition's last\ntransition.", "type": "string" }, "status": { + "description": "status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of the condition, currently ('Done', 'Updating', 'Failed').", "type": "string" } }, - "required": [ - "status", - "type" - ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "mode": { - "description": "Mode specifies the updating mode of a BackingStore", + "configuration": { + "description": "configuration represents the current MachineConfig object for the machine config pool.", "properties": { - "modeCode": { - "description": "ModeCode specifies the updated mode of backingstore", + "apiVersion": { + "description": "API version of the referent.", "type": "string" }, - "timeStamp": { - "description": "TimeStamp specifies the update time of backingstore new mode", + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "source": { + "description": "source is the list of MachineConfig objects that were used to generate the single MachineConfig object specified in `content`.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "phase": { - "description": "Phase is a simple, high-level summary of where the backing store is in its lifecycle", - "type": "string" + "degradedMachineCount": { + "description": "degradedMachineCount represents the total number of machines marked degraded (or unreconcilable).\nA node is marked degraded if applying a configuration failed..", + "format": "int32", + "type": "integer" }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects related to this operator.", + "machineCount": { + "description": "machineCount represents the total number of machines in the machine config pool.", + "format": "int32", + "type": "integer" + }, + "observedGeneration": { + "description": "observedGeneration represents the generation observed by the controller.", + "format": "int64", + "type": "integer" + }, + "poolSynchronizersStatus": { + "description": "poolSynchronizersStatus is the status of the machines managed by the pool synchronizers.", "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" + "availableMachineCount": { + "description": "availableMachineCount is the number of machines managed by the node synchronizer which are available.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" + "machineCount": { + "description": "machineCount is the number of machines that are managed by the node synchronizer.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change that has been applied.", + "format": "int64", + "minimum": 0, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "observedGeneration must not move backwards except to zero", + "rule": "self >= oldSelf || (self == 0 && oldSelf > 0)" + } + ] }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "poolSynchronizerType": { + "description": "poolSynchronizerType describes the type of the pool synchronizer.", + "enum": [ + "PinnedImageSets" + ], + "maxLength": 256, "type": "string" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" + "readyMachineCount": { + "description": "readyMachineCount is the number of machines managed by the node synchronizer that are in a ready state.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "unavailableMachineCount": { + "description": "unavailableMachineCount is the number of machines managed by the node synchronizer but are unavailable.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "updatedMachineCount": { + "description": "updatedMachineCount is the number of machines that have been updated by the node synchronizer.", + "format": "int64", + "minimum": 0, + "type": "integer" } }, + "required": [ + "availableMachineCount", + "machineCount", + "poolSynchronizerType", + "readyMachineCount", + "unavailableMachineCount", + "updatedMachineCount" + ], "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "machineCount must be greater than or equal to updatedMachineCount", + "rule": "self.machineCount >= self.updatedMachineCount" + }, + { + "message": "machineCount must be greater than or equal to availableMachineCount", + "rule": "self.machineCount >= self.availableMachineCount" + }, + { + "message": "machineCount must be greater than or equal to unavailableMachineCount", + "rule": "self.machineCount >= self.unavailableMachineCount" + }, + { + "message": "machineCount must be greater than or equal to readyMachineCount", + "rule": "self.machineCount >= self.readyMachineCount" + }, + { + "message": "availableMachineCount must be greater than or equal to readyMachineCount", + "rule": "self.availableMachineCount >= self.readyMachineCount" + } + ] }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "poolSynchronizerType" + ], + "x-kubernetes-list-type": "map" + }, + "readyMachineCount": { + "description": "readyMachineCount represents the total number of ready machines targeted by the pool.", + "format": "int32", + "type": "integer" + }, + "unavailableMachineCount": { + "description": "unavailableMachineCount represents the total number of unavailable (non-ready) machines targeted by the pool.\nA node is marked unavailable if it is in updating state or NodeReady condition is false.", + "format": "int32", + "type": "integer" + }, + "updatedMachineCount": { + "description": "updatedMachineCount represents the total number of machines targeted by the pool that have the CurrentMachineConfig as their config.", + "format": "int32", + "type": "integer" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "BackingStore", - "version": "v1alpha1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfigPool", + "version": "v1" } ] }, - "noobaa.io/v1alpha1/BackingStoreList": { - "description": "BackingStoreList is a list of BackingStore", + "machineconfiguration.openshift.io/v1/MachineConfigPoolList": { + "description": "MachineConfigPoolList is a list of MachineConfigPool", "namespaced": true, "properties": { "apiVersion": { @@ -224327,9 +138465,9 @@ "type": "string" }, "items": { - "description": "List of backingstores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of machineconfigpools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.v1alpha1.BackingStore" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineConfigPool" }, "type": "array" }, @@ -224352,15 +138490,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "BackingStoreList", - "version": "v1alpha1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineConfigPoolList", + "version": "v1" } ] }, - "noobaa.io/v1alpha1/BucketClass": { - "description": "BucketClass is the Schema for the bucketclasses API", - "namespaced": true, + "machineconfiguration.openshift.io/v1/MachineOSBuild": { + "description": "MachineOSBuild describes a build process managed and deployed by the MCO\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -224379,222 +138517,360 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the noobaa BucketClass.", + "description": "spec describes the configuration of the machine os build.\nIt is immutable once set.", "properties": { - "namespacePolicy": { - "description": "NamespacePolicy specifies the namespace policy for the bucket class", + "machineConfig": { + "description": "machineConfig points to the rendered MachineConfig resource to be included in this image build.", "properties": { - "cache": { - "description": "Cache is a namespace policy configuration of type Cache", - "properties": { - "caching": { - "description": "Caching is the cache specification for the ns policy", - "properties": { - "prefix": { - "description": "Prefix is prefix of the future cached data", - "type": "string" - }, - "ttl": { - "description": "TTL specifies the cache ttl", - "type": "integer" - } - }, - "type": "object" - }, - "hubResource": { - "description": "HubResource is the read and write resource name to use", - "type": "string" - } - }, - "type": "object" - }, - "multi": { - "description": "Multi is a namespace policy configuration of type Multi", - "properties": { - "readResources": { - "description": "ReadResources is an ordered list of read resources names to use", - "items": { - "type": "string" - }, - "type": "array" - }, - "writeResource": { - "description": "WriteResource is the write resource name to use", - "type": "string" - } - }, - "type": "object" - }, - "single": { - "description": "Single is a namespace policy configuration of type Single", - "properties": { - "resource": { - "description": "Resource is the read and write resource name to use", - "type": "string" + "name": { + "description": "name is the name of the rendered MachineConfig object.\nThis value should be between 10 and 253 characters, and must contain only lowercase\nalphanumeric characters, hyphens and periods, and should start and end with an alphanumeric character.", + "maxLength": 253, + "minLength": 10, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" } - }, - "type": "object" - }, - "type": { - "description": "Type is the namespace policy type", - "type": "string" + ] } }, + "required": [ + "name" + ], "type": "object" }, - "placementPolicy": { - "description": "PlacementPolicy specifies the placement policy for the bucket class", + "machineOSConfig": { + "description": "machineOSConfig references the MachineOSConfig resource that this image build extends.", "properties": { - "tiers": { - "description": "Tiers is an ordered list of tiers to use.\nThe model is a waterfall - push to first tier by default,\nand when no more space spill \"cold\" storage to next tier.", - "items": { - "description": "Tier specifies a storage tier", - "properties": { - "backingStores": { - "description": "BackingStores is an unordered list of backing store names.\nThe meaning of the list depends on the placement.", - "items": { - "type": "string" - }, - "type": "array" - }, - "placement": { - "description": "Placement specifies the type of placement for the tier\nIf empty it should have a single backing store.", - "enum": [ - "Spread", - "Mirror" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": "array" + "name": { + "description": "name of the MachineOSConfig.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", + "maxLength": 253, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] } }, + "required": [ + "name" + ], "type": "object" }, - "quota": { - "description": "Quota specifies the quota configuration for the bucket class", - "properties": { - "maxObjects": { - "description": "limits the max total quantity of objects per bucket", - "type": "string" - }, - "maxSize": { - "description": "limits the max total size of objects per bucket", - "type": "string" + "renderedImagePushSpec": { + "description": "renderedImagePushSpec is set by the Machine Config Operator from the MachineOSConfig object this build is attached to.\nThis field describes the location of the final image, which will be pushed by the build once complete.\nThe format of the image push spec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name:.\nThe length of the push spec must be between 1 to 447 characters.", + "maxLength": 447, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Or it must be a valid .svc followed by a port, repository, image name, and tag.", + "rule": "self.matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_]{1,61})*/[a-zA-Z0-9-_.]+:[a-zA-Z0-9._-]+$') || self.matches('^[^.]+\\\\.[^.]+\\\\.svc:\\\\d+\\\\/[^\\\\/]+\\\\/[^\\\\/]+:[^\\\\/]+$')" } - }, - "type": "object" - }, - "replicationPolicy": { - "description": "ReplicationPolicy specifies a json of replication rules for the bucketclass", - "type": "string" + ] } }, - "type": "object" + "required": [ + "machineConfig", + "machineOSConfig", + "renderedImagePushSpec" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "machineOSBuildSpec is immutable once set", + "rule": "self == oldSelf" + } + ] }, "status": { - "description": "Most recently observed status of the noobaa BackingStore.", + "description": "status describes the last observed state of this machine os build.", "properties": { + "buildEnd": { + "description": "buildEnd is the timestamp corresponding to completion of the builder backend.\nWhen omitted the build has either not been started, or is in progress.\nIt will be populated once the build completes, fails or is interrupted.", + "format": "date-time", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "buildEnd is immutable once set", + "rule": "self == oldSelf" + } + ] + }, + "buildStart": { + "description": "buildStart is the timestamp corresponding to the build controller initiating the build backend for this MachineOSBuild.", + "format": "date-time", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "buildStart is immutable once set", + "rule": "self == oldSelf" + } + ] + }, + "builder": { + "description": "builder describes the image builder backend used for this build.", + "properties": { + "imageBuilderType": { + "description": "imageBuilderType describes the type of image builder used to build this image.\nValid values are Job only.\nWhen set to Job, a pod based builder, using buildah, is launched to build the specified image.", + "type": "string" + }, + "job": { + "description": "job is a reference to the job object that is managing the image build.\nThis is required if the imageBuilderType is Job, and forbidden otherwise.", + "properties": { + "group": { + "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + }, + "name": { + "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", + "maxLength": 253, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + }, + "namespace": { + "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the value must consist of only lowercase alphanumeric characters and hyphens", + "rule": "!format.dns1123Label().validate(self).hasValue()" + } + ] + }, + "resource": { + "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", + "rule": "!format.dns1035Label().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "group", + "name", + "resource" + ], + "type": "object" + } + }, + "required": [ + "imageBuilderType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "job is required when imageBuilderType is Job, and forbidden otherwise", + "rule": "has(self.imageBuilderType) && self.imageBuilderType == 'Job' ? has(self.job) : !has(self.job)" + } + ] + }, "conditions": { - "description": "Conditions is a list of conditions related to operator reconciliation", + "description": "conditions are state related conditions for the build. Valid types are:\nPrepared, Building, Failed, Interrupted, and Succeeded.\nOnce a Build is marked as Failed, Interrupted or Succeeded, no future conditions can be set.", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" - }, - "mode": { - "description": "Mode is a simple, high-level summary of where the System is in its lifecycle", - "type": "string" + "maxItems": 8, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "once a Failed condition is set, conditions are immutable", + "rule": "oldSelf.exists(x, x.type=='Failed' && x.status=='True') ? self==oldSelf : true" + }, + { + "message": "once an Interrupted condition is set, conditions are immutable", + "rule": "oldSelf.exists(x, x.type=='Interrupted' && x.status=='True') ? self==oldSelf : true" + }, + { + "message": "once an Succeeded condition is set, conditions are immutable", + "rule": "oldSelf.exists(x, x.type=='Succeeded' && x.status=='True') ? self==oldSelf : true" + } + ] }, - "phase": { - "description": "Phase is a simple, high-level summary of where the System is in its lifecycle", - "type": "string" + "digestedImagePushSpec": { + "description": "digestedImagePushSpec describes the fully qualified push spec produced by this build.\nThe format of the push spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", + "maxLength": 447, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", + "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" + }, + { + "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", + "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" + } + ] }, "relatedObjects": { - "description": "RelatedObjects is a list of objects related to this operator.", + "description": "relatedObjects is a list of references to ephemeral objects such as ConfigMaps or Secrets that are meant to be consumed while the build process runs.\nAfter a successful build or when this MachineOSBuild is deleted, these ephemeral objects will be removed.\nIn the event of a failed build, the objects will remain until the build is removed to allow for inspection.", "items": { "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "group": { + "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] }, "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", + "maxLength": 253, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] }, "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the value must consist of only lowercase alphanumeric characters and hyphens", + "rule": "!format.dns1123Label().validate(self).hasValue()" + } + ] }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "resource": { + "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", + "rule": "!format.dns1035Label().validate(self).hasValue()" + } + ] } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "group", + "name", + "resource" + ], + "type": "object" }, - "type": "array" + "maxItems": 10, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name", + "resource" + ], + "x-kubernetes-list-type": "map" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "buildEnd must be after buildStart", + "rule": "has(self.buildEnd) ? has(self.buildStart) && timestamp(self.buildStart) < timestamp(self.buildEnd) : true" + } + ] } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "BucketClass", - "version": "v1alpha1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineOSBuild", + "version": "v1" } ] }, - "noobaa.io/v1alpha1/BucketClassList": { - "description": "BucketClassList is a list of BucketClass", + "machineconfiguration.openshift.io/v1/MachineOSBuildList": { + "description": "MachineOSBuildList is a list of MachineOSBuild", "namespaced": true, "properties": { "apiVersion": { @@ -224602,9 +138878,9 @@ "type": "string" }, "items": { - "description": "List of bucketclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of machineosbuilds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.v1alpha1.BucketClass" + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineOSBuild" }, "type": "array" }, @@ -224627,15 +138903,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "BucketClassList", - "version": "v1alpha1" + "group": "machineconfiguration.openshift.io", + "kind": "MachineOSBuildList", + "version": "v1" } ] }, - "noobaa.io/v1alpha1/NamespaceStore": { - "description": "NamespaceStore is the Schema for the namespacestores API", - "namespaced": true, + "machineconfiguration.openshift.io/v1/MachineOSConfig": { + "description": "MachineOSConfig describes the configuration for a build process managed by the MCO\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -224654,2090 +138930,2284 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the noobaa NamespaceStore.", + "description": "spec describes the configuration of the machineosconfig", "properties": { - "accessMode": { - "description": "AccessMode is an enum of supported access modes", - "type": "string" - }, - "awsS3": { - "description": "AWSS3Spec specifies a namespace store of type aws-s3", + "baseImagePullSecret": { + "description": "baseImagePullSecret is the secret used to pull the base image.\nMust live in the openshift-machine-config-operator namespace if provided.\nDefaults to using the cluster-wide pull secret if not specified. This is provided during install time of the cluster, and lives in the openshift-config namespace as a secret.", "properties": { - "awsSTSRoleARN": { - "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", - "type": "string" - }, - "region": { - "description": "Region is the AWS region", - "type": "string" - }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" + "name": { + "description": "name is the name of the secret used to push or pull this MachineOSConfig object.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nThis secret must be in the openshift-machine-config-operator namespace.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslDisabled": { - "description": "SSLDisabled allows to disable SSL and use plain http", - "type": "boolean" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + ] } }, "required": [ - "targetBucket" + "name" ], "type": "object" }, - "azureBlob": { - "description": "AzureBlob specifies a namespace store of type azure-blob", - "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "containerFile": { + "description": "containerFile describes the custom data the user has specified to build into the image.\nThis is also commonly called a Dockerfile and you can treat it as such. The content is the content of your Dockerfile.\nSee https://github.com/containers/common/blob/main/docs/Containerfile.5.md for the spec reference.\nThis is a list indexed by architecture name (e.g. AMD64), and allows specifying one containerFile per arch, up to 4.", + "items": { + "description": "MachineOSContainerfile contains all custom content the user wants built into the image", + "properties": { + "containerfileArch": { + "default": "NoArch", + "description": "containerfileArch describes the architecture this containerfile is to be built for.\nThis arch is optional. If the user does not specify an architecture, it is assumed\nthat the content can be applied to all architectures, or in a single arch cluster: the only architecture.", + "enum": [ + "ARM64", + "AMD64", + "PPC64LE", + "S390X", + "NoArch" + ], + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "content": { + "description": "content is an embedded Containerfile/Dockerfile that defines the contents to be built into your image.\nSee https://github.com/containers/common/blob/main/docs/Containerfile.5.md for the spec reference.\nfor example, this would add the tree package to your hosts:\n FROM configs AS final\n RUN rpm-ostree install tree && \\\n ostree container commit\nThis is a required field and can have a maximum length of **4096** characters.", + "maxLength": 4096, + "type": "string" + } }, - "targetBlobContainer": { - "description": "TargetBlobContainer is the name of the target Azure Blob container", - "type": "string" - } + "required": [ + "content" + ], + "type": "object" }, - "required": [ - "secret", - "targetBlobContainer" + "maxItems": 4, + "minItems": 0, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerfileArch" ], - "type": "object" + "x-kubernetes-list-type": "map" }, - "googleCloudStorage": { - "description": "GoogleCloudStorage specifies a namespace store of type google-cloud-storage", + "imageBuilder": { + "description": "imageBuilder describes which image builder will be used in each build triggered by this MachineOSConfig.\nCurrently supported type(s): Job", "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", + "imageBuilderType": { + "description": "imageBuilderType specifies the backend to be used to build the image.\nValid options are: Job", + "enum": [ + "Job" + ], "type": "string" } }, "required": [ - "secret", - "targetBucket" + "imageBuilderType" ], "type": "object" }, - "ibmCos": { - "description": "IBMCos specifies a namespace store of type ibm-cos", + "machineConfigPool": { + "description": "machineConfigPool is the pool which the build is for.\nThe Machine Config Operator will perform the build and roll out the built image to the specified pool.", "properties": { - "endpoint": { - "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", - "type": "string" - }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" + "name": { + "description": "name of the MachineConfigPool object.\nThis value should be at most 253 characters, and must contain only lowercase\nalphanumeric characters, hyphens and periods, and should start and end with an alphanumeric character.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", - "type": "string" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target IBM COS bucket", - "type": "string" - } - }, - "required": [ - "endpoint", - "secret", - "targetBucket" - ], - "type": "object" - }, - "nsfs": { - "description": "NSFS specifies a namespace store of type nsfs", - "properties": { - "fsBackend": { - "description": "FsBackend is the backend type of the file system", - "enum": [ - "CEPH_FS", - "GPFS", - "NFSv4" - ], - "type": "string" - }, - "pvcName": { - "description": "PvcName is the name of the pvc in which the file system resides", - "type": "string" - }, - "subPath": { - "description": "SubPath is a path to a sub directory in the pvc file system", - "type": "string" + ] } }, "required": [ - "pvcName" + "name" ], "type": "object" }, - "s3Compatible": { - "description": "S3Compatible specifies a namespace store of type s3-compatible", + "renderedImagePushSecret": { + "description": "renderedImagePushSecret is the secret used to connect to a user registry.\nThe final image push and pull secrets should be separate and assume the principal of least privilege.\nThe push secret with write privilege is only required to be present on the node hosting the MachineConfigController pod.\nThe pull secret with read only privileges is required on all nodes.\nBy separating the two secrets, the risk of write credentials becoming compromised is reduced.", "properties": { - "endpoint": { - "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", - "type": "string" - }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" + "name": { + "description": "name is the name of the secret used to push or pull this MachineOSConfig object.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nThis secret must be in the openshift-machine-config-operator namespace.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", - "type": "string" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + ] } }, "required": [ - "endpoint", - "secret", - "targetBucket" + "name" ], "type": "object" }, - "type": { - "description": "Type is an enum of supported types", - "type": "string" + "renderedImagePushSpec": { + "description": "renderedImagePushSpec describes the location of the final image.\nThe MachineOSConfig object will use the in cluster image registry configuration.\nIf you wish to use a mirror or any other settings specific to registries.conf, please specify those in the cluster wide registries.conf via the cluster image.config, ImageContentSourcePolicies, ImageDigestMirrorSet, or ImageTagMirrorSet objects.\nThe format of the image push spec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name:.\nThe length of the push spec must be between 1 to 447 characters.", + "maxLength": 447, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Or it must be a valid .svc followed by a port, repository, image name, and tag.", + "rule": "self.matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_]{1,61})*/[a-zA-Z0-9-_.]+:[a-zA-Z0-9._-]+$') || self.matches('^[^.]+\\\\.[^.]+\\\\.svc:\\\\d+\\\\/[^\\\\/]+\\\\/[^\\\\/]+:[^\\\\/]+$')" + } + ] } }, "required": [ - "type" + "imageBuilder", + "machineConfigPool", + "renderedImagePushSecret", + "renderedImagePushSpec" ], "type": "object" }, "status": { - "description": "Most recently observed status of the noobaa NamespaceStore.", + "description": "status describes the status of the machineosconfig", "properties": { "conditions": { - "description": "Conditions is a list of conditions related to operator reconciliation", + "description": "conditions are state related conditions for the object.", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "mode": { - "description": "Mode specifies the updating mode of a NamespaceStore", + "currentImagePullSpec": { + "description": "currentImagePullSpec is the fully qualified image pull spec used by the MCO to pull down the new OSImage. This includes the sha256 image digest.\nThis is generated when the Machine Config Operator's build controller successfully completes the build, and is populated from the corresponding\nMachineOSBuild object's FinalImagePushSpec. This may change after completion in reaction to spec changes that would cause a new image build,\nbut will not be removed.\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", + "maxLength": 447, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", + "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" + }, + { + "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", + "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" + } + ] + }, + "machineOSBuild": { + "description": "machineOSBuild is a reference to the MachineOSBuild object for this MachineOSConfig, which contains the status for the image build.", "properties": { - "modeCode": { - "description": "ModeCode specifies the updated mode of namespacestore", - "type": "string" + "group": { + "description": "group of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] }, - "timeStamp": { - "description": "TimeStamp specifies the update time of namespacestore new mode", - "type": "string" + "name": { + "description": "name of the referent.\nThe name must contain only lowercase alphanumeric characters, '-' or '.' and start/end with an alphanumeric character.", + "maxLength": 253, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + }, + "namespace": { + "description": "namespace of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start and end with an alphanumeric character.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the value must consist of only lowercase alphanumeric characters and hyphens", + "rule": "!format.dns1123Label().validate(self).hasValue()" + } + ] + }, + "resource": { + "description": "resource of the referent.\nThis value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,\nand should start with an alphabetic character and end with an alphanumeric character.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "maxLength": 63, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character", + "rule": "!format.dns1035Label().validate(self).hasValue()" + } + ] } }, + "required": [ + "group", + "name", + "resource" + ], "type": "object" }, - "phase": { - "description": "Phase is a simple, high-level summary of where the namespace store is in its lifecycle", - "type": "string" - }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects related to this operator.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" + "observedGeneration": { + "description": "observedGeneration represents the generation of the MachineOSConfig object observed by the Machine Config Operator's build controller.", + "format": "int64", + "minimum": 0, + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "observedGeneration must not move backwards", + "rule": "self >= oldSelf" + } + ] } }, "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "noobaa.io", - "kind": "NamespaceStore", - "version": "v1alpha1" - } - ] - }, - "noobaa.io/v1alpha1/NamespaceStoreList": { - "description": "NamespaceStoreList is a list of NamespaceStore", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of namespacestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.v1alpha1.NamespaceStore" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "NamespaceStoreList", - "version": "v1alpha1" - } - ] - }, - "noobaa.io/v1alpha1/NooBaa": { - "description": "NooBaa is the Schema for the NooBaas API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the noobaa system.", - "properties": { - "affinity": { - "description": "Affinity (optional) passed through to noobaa's pods", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "group": "machineconfiguration.openshift.io", + "kind": "MachineOSConfig", + "version": "v1" + } + ] + }, + "machineconfiguration.openshift.io/v1/MachineOSConfigList": { + "description": "MachineOSConfigList is a list of MachineOSConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of machineosconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.MachineOSConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "machineconfiguration.openshift.io", + "kind": "MachineOSConfigList", + "version": "v1" + } + ] + }, + "machineconfiguration.openshift.io/v1/PinnedImageSet": { + "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and\npulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec describes the configuration of this pinned image set.", + "properties": { + "pinnedImages": { + "description": "pinnedImages is a list of OCI Image referenced by digest that should be\npinned and pre-loaded by the nodes of a MachineConfigPool.\nTranslates into a new file inside the /etc/crio/crio.conf.d directory\nwith content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nImage references must be by digest.\nA maximum of 500 images may be specified.", + "items": { + "description": "PinnedImageRef represents a reference to an OCI image", + "properties": { + "name": { + "description": "name is an OCI Image referenced by digest.\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:,\nwhere the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.\nThe length of the whole spec must be between 1 to 447 characters.", + "maxLength": 447, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long", + "rule": "(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" + { + "message": "the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme", + "rule": "(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))" + } + ] + } }, - "topologyKey": { - "description": "TopologyKey (optional) the TopologyKey to pass as the domain for TopologySpreadConstraint and Affinity of noobaa components\nIt is used by the endpoints and the DB pods to control pods distribution between topology domains (host/zone)", - "type": "string" - } + "required": [ + "name" + ], + "type": "object" }, - "type": "object" + "maxItems": 500, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "pinnedImages" + ], + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "machineconfiguration.openshift.io", + "kind": "PinnedImageSet", + "version": "v1" + } + ] + }, + "machineconfiguration.openshift.io/v1/PinnedImageSetList": { + "description": "PinnedImageSetList is a list of PinnedImageSet", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of pinnedimagesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.machineconfiguration.v1.PinnedImageSet" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "machineconfiguration.openshift.io", + "kind": "PinnedImageSetList", + "version": "v1" + } + ] + }, + "metal3.io/v1alpha1/BMCEventSubscription": { + "description": "BMCEventSubscription is the Schema for the fast eventing API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "properties": { + "context": { + "description": "Arbitrary user-provided context for the event", + "type": "string" }, - "annotations": { - "additionalProperties": { - "additionalProperties": { + "destination": { + "description": "A webhook URL to send events to", + "type": "string" + }, + "hostName": { + "description": "A reference to a BareMetalHost", + "type": "string" + }, + "httpHeadersRef": { + "description": "A secret containing HTTP headers which should be passed along to the Destination\nwhen making a request", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, - "description": "Annotations are annotation for a given daemon", - "type": "object" + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } }, - "description": "The annotations-related configuration to add/set on each Pod related object.", - "nullable": true, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "status": { + "properties": { + "error": { + "type": "string" }, - "autoscaler": { - "description": "Configuration related to autoscaling", + "subscriptionID": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "BMCEventSubscription", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/BMCEventSubscriptionList": { + "description": "BMCEventSubscriptionList is a list of BMCEventSubscription", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of bmceventsubscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.BMCEventSubscription" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "BMCEventSubscriptionList", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/BareMetalHost": { + "description": "BareMetalHost is the Schema for the baremetalhosts API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "BareMetalHostSpec defines the desired state of BareMetalHost.", + "properties": { + "architecture": { + "description": "CPU architecture of the host, e.g. \"x86_64\" or \"aarch64\". If unset,\neventually populated by inspection.", + "type": "string" + }, + "automatedCleaningMode": { + "default": "metadata", + "description": "When set to disabled, automated cleaning will be skipped\nduring provisioning and deprovisioning.", + "enum": [ + "metadata", + "disabled" + ], + "type": "string" + }, + "bmc": { + "description": "How do we connect to the BMC (Baseboard Management Controller) on\nthe host?", "properties": { - "autoscalerType": { - "description": "Type of autoscaling (optional) for noobaa-endpoint, hpav2(default) and keda - Prometheus metrics based", - "enum": [ - "hpav2", - "keda" - ], + "address": { + "description": "Address holds the URL for accessing the controller on the network.\nThe scheme part designates the driver to use with the host.", "type": "string" }, - "prometheusNamespace": { - "description": "Prometheus namespace that scrap metrics from noobaa", + "credentialsName": { + "description": "The name of the secret containing the BMC credentials (requires\nkeys \"username\" and \"password\").", "type": "string" + }, + "disableCertificateVerification": { + "description": "DisableCertificateVerification disables verification of server\ncertificates when using HTTPS to connect to the BMC. This is\nrequired when the server certificate is self-signed, but is\ninsecure because it allows a man-in-the-middle to intercept the\nconnection.", + "type": "boolean" } }, + "required": [ + "address", + "credentialsName" + ], "type": "object" }, - "bucketLogging": { - "description": "BucketLogging sets the configuration for bucket logging", + "bootMACAddress": { + "description": "The MAC address of the NIC used for provisioning the host. In case\nof network boot, this is the MAC address of the PXE booting\ninterface. The MAC address of the BMC must never be used here!", + "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", + "type": "string" + }, + "bootMode": { + "description": "Select the method of initializing the hardware during boot.\nDefaults to UEFI. Legacy boot should only be used for hardware that\ndoes not support UEFI correctly. Set to UEFISecureBoot to turn\nsecure boot on automatically after provisioning.", + "enum": [ + "UEFI", + "UEFISecureBoot", + "legacy" + ], + "type": "string" + }, + "consumerRef": { + "description": "ConsumerRef can be used to store information about something\nthat is using a host. When it is not empty, the host is\nconsidered \"in use\". The common use case is a link to a Machine\nresource when the host is used by Cluster API.", "properties": { - "bucketLoggingPVC": { - "description": "BucketLoggingPVC (optional) specifies the name of the Persistent Volume Claim (PVC) to be used\nfor guaranteed logging when the logging type is set to 'guaranteed'. The PVC must support\nReadWriteMany (RWX) access mode to ensure reliable logging.\nFor ODF: If not provided, the default CephFS storage class will be used to create the PVC.", + "apiVersion": { + "description": "API version of the referent.", "type": "string" }, - "loggingType": { - "description": "LoggingType specifies the type of logging for the bucket\nThere are two types available: best-effort and guaranteed logging\n- best-effort(default) - less immune to failures but with better performance\n- guaranteed - much more reliable but need to provide a storage class that supports RWX PVs", + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "customDeploy": { + "description": "A custom deploy procedure. This is an advanced feature that allows\nusing a custom deploy step provided by a site-specific deployment\nramdisk. Most users will want to use \"image\" instead. Setting this\nfield triggers provisioning.", + "properties": { + "method": { + "description": "Custom deploy method name.\nThis name is specific to the deploy ramdisk used. If you don't have\na custom deploy ramdisk, you shouldn't use CustomDeploy.", "type": "string" } }, + "required": [ + "method" + ], "type": "object" }, - "bucketNotifications": { - "description": "BucketNotifications (optional) controls bucket notification options", + "description": { + "description": "Description is a human-entered text used to help identify the host.", + "type": "string" + }, + "disablePowerOff": { + "description": "When set to true, power off of the node will be disabled,\ninstead, a reboot will be used in place of power on/off", + "type": "boolean" + }, + "externallyProvisioned": { + "description": "ExternallyProvisioned means something else has provisioned the\nimage running on the host, and the operator should only manage\nthe power status. This field is used for integration with already\nprovisioned hosts and when pivoting hosts between clusters.\n\nThis field can be set to true either:\n1. During initial host creation (e.g., for pre-provisioned hosts)\n2. After inspection completes when the host reaches Available state\n\nWhen used in environments with Cluster API Provider Metal3 (CAPM3),\nensure hosts are labeled appropriately so CAPM3's host selector can\ndistinguish them from CAPM3-managed hosts. If unsure, leave this\nfield as false.", + "type": "boolean" + }, + "firmware": { + "description": "Firmware (BIOS) configuration for bare metal server. If set, the\nrequested settings will be applied before the host is provisioned.\nOnly some vendor drivers support this field. An alternative is to\nuse HostFirmwareSettings resources that allow changing arbitrary\nvalues and support the generic Redfish-based drivers.", "properties": { - "connections": { - "description": "Connections - A list of secrets' names that are used by the notifications configrations\n(in the TopicArn field).", - "items": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" + "simultaneousMultithreadingEnabled": { + "description": "Allows a single physical processor core to appear as several logical processors.", + "enum": [ + true, + false + ], + "type": "boolean" }, - "enabled": { - "description": "Enabled - whether bucket notifications is enabled", + "sriovEnabled": { + "description": "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.", + "enum": [ + true, + false + ], "type": "boolean" }, - "pvc": { - "description": "PVC (optional) specifies the name of the Persistent Volume Claim (PVC) to be used\nfor holding pending notifications files.\nFor ODF - If not provided, the default CepthFS storage class will be used to create the PVC.", + "virtualizationEnabled": { + "description": "Supports the virtualization of platform hardware.", + "enum": [ + true, + false + ], + "type": "boolean" + } + }, + "type": "object" + }, + "hardwareProfile": { + "description": "What is the name of the hardware profile for this host?\nHardware profiles are deprecated and should not be used.\nUse the separate fields Architecture and RootDeviceHints instead.\nSet to \"empty\" to prepare for the future version of the API\nwithout hardware profiles.", + "type": "string" + }, + "image": { + "description": "Image holds the details of the image to be provisioned. Populating\nthe image will cause the host to start provisioning.", + "properties": { + "checksum": { + "description": "Checksum is the checksum for the image. Required for all formats\nexcept for \"live-iso\".", + "type": "string" + }, + "checksumType": { + "description": "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.\nThe special value \"auto\" can be used to detect the algorithm from the checksum.\nIf missing, MD5 is used. If in doubt, use \"auto\".", + "enum": [ + "md5", + "sha256", + "sha512", + "auto" + ], + "type": "string" + }, + "format": { + "description": "Format contains the format of the image (raw, qcow2, ...).\nWhen set to \"live-iso\", an ISO 9660 image referenced by the url will\nbe live-booted and not deployed to disk.", + "enum": [ + "raw", + "qcow2", + "vdi", + "vmdk", + "live-iso" + ], + "type": "string" + }, + "url": { + "description": "URL is a location of an image to deploy.", "type": "string" } }, "required": [ - "enabled" + "url" ], "type": "object" }, - "cleanupPolicy": { - "description": "CleanupPolicy (optional) Indicates user's policy for deletion", + "metaData": { + "description": "MetaData holds the reference to the Secret containing host metadata\nwhich is passed to the Config Drive. By default, metadata will be\ngenerated for the host, so most users do not need to set this field.", "properties": { - "allowNoobaaDeletion": { - "type": "boolean" + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" }, - "confirmation": { - "description": "CleanupConfirmationProperty is a string that specifies cleanup confirmation", + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "coreResources": { - "description": "CoreResources (optional) overrides the default resource requirements for the server container", + "networkData": { + "description": "NetworkData holds the reference to the Secret containing network\nconfiguration which is passed to the Config Drive and interpreted\nby the first boot software such as cloud-init.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "online": { + "description": "Should the host be powered on? If the host is currently in a stable\nstate (e.g. provisioned), its power state will be forced to match\nthis value.", + "type": "boolean" + }, + "preprovisioningNetworkDataName": { + "description": "PreprovisioningNetworkDataName is the name of the Secret in the\nlocal namespace containing network configuration which is passed to\nthe preprovisioning image, and to the Config Drive if not overridden\nby specifying NetworkData.", + "type": "string" + }, + "raid": { + "description": "RAID configuration for bare metal server. If set, the RAID settings\nwill be applied before the host is provisioned. If not, the current\nsettings will not be modified. Only one of the sub-fields\nhardwareRAIDVolumes and softwareRAIDVolumes can be set at the same\ntime.", + "properties": { + "hardwareRAIDVolumes": { + "description": "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.\nYou can set the value of this field to `[]` to clear all the hardware RAID configurations.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "controller": { + "description": "The name of the RAID controller to use.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "level": { + "description": "RAID level for the logical disk. The following levels are supported:\n0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).", + "enum": [ + "0", + "1", + "2", + "5", + "6", + "1+0", + "5+0", + "6+0" + ], + "type": "string" + }, + "name": { + "description": "Name of the volume. Should be unique within the Node. If not\nspecified, the name will be auto-generated.", + "maxLength": 64, "type": "string" + }, + "numberOfPhysicalDisks": { + "description": "Integer, number of physical disks to use for the logical disk.\nDefaults to minimum number of disks required for the particular RAID\nlevel.", + "minimum": 1, + "type": "integer" + }, + "physicalDisks": { + "description": "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted\nby the hardware RAID controller, and the format is hardware specific.", + "items": { + "type": "string" + }, + "type": "array" + }, + "rotational": { + "description": "Select disks with only rotational (if set to true) or solid-state\n(if set to false) storage. By default, any disks can be picked.", + "type": "boolean" + }, + "sizeGibibytes": { + "description": "Size of the logical disk to be created in GiB. If unspecified or\nset be 0, the maximum capacity of disk will be used for logical\ndisk.", + "minimum": 0, + "type": "integer" } }, "required": [ - "name" + "level" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "nullable": true, + "type": "array" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { + "softwareRAIDVolumes": { + "description": "The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.\nIf HardwareRAIDVolumes is set this item will be invalid.\nThe number of created Software RAID devices must be 1 or 2.\nIf there is only one Software RAID device, it has to be a RAID-1.\nIf there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.\nAs the first RAID device will be the deployment device,\nenforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.\nSoftware RAID will always be deleted.", + "items": { + "description": "SoftwareRAIDVolume defines the desired configuration of volume in software RAID.", + "properties": { + "level": { + "description": "RAID level for the logical disk. The following levels are supported:\n0, 1 and 1+0.", + "enum": [ + "0", + "1", + "1+0" + ], "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" + "physicalDisks": { + "description": "A list of device hints, the number of items should be greater than or equal to 2.", + "items": { + "description": "RootDeviceHints holds the hints for specifying the storage location\nfor the root filesystem for the image.", + "properties": { + "deviceName": { + "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", + "type": "string" + }, + "hctl": { + "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", + "type": "string" + }, + "minSizeGigabytes": { + "description": "The minimum size of the device in Gigabytes.", + "minimum": 0, + "type": "integer" + }, + "model": { + "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", + "type": "string" + }, + "rotational": { + "description": "True if the device should use spinning media, false otherwise.", + "type": "boolean" + }, + "serialNumber": { + "description": "Device serial number. The hint must match the actual value\nexactly.", + "type": "string" + }, + "vendor": { + "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", + "type": "string" + }, + "wwn": { + "description": "Unique storage identifier. The hint must match the actual value\nexactly.", + "type": "string" + }, + "wwnVendorExtension": { + "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", + "type": "string" + }, + "wwnWithExtension": { + "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", + "type": "string" + } + }, + "type": "object" + }, + "minItems": 2, + "type": "array" + }, + "sizeGibibytes": { + "description": "Size of the logical disk to be created in GiB.\nIf unspecified or set be 0, the maximum capacity of disk will be used for logical disk.", + "minimum": 0, + "type": "integer" } + }, + "required": [ + "level" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "maxItems": 2, + "nullable": true, + "type": "array" } }, "type": "object" }, - "dbConf": { - "description": "DBConf (optional) overrides the default postgresql db config", + "rootDeviceHints": { + "description": "Provide guidance about how to choose the device for the image\nbeing provisioned. The default is currently to use /dev/sda as\nthe root device.", + "properties": { + "deviceName": { + "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", + "type": "string" + }, + "hctl": { + "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", + "type": "string" + }, + "minSizeGigabytes": { + "description": "The minimum size of the device in Gigabytes.", + "minimum": 0, + "type": "integer" + }, + "model": { + "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", + "type": "string" + }, + "rotational": { + "description": "True if the device should use spinning media, false otherwise.", + "type": "boolean" + }, + "serialNumber": { + "description": "Device serial number. The hint must match the actual value\nexactly.", + "type": "string" + }, + "vendor": { + "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", + "type": "string" + }, + "wwn": { + "description": "Unique storage identifier. The hint must match the actual value\nexactly.", + "type": "string" + }, + "wwnVendorExtension": { + "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", + "type": "string" + }, + "wwnWithExtension": { + "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", + "type": "string" + } + }, + "type": "object" + }, + "taints": { + "description": "Taints is the full, authoritative list of taints to apply to\nthe corresponding Machine. This list will overwrite any\nmodifications made to the Machine on an ongoing basis.", + "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", + "properties": { + "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string" + }, + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" + } + }, + "required": [ + "effect", + "key" + ], + "type": "object" + }, + "type": "array" + }, + "userData": { + "description": "UserData holds the reference to the Secret containing the user data\nwhich is passed to the Config Drive and interpreted by the\nfirst-boot software such as cloud-init. The format of user data is\nspecific to the first-boot software.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "online" + ], + "type": "object" + }, + "status": { + "description": "BareMetalHostStatus defines the observed state of BareMetalHost.", + "properties": { + "errorCount": { + "default": 0, + "description": "ErrorCount records how many times the host has encoutered an error since the last successful operation", + "type": "integer" + }, + "errorMessage": { + "description": "The last error message reported by the provisioning subsystem.", "type": "string" }, - "dbImage": { - "description": "DBImage (optional) overrides the default image for the db container", + "errorType": { + "description": "ErrorType indicates the type of failure encountered when the\nOperationalStatus is OperationalStatusError", + "enum": [ + "provisioned registration error", + "registration error", + "inspection error", + "preparation error", + "provisioning error", + "power management error", + "servicing error" + ], "type": "string" }, - "dbResources": { - "description": "DBResources (optional) overrides the default resource requirements for the db container", + "goodCredentials": { + "description": "The last credentials we were able to validate as working.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "credentials": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "credentialsVersion": { + "type": "string" + } + }, + "type": "object" + }, + "hardware": { + "description": "The hardware discovered to exist on the host.\nThis field will be removed in the next API version in favour of the\nseparate HardwareData resource.", + "properties": { + "cpu": { + "description": "Details of the CPU(s) in the system.", + "properties": { + "arch": { + "type": "string" + }, + "clockMegahertz": { + "description": "ClockSpeed is a clock speed in MHz", + "format": "double", + "type": "number" + }, + "count": { + "type": "integer" + }, + "flags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "model": { + "type": "string" + } + }, + "type": "object" + }, + "firmware": { + "description": "System firmware information.", + "properties": { + "bios": { + "description": "The BIOS for this firmware", + "properties": { + "date": { + "description": "The release/build date for this BIOS", + "type": "string" + }, + "vendor": { + "description": "The vendor name for this BIOS", + "type": "string" + }, + "version": { + "description": "The version of the BIOS", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "hostname": { + "type": "string" + }, + "nics": { + "description": "List of network interfaces for the host.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "NIC describes one network interface on the host.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "ip": { + "description": "The IP address of the interface. This will be an IPv4 or IPv6 address\nif one is present. If both IPv4 and IPv6 addresses are present in a\ndual-stack environment, two nics will be output, one with each IP.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "mac": { + "description": "The device MAC address", + "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", + "type": "string" + }, + "model": { + "description": "The vendor and product IDs of the NIC, e.g. \"0x8086 0x1572\"", + "type": "string" + }, + "name": { + "description": "The name of the network interface, e.g. \"en0\"", "type": "string" + }, + "pxe": { + "description": "Whether the NIC is PXE Bootable", + "type": "boolean" + }, + "speedGbps": { + "description": "The speed of the device in Gigabits per second", + "type": "integer" + }, + "vlanId": { + "description": "The untagged VLAN ID", + "format": "int32", + "maximum": 4094, + "minimum": 0, + "type": "integer" + }, + "vlans": { + "description": "The VLANs available", + "items": { + "description": "VLAN represents the name and ID of a VLAN.", + "properties": { + "id": { + "description": "VLANID is a 12-bit 802.1Q VLAN identifier", + "format": "int32", + "maximum": 4094, + "minimum": 0, + "type": "integer" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, - "required": [ - "name" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { + "ramMebibytes": { + "description": "The host's amount of memory in Mebibytes.", + "type": "integer" + }, + "storage": { + "description": "List of storage (disk, SSD, etc.) available to the host.", + "items": { + "description": "Storage describes one storage device (disk, SSD, etc.) on the host.", + "properties": { + "alternateNames": { + "description": "A list of alternate Linux device names of the disk, e.g. \"/dev/sda\".\nNote that this list is not exhaustive, and names may not be stable\nacross reboots.", + "items": { + "type": "string" + }, + "type": "array" + }, + "hctl": { + "description": "The SCSI location of the device", + "type": "string" + }, + "model": { + "description": "Hardware model", + "type": "string" + }, + "name": { + "description": "A Linux device name of the disk, e.g.\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". This will be a name\nthat is stable across reboots if one is available.", + "type": "string" + }, + "rotational": { + "description": "Whether this disk represents rotational storage.\nThis field is not recommended for usage, please\nprefer using 'Type' field instead, this field\nwill be deprecated eventually.", + "type": "boolean" + }, + "serialNumber": { + "description": "The serial number of the device", + "type": "string" + }, + "sizeBytes": { + "description": "The size of the disk in Bytes", + "format": "int64", "type": "integer" }, - { + "type": { + "description": "Device type, one of: HDD, SSD, NVME.", + "enum": [ + "HDD", + "SSD", + "NVME" + ], + "type": "string" + }, + "vendor": { + "description": "The name of the vendor of the device", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "wwn": { + "description": "The WWN of the device", + "type": "string" + }, + "wwnVendorExtension": { + "description": "The WWN Vendor extension of the device", + "type": "string" + }, + "wwnWithExtension": { + "description": "The WWN with the extension", "type": "string" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "dbSpec": { - "description": "DBSpec (optional) DB spec for a managed postgres cluster", - "properties": { - "dbConf": { - "additionalProperties": { - "type": "string" + }, + "type": "object" }, - "description": "DBConf (optional) overrides the default postgresql db config", - "type": "object" - }, - "dbMinVolumeSize": { - "description": "DBMinVolumeSize (optional) The initial size of the database volume.The actual size might be larger.\nIncreasing the size of the volume is supported if the underlying storage class supports volume expansion.\nThe new size should be larger than actualVolumeSize in dbStatus for the volume to be resized.", - "type": "string" + "type": "array" }, - "dbResources": { - "description": "DBResources (optional) overrides the default resource requirements for the db container", + "systemVendor": { + "description": "System vendor information.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "manufacturer": { + "type": "string" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "productName": { + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "serialNumber": { + "type": "string" } }, "type": "object" - }, - "dbStorageClass": { - "description": "DBStorageClass (optional) overrides the default cluster StorageClass for the database volume.", - "type": "string" - }, - "image": { - "description": "DBImage (optional) overrides the default image for the db instances", - "type": "string" - }, - "instances": { - "description": "Instances (optional) overrides the default number of db instances", - "type": "integer" - }, - "postgresMajorVersion": { - "description": "PostgresMajorVersion (optional) overrides the default postgres major version\nIt is the user's responsibility to ensure that the postgres image matches the major version.", - "type": "integer" } }, "type": "object" }, - "dbStorageClass": { - "description": "DBStorageClass (optional) overrides the default cluster StorageClass for the database volume.\nFor the time being this field is immutable and can only be set on system creation.\nThis affects where the system stores its database which contains system config,\nbuckets, objects meta-data and mapping file parts to storage locations.", + "hardwareProfile": { + "description": "The name of the profile matching the hardware details.\nHardware profiles are deprecated and should not be relied on.", "type": "string" }, - "dbType": { - "description": "DBType (optional) overrides the default type image for the db container.\nThe only possible value is postgres", - "enum": [ - "postgres" - ], + "lastUpdated": { + "description": "LastUpdated identifies when this status was last observed.", + "format": "date-time", "type": "string" }, - "dbVolumeResources": { - "description": "DBVolumeResources (optional) overrides the default PVC resource requirements for the database volume.\nFor the time being this field is immutable and can only be set on system creation.\nThis is because volume size updates are only supported for increasing the size,\nand only if the storage class specifies `allowVolumeExpansion: true`,", + "operationHistory": { + "description": "OperationHistory holds information about operations performed\non this host.", "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "deprovision": { + "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", + "properties": { + "end": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "start": { + "format": "date-time", + "nullable": true, + "type": "string" + } }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "inspect": { + "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", + "properties": { + "end": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "start": { + "format": "date-time", + "nullable": true, + "type": "string" + } + }, + "type": "object" + }, + "provision": { + "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", + "properties": { + "end": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "start": { + "format": "date-time", + "nullable": true, + "type": "string" + } + }, + "type": "object" + }, + "register": { + "description": "OperationMetric contains metadata about an operation (inspection,\nprovisioning, etc.) used for tracking metrics.", + "properties": { + "end": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "start": { + "format": "date-time", + "nullable": true, + "type": "string" + } }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, - "debugLevel": { - "description": "DebugLevel (optional) sets the debug level", + "operationalStatus": { + "description": "OperationalStatus holds the status of the host", "enum": [ - "all", - "nsfs", - "warn", - "default_level" + "", + "OK", + "discovered", + "error", + "delayed", + "detached", + "servicing" ], - "type": "integer" + "type": "string" }, - "defaultBackingStoreSpec": { - "description": "Deprecated: DefaultBackingStoreSpec is not supported anymore, use ManualDefaultBackingStore instead.", + "poweredOn": { + "description": "The currently detected power state of the host. This field may get\nbriefly out of sync with the actual state of the hardware while\nprovisioning processes are running.", + "type": "boolean" + }, + "provisioning": { + "description": "Information tracked by the provisioner.", "properties": { - "awsS3": { - "description": "AWSS3Spec specifies a backing store of type aws-s3", + "ID": { + "description": "The hosts's ID from the underlying provisioning tool (e.g. the\nIronic node UUID).", + "type": "string" + }, + "bootMode": { + "description": "BootMode indicates the boot mode used to provision the host.", + "enum": [ + "UEFI", + "UEFISecureBoot", + "legacy" + ], + "type": "string" + }, + "customDeploy": { + "description": "Custom deploy procedure applied to the host.", "properties": { - "awsSTSRoleARN": { - "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", - "type": "string" - }, - "region": { - "description": "Region is the AWS region", + "method": { + "description": "Custom deploy method name.\nThis name is specific to the deploy ramdisk used. If you don't have\na custom deploy ramdisk, you shouldn't use CustomDeploy.", "type": "string" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "firmware": { + "description": "The firmware settings that have been applied.", + "properties": { + "simultaneousMultithreadingEnabled": { + "description": "Allows a single physical processor core to appear as several logical processors.", + "enum": [ + true, + false + ], + "type": "boolean" }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslDisabled": { - "description": "SSLDisabled allows to disable SSL and use plain http", + "sriovEnabled": { + "description": "SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance.", + "enum": [ + true, + false + ], "type": "boolean" }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + "virtualizationEnabled": { + "description": "Supports the virtualization of platform hardware.", + "enum": [ + true, + false + ], + "type": "boolean" } }, - "required": [ - "targetBucket" - ], "type": "object" }, - "azureBlob": { - "description": "AzureBlob specifies a backing store of type azure-blob", + "image": { + "description": "Image holds the details of the last image successfully\nprovisioned to the host.", "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "checksum": { + "description": "Checksum is the checksum for the image. Required for all formats\nexcept for \"live-iso\".", + "type": "string" }, - "targetBlobContainer": { - "description": "TargetBlobContainer is the name of the target Azure Blob container", + "checksumType": { + "description": "ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.\nThe special value \"auto\" can be used to detect the algorithm from the checksum.\nIf missing, MD5 is used. If in doubt, use \"auto\".", + "enum": [ + "md5", + "sha256", + "sha512", + "auto" + ], + "type": "string" + }, + "format": { + "description": "Format contains the format of the image (raw, qcow2, ...).\nWhen set to \"live-iso\", an ISO 9660 image referenced by the url will\nbe live-booted and not deployed to disk.", + "enum": [ + "raw", + "qcow2", + "vdi", + "vmdk", + "live-iso" + ], + "type": "string" + }, + "url": { + "description": "URL is a location of an image to deploy.", "type": "string" } }, "required": [ - "secret", - "targetBlobContainer" + "url" ], "type": "object" }, - "googleCloudStorage": { - "description": "GoogleCloudStorage specifies a backing store of type google-cloud-storage", + "raid": { + "description": "The RAID configuration that has been applied.", "properties": { - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" + "hardwareRAIDVolumes": { + "description": "The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.\nYou can set the value of this field to `[]` to clear all the hardware RAID configurations.", + "items": { + "description": "HardwareRAIDVolume defines the desired configuration of volume in hardware RAID.", + "properties": { + "controller": { + "description": "The name of the RAID controller to use.", + "type": "string" + }, + "level": { + "description": "RAID level for the logical disk. The following levels are supported:\n0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).", + "enum": [ + "0", + "1", + "2", + "5", + "6", + "1+0", + "5+0", + "6+0" + ], + "type": "string" + }, + "name": { + "description": "Name of the volume. Should be unique within the Node. If not\nspecified, the name will be auto-generated.", + "maxLength": 64, + "type": "string" + }, + "numberOfPhysicalDisks": { + "description": "Integer, number of physical disks to use for the logical disk.\nDefaults to minimum number of disks required for the particular RAID\nlevel.", + "minimum": 1, + "type": "integer" + }, + "physicalDisks": { + "description": "Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted\nby the hardware RAID controller, and the format is hardware specific.", + "items": { + "type": "string" + }, + "type": "array" + }, + "rotational": { + "description": "Select disks with only rotational (if set to true) or solid-state\n(if set to false) storage. By default, any disks can be picked.", + "type": "boolean" + }, + "sizeGibibytes": { + "description": "Size of the logical disk to be created in GiB. If unspecified or\nset be 0, the maximum capacity of disk will be used for logical\ndisk.", + "minimum": 0, + "type": "integer" + } }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "required": [ + "level" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "nullable": true, + "type": "array" }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + "softwareRAIDVolumes": { + "description": "The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.\nIf HardwareRAIDVolumes is set this item will be invalid.\nThe number of created Software RAID devices must be 1 or 2.\nIf there is only one Software RAID device, it has to be a RAID-1.\nIf there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.\nAs the first RAID device will be the deployment device,\nenforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.\nSoftware RAID will always be deleted.", + "items": { + "description": "SoftwareRAIDVolume defines the desired configuration of volume in software RAID.", + "properties": { + "level": { + "description": "RAID level for the logical disk. The following levels are supported:\n0, 1 and 1+0.", + "enum": [ + "0", + "1", + "1+0" + ], + "type": "string" + }, + "physicalDisks": { + "description": "A list of device hints, the number of items should be greater than or equal to 2.", + "items": { + "description": "RootDeviceHints holds the hints for specifying the storage location\nfor the root filesystem for the image.", + "properties": { + "deviceName": { + "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", + "type": "string" + }, + "hctl": { + "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", + "type": "string" + }, + "minSizeGigabytes": { + "description": "The minimum size of the device in Gigabytes.", + "minimum": 0, + "type": "integer" + }, + "model": { + "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", + "type": "string" + }, + "rotational": { + "description": "True if the device should use spinning media, false otherwise.", + "type": "boolean" + }, + "serialNumber": { + "description": "Device serial number. The hint must match the actual value\nexactly.", + "type": "string" + }, + "vendor": { + "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", + "type": "string" + }, + "wwn": { + "description": "Unique storage identifier. The hint must match the actual value\nexactly.", + "type": "string" + }, + "wwnVendorExtension": { + "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", + "type": "string" + }, + "wwnWithExtension": { + "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", + "type": "string" + } + }, + "type": "object" + }, + "minItems": 2, + "type": "array" + }, + "sizeGibibytes": { + "description": "Size of the logical disk to be created in GiB.\nIf unspecified or set be 0, the maximum capacity of disk will be used for logical disk.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "level" + ], + "type": "object" + }, + "maxItems": 2, + "nullable": true, + "type": "array" } }, - "required": [ - "secret", - "targetBucket" - ], "type": "object" }, - "ibmCos": { - "description": "IBMCos specifies a backing store of type ibm-cos", + "rootDeviceHints": { + "description": "The root device hints used to provision the host.", "properties": { - "endpoint": { - "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", + "deviceName": { + "description": "A Linux device name like \"/dev/vda\", or a by-path link to it like\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". The hint must match\nthe actual value exactly.", "type": "string" }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "hctl": { + "description": "A SCSI bus address like 0:0:0:0. The hint must match the actual\nvalue exactly.", + "type": "string" }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "minSizeGigabytes": { + "description": "The minimum size of the device in Gigabytes.", + "minimum": 0, + "type": "integer" + }, + "model": { + "description": "A vendor-specific device identifier. The hint can be a\nsubstring of the actual value.", "type": "string" }, - "targetBucket": { - "description": "TargetBucket is the name of the target IBM COS bucket", + "rotational": { + "description": "True if the device should use spinning media, false otherwise.", + "type": "boolean" + }, + "serialNumber": { + "description": "Device serial number. The hint must match the actual value\nexactly.", + "type": "string" + }, + "vendor": { + "description": "The name of the vendor or manufacturer of the device. The hint\ncan be a substring of the actual value.", + "type": "string" + }, + "wwn": { + "description": "Unique storage identifier. The hint must match the actual value\nexactly.", + "type": "string" + }, + "wwnVendorExtension": { + "description": "Unique vendor storage identifier. The hint must match the\nactual value exactly.", + "type": "string" + }, + "wwnWithExtension": { + "description": "Unique storage identifier with the vendor extension\nappended. The hint must match the actual value exactly.", "type": "string" } }, - "required": [ - "endpoint", - "secret", - "targetBucket" - ], "type": "object" }, - "pvPool": { - "description": "PVPool specifies a backing store of type pv-pool", + "state": { + "description": "An indicator for what the provisioner is doing with the host.", + "type": "string" + } + }, + "required": [ + "ID", + "state" + ], + "type": "object" + }, + "triedCredentials": { + "description": "The last credentials we sent to the provisioning backend.", + "properties": { + "credentials": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", "properties": { - "numVolumes": { - "description": "NumVolumes is the number of volumes to allocate", - "type": "integer" + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" }, - "resources": { - "description": "VolumeResources represents the minimum resources each volume should have.", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "credentialsVersion": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "errorCount", + "errorMessage", + "operationalStatus", + "poweredOn", + "provisioning" + ], + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "BareMetalHost", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/BareMetalHostList": { + "description": "BareMetalHostList is a list of BareMetalHost", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of baremetalhosts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.BareMetalHost" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "BareMetalHostList", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/DataImage": { + "description": "DataImage is the Schema for the dataimages API.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "DataImageSpec defines the desired state of DataImage.", + "properties": { + "url": { + "description": "Url is the address of the dataImage that we want to attach\nto a BareMetalHost", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "status": { + "description": "DataImageStatus defines the observed state of DataImage.", + "properties": { + "attachedImage": { + "description": "Currently attached DataImage", + "properties": { + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "error": { + "description": "Error count and message when attaching/detaching", + "properties": { + "count": { + "type": "integer" + }, + "message": { + "type": "string" + } + }, + "required": [ + "count", + "message" + ], + "type": "object" + }, + "lastReconciled": { + "description": "Time of last reconciliation", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "DataImage", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/DataImageList": { + "description": "DataImageList is a list of DataImage", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of dataimages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.DataImage" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "DataImageList", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/FirmwareSchema": { + "description": "FirmwareSchema is the Schema for the firmwareschemas API.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "FirmwareSchemaSpec defines the desired state of FirmwareSchema.", + "properties": { + "hardwareModel": { + "description": "The hardware model associated with this schema", + "type": "string" + }, + "hardwareVendor": { + "description": "The hardware vendor associated with this schema", + "type": "string" + }, + "schema": { + "additionalProperties": { + "description": "Additional data describing the firmware setting.", + "properties": { + "allowable_values": { + "description": "The allowable value for an Enumeration type setting.", + "items": { + "type": "string" + }, + "type": "array" + }, + "attribute_type": { + "description": "The type of setting.", + "enum": [ + "Enumeration", + "String", + "Integer", + "Boolean", + "Password" + ], + "type": "string" + }, + "lower_bound": { + "description": "The lowest value for an Integer type setting.", + "type": "integer" + }, + "max_length": { + "description": "Maximum length for a String type setting.", + "type": "integer" + }, + "min_length": { + "description": "Minimum length for a String type setting.", + "type": "integer" + }, + "read_only": { + "description": "Whether or not this setting is read only.", + "type": "boolean" + }, + "unique": { + "description": "Whether or not this setting's value is unique to this node, e.g.\na serial number.", + "type": "boolean" + }, + "upper_bound": { + "description": "The highest value for an Integer type setting.", + "type": "integer" + } + }, + "type": "object" + }, + "description": "Map of firmware name to schema", + "type": "object" + } + }, + "required": [ + "schema" + ], + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "FirmwareSchema", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/FirmwareSchemaList": { + "description": "FirmwareSchemaList is a list of FirmwareSchema", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of firmwareschemas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.FirmwareSchema" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "FirmwareSchemaList", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/HardwareData": { + "description": "HardwareData is the Schema for the hardwaredata API.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "HardwareDataSpec defines the desired state of HardwareData.", + "properties": { + "hardware": { + "description": "The hardware discovered on the host during its inspection.", + "properties": { + "cpu": { + "description": "Details of the CPU(s) in the system.", + "properties": { + "arch": { + "type": "string" }, - "secret": { - "description": "Secret refers to a secret that provides the agent configuration\nThe secret should define AGENT_CONFIG containing agent_configuration from noobaa-core.", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } + "clockMegahertz": { + "description": "ClockSpeed is a clock speed in MHz", + "format": "double", + "type": "number" + }, + "count": { + "type": "integer" + }, + "flags": { + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array" }, - "storageClass": { - "description": "StorageClass is the name of the storage class to use for the PV's", + "model": { "type": "string" } }, - "required": [ - "numVolumes" - ], "type": "object" }, - "s3Compatible": { - "description": "S3Compatible specifies a backing store of type s3-compatible", + "firmware": { + "description": "System firmware information.", "properties": { - "endpoint": { - "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", - "type": "string" - }, - "secret": { - "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "bios": { + "description": "The BIOS for this firmware", "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", + "date": { + "description": "The release/build date for this BIOS", "type": "string" }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", + "vendor": { + "description": "The vendor name for this BIOS", + "type": "string" + }, + "version": { + "description": "The version of the BIOS", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "signatureVersion": { - "description": "SignatureVersion specifies the client signature version to use when signing requests.", - "type": "string" - }, - "targetBucket": { - "description": "TargetBucket is the name of the target S3 bucket", - "type": "string" + "type": "object" } }, - "required": [ - "endpoint", - "secret", - "targetBucket" - ], "type": "object" }, - "type": { - "description": "Type is an enum of supported types", + "hostname": { "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "denyHTTP": { - "description": "DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS)", - "type": "boolean" - }, - "disableLoadBalancerService": { - "description": "DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer", - "nullable": true, - "type": "boolean" - }, - "disableRoutes": { - "description": "DisableRoutes (optional) disables the reconciliation of openshift route resources in the cluster", - "nullable": true, - "type": "boolean" - }, - "endpoints": { - "description": "Endpoints (optional) sets configuration info for the noobaa endpoint\ndeployment.", - "properties": { - "additionalVirtualHosts": { - "description": "AdditionalVirtualHosts (optional) provide a list of additional hostnames\n(on top of the builtin names defined by the cluster: service name, elb name, route name)\nto be used as virtual hosts by the the endpoints in the endpoint deployment", + }, + "nics": { + "description": "List of network interfaces for the host.", "items": { - "type": "string" + "description": "NIC describes one network interface on the host.", + "properties": { + "ip": { + "description": "The IP address of the interface. This will be an IPv4 or IPv6 address\nif one is present. If both IPv4 and IPv6 addresses are present in a\ndual-stack environment, two nics will be output, one with each IP.", + "type": "string" + }, + "mac": { + "description": "The device MAC address", + "pattern": "[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}", + "type": "string" + }, + "model": { + "description": "The vendor and product IDs of the NIC, e.g. \"0x8086 0x1572\"", + "type": "string" + }, + "name": { + "description": "The name of the network interface, e.g. \"en0\"", + "type": "string" + }, + "pxe": { + "description": "Whether the NIC is PXE Bootable", + "type": "boolean" + }, + "speedGbps": { + "description": "The speed of the device in Gigabits per second", + "type": "integer" + }, + "vlanId": { + "description": "The untagged VLAN ID", + "format": "int32", + "maximum": 4094, + "minimum": 0, + "type": "integer" + }, + "vlans": { + "description": "The VLANs available", + "items": { + "description": "VLAN represents the name and ID of a VLAN.", + "properties": { + "id": { + "description": "VLANID is a 12-bit 802.1Q VLAN identifier", + "format": "int32", + "maximum": 4094, + "minimum": 0, + "type": "integer" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" }, "type": "array" }, - "maxCount": { - "description": "MaxCount, the number of endpoint instances (pods)\nto be used as the upper bound when autoscaling", - "format": "int32", - "type": "integer" - }, - "minCount": { - "description": "MinCount, the number of endpoint instances (pods)\nto be used as the lower bound when autoscaling", - "format": "int32", + "ramMebibytes": { + "description": "The host's amount of memory in Mebibytes.", "type": "integer" }, - "resources": { - "description": "Resources (optional) overrides the default resource requirements for every endpoint pod", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } + "storage": { + "description": "List of storage (disk, SSD, etc.) available to the host.", + "items": { + "description": "Storage describes one storage device (disk, SSD, etc.) on the host.", + "properties": { + "alternateNames": { + "description": "A list of alternate Linux device names of the disk, e.g. \"/dev/sda\".\nNote that this list is not exhaustive, and names may not be stable\nacross reboots.", + "items": { + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "type": "array" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "hctl": { + "description": "The SCSI location of the device", + "type": "string" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "model": { + "description": "Hardware model", + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "externalPgSSLRequired": { - "description": "ExternalPgSSLRequired (optional) holds an optional boolean to force ssl connections to the external Postgres DB", - "type": "boolean" - }, - "externalPgSSLSecret": { - "description": "ExternalPgSSLSecret (optional) holds an optional secret with client key and cert used for connecting to external Postgres DB", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "externalPgSSLUnauthorized": { - "description": "ExternalPgSSLUnauthorized (optional) holds an optional boolean to allow unauthorized connections to external Postgres DB", - "type": "boolean" - }, - "externalPgSecret": { - "description": "ExternalPgSecret (optional) holds an optional secret with a url to an extrenal Postgres DB to be used", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "image": { - "description": "Image (optional) overrides the default image for the server container", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret (optional) sets a pull secret for the system image", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "joinSecret": { - "description": "JoinSecret (optional) instructs the operator to join another cluster\nand point to a secret that holds the join information", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "labels": { - "additionalProperties": { - "additionalProperties": { - "type": "string" - }, - "description": "Labels are label for a given daemon", - "type": "object" - }, - "description": "The labels-related configuration to add/set on each Pod related object.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "loadBalancerSourceSubnets": { - "description": "LoadBalancerSourceSubnets (optional) if given will allow access to the NooBaa services\nonly from the listed subnets. This field will have no effect if DisableLoadBalancerService is set\nto true", - "properties": { - "s3": { - "description": "S3 is a list of subnets that will be allowed to access the Noobaa S3 service", - "items": { - "type": "string" - }, - "type": "array" - }, - "sts": { - "description": "STS is a list of subnets that will be allowed to access the Noobaa STS service", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "logResources": { - "description": "LogResources (optional) overrides the default resource requirements for the noobaa-log-processor container", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "description": "A Linux device name of the disk, e.g.\n\"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0\". This will be a name\nthat is stable across reboots if one is available.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "rotational": { + "description": "Whether this disk represents rotational storage.\nThis field is not recommended for usage, please\nprefer using 'Type' field instead, this field\nwill be deprecated eventually.", + "type": "boolean" + }, + "serialNumber": { + "description": "The serial number of the device", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { + }, + "sizeBytes": { + "description": "The size of the disk in Bytes", + "format": "int64", "type": "integer" }, - { + "type": { + "description": "Device type, one of: HDD, SSD, NVME.", + "enum": [ + "HDD", + "SSD", + "NVME" + ], "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "vendor": { + "description": "The name of the vendor of the device", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "manualDefaultBackingStore": { - "description": "ManualDefaultBackingStore (optional - default value is false) if true the default backingstore/namespacestore\nwill not be reconciled by the operator and it should be manually handled by the user. It will allow the\nuser to delete DefaultBackingStore/DefaultNamespaceStore, user needs to delete associated buckets and\nupdate the admin account with new BackingStore/NamespaceStore in order to delete the DefaultBackingStore/DefaultNamespaceStore", - "nullable": true, - "type": "boolean" - }, - "pvPoolDefaultStorageClass": { - "description": "PVPoolDefaultStorageClass (optional) overrides the default cluster StorageClass for the pv-pool volumes.\nThis affects where the system stores data chunks (encrypted).\nUpdates to this field will only affect new pv-pools,\nbut updates to existing pools are not supported by the operator.", - "type": "string" - }, - "region": { - "description": "Region (optional) provide a region for the location info\nof the endpoints in the endpoint deployment", - "type": "string" - }, - "security": { - "description": "Security represents security settings", - "properties": { - "kms": { - "description": "KeyManagementServiceSpec represent various details of the KMS server", - "properties": { - "connectionDetails": { - "additionalProperties": { + }, + "wwn": { + "description": "The WWN of the device", "type": "string" }, - "type": "object" + "wwnVendorExtension": { + "description": "The WWN Vendor extension of the device", + "type": "string" + }, + "wwnWithExtension": { + "description": "The WWN with the extension", + "type": "string" + } }, - "enableKeyRotation": { - "type": "boolean" + "type": "object" + }, + "type": "array" + }, + "systemVendor": { + "description": "System vendor information.", + "properties": { + "manufacturer": { + "type": "string" }, - "schedule": { + "productName": { "type": "string" }, - "tokenSecretName": { + "serialNumber": { "type": "string" } }, @@ -226745,445 +141215,282 @@ } }, "type": "object" - }, - "tolerations": { - "description": "Tolerations (optional) passed through to noobaa's pods", + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "HardwareData", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/HardwareDataList": { + "description": "HardwareDataList is a list of HardwareData", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of hardwaredata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.HardwareData" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "HardwareDataList", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/HostFirmwareComponents": { + "description": "HostFirmwareComponents is the Schema for the hostfirmwarecomponents API.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "HostFirmwareComponentsSpec defines the desired state of HostFirmwareComponents.", + "properties": { + "updates": { "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "description": "FirmwareUpdate defines a firmware update specification.", "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "component": { "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "url": { "type": "string" } }, + "required": [ + "component", + "url" + ], "type": "object" }, "type": "array" } }, + "required": [ + "updates" + ], "type": "object" }, "status": { - "description": "Most recently observed status of the noobaa system.", + "description": "HostFirmwareComponentsStatus defines the observed state of HostFirmwareComponents.", "properties": { - "accounts": { - "description": "Accounts reports accounts info for the admin account", - "properties": { - "admin": { - "description": "UserStatus is the status info of a user secret", - "properties": { - "secretRef": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "components": { + "description": "Components is the list of all available firmware components and their information.", + "items": { + "description": "FirmwareComponentStatus defines the status of a firmware component.", + "properties": { + "component": { + "type": "string" }, - "required": [ - "secretRef" - ], - "type": "object" - } + "currentVersion": { + "type": "string" + }, + "initialVersion": { + "type": "string" + }, + "lastVersionFlashed": { + "type": "string" + }, + "updatedAt": { + "format": "date-time", + "type": "string" + } + }, + "required": [ + "component", + "initialVersion" + ], + "type": "object" }, - "required": [ - "admin" - ], - "type": "object" - }, - "actualImage": { - "description": "ActualImage is set to report which image the operator is using", - "type": "string" - }, - "beforeUpgradeDbImage": { - "description": "BeforeUpgradeDbImage is the db image used before last db upgrade", - "type": "string" + "type": "array" }, "conditions": { - "description": "Conditions is a list of conditions related to operator reconciliation", + "description": "Track whether updates stored in the spec are valid based on the schema", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" - }, - "dbStatus": { - "description": "DBStatus is the status of the postgres cluster", - "properties": { - "actualVolumeSize": { - "description": "ActualVolumeSize is the actual size of the postgres cluster volume. This can be different than the requested size", - "type": "string" - }, - "currentPgMajorVersion": { - "description": "CurrentPgMajorVersion is the major version of the postgres cluster", - "type": "integer" - }, - "dbClusterStatus": { - "description": "DBClusterStatus is the status of the postgres cluster", - "type": "string" - }, - "dbCurrentImage": { - "description": "DBCurrentImage is the image of the postgres cluster", - "type": "string" - } - }, - "type": "object" - }, - "endpoints": { - "description": "Endpoints reports the actual number of endpoints in the endpoint deployment\nand the virtual hosts list used recognized by the endpoints", - "properties": { - "readyCount": { - "format": "int32", - "type": "integer" - }, - "virtualHosts": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "readyCount", - "virtualHosts" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" ], - "type": "object" + "x-kubernetes-list-type": "map" }, - "lastKeyRotateTime": { - "description": "LastKeyRotateTime is the time system ran an encryption key rotate", + "lastUpdated": { + "description": "Time that the status was last updated", "format": "date-time", "type": "string" }, - "observedGeneration": { - "description": "ObservedGeneration is the most recent generation observed for this noobaa system.\nIt corresponds to the CR generation, which is updated on mutation by the API Server.", - "format": "int64", - "type": "integer" - }, - "phase": { - "description": "Phase is a simple, high-level summary of where the System is in its lifecycle", - "type": "string" - }, - "postgresUpdatePhase": { - "description": "Upgrade reports the status of the ongoing postgres upgrade process", - "type": "string" - }, - "readme": { - "description": "Readme is a user readable string with explanations on the system", - "type": "string" - }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects related to this operator.", + "updates": { + "description": "Updates is the list of all firmware components that should be updated\nthey are specified via name and url fields.", "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "description": "FirmwareUpdate defines a firmware update specification.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "component": { "type": "string" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "url": { "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "component", + "url" + ], + "type": "object" }, "type": "array" - }, - "services": { - "description": "Services reports addresses for the services", - "properties": { - "serviceMgmt": { - "description": "ServiceStatus is the status info and network addresses of a service", - "properties": { - "externalDNS": { - "description": "ExternalDNS are external public addresses for the service", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalIP": { - "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalDNS": { - "description": "InternalDNS are internal addresses of the service inside the cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalIP": { - "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "items": { - "type": "string" - }, - "type": "array" - }, - "nodePorts": { - "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", - "items": { - "type": "string" - }, - "type": "array" - }, - "podPorts": { - "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "serviceS3": { - "description": "ServiceStatus is the status info and network addresses of a service", - "properties": { - "externalDNS": { - "description": "ExternalDNS are external public addresses for the service", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalIP": { - "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalDNS": { - "description": "InternalDNS are internal addresses of the service inside the cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalIP": { - "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "items": { - "type": "string" - }, - "type": "array" - }, - "nodePorts": { - "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", - "items": { - "type": "string" - }, - "type": "array" - }, - "podPorts": { - "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "serviceSts": { - "description": "ServiceStatus is the status info and network addresses of a service", - "properties": { - "externalDNS": { - "description": "ExternalDNS are external public addresses for the service", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalIP": { - "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalDNS": { - "description": "InternalDNS are internal addresses of the service inside the cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalIP": { - "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "items": { - "type": "string" - }, - "type": "array" - }, - "nodePorts": { - "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", - "items": { - "type": "string" - }, - "type": "array" - }, - "podPorts": { - "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "serviceSyslog": { - "description": "ServiceStatus is the status info and network addresses of a service", - "properties": { - "externalDNS": { - "description": "ExternalDNS are external public addresses for the service", - "items": { - "type": "string" - }, - "type": "array" - }, - "externalIP": { - "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalDNS": { - "description": "InternalDNS are internal addresses of the service inside the cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "internalIP": { - "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "items": { - "type": "string" - }, - "type": "array" - }, - "nodePorts": { - "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", - "items": { - "type": "string" - }, - "type": "array" - }, - "podPorts": { - "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "serviceMgmt", - "serviceS3" - ], - "type": "object" - }, - "upgradePhase": { - "description": "Upgrade reports the status of the ongoing upgrade process", - "type": "string" } }, - "type": "object" + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "HostFirmwareComponents", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/HostFirmwareComponentsList": { + "description": "HostFirmwareComponentsList is a list of HostFirmwareComponents", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of hostfirmwarecomponents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.metal3.v1alpha1.HostFirmwareComponents" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, - "required": [], + "required": [ + "items" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "NooBaa", + "group": "metal3.io", + "kind": "HostFirmwareComponentsList", "version": "v1alpha1" } ] }, - "noobaa.io/v1alpha1/NooBaaAccount": { - "description": "NooBaaAccount is the Schema for the NooBaaAccounts API", + "metal3.io/v1alpha1/HostFirmwareSettings": { + "description": "HostFirmwareSettings is the Schema for the hostfirmwaresettings API.", "namespaced": true, "properties": { "apiVersion": { @@ -227203,134 +141510,125 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the NooBaaAccount.", + "description": "HostFirmwareSettingsSpec defines the desired state of HostFirmwareSettings.", "properties": { - "allow_bucket_creation": { - "description": "AllowBucketCreate specifies if new buckets can be created by this account", - "type": "boolean" - }, - "default_resource": { - "description": "DefaultResource specifies which backingstore this account will use to create new buckets", - "type": "string" - }, - "force_md5_etag": { - "description": "ForceMd5Etag specifies whether MD5 Etags should be calculated for the account or not", - "type": "boolean" - }, - "nsfs_account_config": { - "description": "NsfsAccountConfig specifies the configurations on Namespace FS", - "nullable": true, - "properties": { - "distinguished_name": { - "type": "string" - }, - "gid": { - "type": "integer" - }, - "new_buckets_path": { - "type": "string" - }, - "nsfs_only": { - "type": "boolean" - }, - "uid": { - "type": "integer" - } + "settings": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true }, - "required": [ - "new_buckets_path", - "nsfs_only" - ], + "description": "Settings are the desired firmware settings stored as name/value pairs.", "type": "object" } }, "required": [ - "allow_bucket_creation" + "settings" ], "type": "object" }, "status": { - "description": "Most recently observed status of the NooBaaAccount.", + "description": "HostFirmwareSettingsStatus defines the observed state of HostFirmwareSettings.", "properties": { "conditions": { - "description": "Conditions is a list of conditions related to operator reconciliation", + "description": "Track whether settings stored in the spec are valid based on the schema", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "phase": { - "description": "Phase is a simple, high-level summary of where the noobaa user is in its lifecycle", + "lastUpdated": { + "description": "Time that the status was last updated", + "format": "date-time", "type": "string" }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects related to this operator.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "schema": { + "description": "FirmwareSchema is a reference to the Schema used to describe each\nFirmwareSetting. By default, this will be a Schema in the same\nNamespace as the settings but it can be overwritten in the Spec", + "properties": { + "name": { + "description": "`name` is the reference to the schema.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "namespace": { + "description": "`namespace` is the namespace of the where the schema is stored.", + "type": "string" + } }, - "type": "array" + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "settings": { + "additionalProperties": { + "type": "string" + }, + "description": "Settings are the firmware settings stored as name/value pairs", + "type": "object" } }, + "required": [ + "settings" + ], "type": "object" } }, @@ -227338,14 +141636,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "NooBaaAccount", + "group": "metal3.io", + "kind": "HostFirmwareSettings", "version": "v1alpha1" } ] }, - "noobaa.io/v1alpha1/NooBaaAccountList": { - "description": "NooBaaAccountList is a list of NooBaaAccount", + "metal3.io/v1alpha1/HostFirmwareSettingsList": { + "description": "HostFirmwareSettingsList is a list of HostFirmwareSettings", "namespaced": true, "properties": { "apiVersion": { @@ -227353,9 +141651,9 @@ "type": "string" }, "items": { - "description": "List of noobaaaccounts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of hostfirmwaresettings. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.v1alpha1.NooBaaAccount" + "$ref": "#/components/schemas/io.metal3.v1alpha1.HostFirmwareSettings" }, "type": "array" }, @@ -227378,14 +141676,71 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "NooBaaAccountList", + "group": "metal3.io", + "kind": "HostFirmwareSettingsList", "version": "v1alpha1" } ] }, - "noobaa.io/v1alpha1/NooBaaList": { - "description": "NooBaaList is a list of NooBaa", + "metal3.io/v1alpha1/HostUpdatePolicy": { + "description": "HostUpdatePolicy is the Schema for the hostupdatepolicy API.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "HostUpdatePolicySpec defines the desired state of HostUpdatePolicy.", + "properties": { + "firmwareSettings": { + "description": "Defines policy for changing firmware settings", + "enum": [ + "onPreparing", + "onReboot" + ], + "type": "string" + }, + "firmwareUpdates": { + "description": "Defines policy for updating firmware", + "enum": [ + "onPreparing", + "onReboot" + ], + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy.", + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "metal3.io", + "kind": "HostUpdatePolicy", + "version": "v1alpha1" + } + ] + }, + "metal3.io/v1alpha1/HostUpdatePolicyList": { + "description": "HostUpdatePolicyList is a list of HostUpdatePolicy", "namespaced": true, "properties": { "apiVersion": { @@ -227393,9 +141748,9 @@ "type": "string" }, "items": { - "description": "List of noobaas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of hostupdatepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.v1alpha1.NooBaa" + "$ref": "#/components/schemas/io.metal3.v1alpha1.HostUpdatePolicy" }, "type": "array" }, @@ -227418,38 +141773,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "noobaa.io", - "kind": "NooBaaList", + "group": "metal3.io", + "kind": "HostUpdatePolicyList", "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/OAuthAccessToken": { - "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "metal3.io/v1alpha1/PreprovisioningImage": { + "description": "PreprovisioningImage is the Schema for the preprovisioningimages API.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "format": "int64", - "type": "integer" - }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "format": "int32", - "type": "integer" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -227460,46 +141797,148 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" - }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", - "type": "string" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "scopes": { - "description": "scopes is an array of the requested scopes.", - "items": { - "default": "", - "type": "string" + "spec": { + "description": "PreprovisioningImageSpec defines the desired state of PreprovisioningImage.", + "properties": { + "acceptFormats": { + "description": "acceptFormats is a list of acceptable image formats.", + "items": { + "description": "ImageFormat enumerates the allowed image formats", + "enum": [ + "iso", + "initrd" + ], + "type": "string" + }, + "type": "array" + }, + "architecture": { + "description": "architecture is the processor architecture for which to build the image.", + "type": "string" + }, + "networkDataName": { + "description": "networkDataName is the name of a Secret in the local namespace that\ncontains network data to build in to the image.", + "type": "string" + } }, - "type": "array" - }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "type": "object" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", - "type": "string" + "status": { + "description": "PreprovisioningImageStatus defines the observed state of PreprovisioningImage.", + "properties": { + "architecture": { + "description": "architecture is the processor architecture for which the image is built", + "type": "string" + }, + "conditions": { + "description": "conditions describe the state of the built image", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "extraKernelParams": { + "description": "extraKernelParams is a string with extra parameters to pass to the\nkernel when booting the image over network. Only makes sense for initrd images.", + "type": "string" + }, + "format": { + "description": "format is the type of image that is available at the download url:\neither iso or initrd.", + "enum": [ + "iso", + "initrd" + ], + "type": "string" + }, + "imageUrl": { + "description": "imageUrl is the URL from which the built image can be downloaded.", + "type": "string" + }, + "kernelUrl": { + "description": "kernelUrl is the URL from which the kernel of the image can be downloaded.\nOnly makes sense for initrd images.", + "type": "string" + }, + "networkData": { + "description": "networkData is a reference to the version of the Secret containing the\nnetwork data used to build the image.", + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthAccessToken", - "version": "v1" + "group": "metal3.io", + "kind": "PreprovisioningImage", + "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/OAuthAccessTokenList": { - "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metal3.io/v1alpha1/PreprovisioningImageList": { + "description": "PreprovisioningImageList is a list of PreprovisioningImage", "namespaced": true, "properties": { "apiVersion": { @@ -227507,14 +141946,9 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth access tokens", + "description": "List of preprovisioningimages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthAccessToken" - } - ], - "default": {} + "$ref": "#/components/schemas/io.metal3.v1alpha1.PreprovisioningImage" }, "type": "array" }, @@ -227528,8 +141962,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -227538,37 +141971,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthAccessTokenList", - "version": "v1" + "group": "metal3.io", + "kind": "PreprovisioningImageList", + "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/OAuthAuthorizeToken": { - "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metal3.io/v1alpha1/Provisioning": { + "description": "Provisioning contains configuration used by the Provisioning\nservice (Ironic) to provision baremetal hosts.\nProvisioning is created by the OpenShift installer using admin or\nuser provided information about the provisioning network and the\nNIC on the server that can be used to PXE boot it.\nThis CR is a singleton, created by the installer and currently only\nconsumed by the cluster-baremetal-operator to bring up and update\ncontainers in a metal3 cluster.", "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "codeChallenge": { - "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", - "type": "string" - }, - "codeChallengeMethod": { - "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "format": "int64", - "type": "integer" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -227579,46 +141995,219 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "scopes": { - "description": "scopes is an array of the requested scopes.", - "items": { - "default": "", - "type": "string" + "spec": { + "description": "ProvisioningSpec defines the desired state of Provisioning", + "properties": { + "additionalNTPServers": { + "description": "AdditionalNTPServers is a list of NTP Servers to be used by the\nprovisioning service", + "items": { + "type": "string" + }, + "type": "array" + }, + "bootIsoSource": { + "description": "BootIsoSource provides a way to set the location where the iso image\nto boot the nodes will be served from.\nBy default the boot iso image is cached locally and served from\nthe Provisioning service (Ironic) nodes using an auxiliary httpd server.\nIf the boot iso image is already served by an httpd server, setting\nthis option to http allows to directly provide the image from there;\nin this case, the network (either internal or external) where the\nhttpd server that hosts the boot iso is needs to be accessible\nby the metal3 pod.", + "enum": [ + "local", + "http" + ], + "type": "string" + }, + "disableVirtualMediaTLS": { + "description": "DisableVirtualMediaTLS turns off TLS on the virtual media server,\nwhich may be required for hardware that cannot accept HTTPS links.", + "type": "boolean" + }, + "preProvisioningOSDownloadURLs": { + "description": "PreprovisioningOSDownloadURLs is set of CoreOS Live URLs that would be necessary to provision a worker\neither using virtual media or PXE.", + "properties": { + "initramfsURL": { + "description": "InitramfsURL Image URL to be used for PXE deployments", + "type": "string" + }, + "isoURL": { + "description": "IsoURL Image URL to be used for Live ISO deployments", + "type": "string" + }, + "kernelURL": { + "description": "KernelURL is an Image URL to be used for PXE deployments", + "type": "string" + }, + "rootfsURL": { + "description": "RootfsURL Image URL to be used for PXE deployments", + "type": "string" + } + }, + "type": "object" + }, + "provisioningDHCPExternal": { + "description": "ProvisioningDHCPExternal indicates whether the DHCP server\nfor IP addresses in the provisioning DHCP range is present\nwithin the metal3 cluster or external to it. This field is being\ndeprecated in favor of provisioningNetwork.", + "type": "boolean" + }, + "provisioningDHCPRange": { + "description": "ProvisioningDHCPRange needs to be interpreted along with\nProvisioningDHCPExternal. If the value of\nprovisioningDHCPExternal is set to False, then\nProvisioningDHCPRange represents the range of IP addresses\nthat the DHCP server running within the metal3 cluster can\nuse while provisioning baremetal servers. If the value of\nProvisioningDHCPExternal is set to True, then the value of\nProvisioningDHCPRange will be ignored. When the value of\nProvisioningDHCPExternal is set to False, indicating an\ninternal DHCP server and the value of ProvisioningDHCPRange\nis not set, then the DHCP range is taken to be the default\nrange which goes from .10 to .100 of the\nProvisioningNetworkCIDR. This is the only value in all of\nthe Provisioning configuration that can be changed after\nthe installer has created the CR. This value needs to be\ntwo comma sererated IP addresses within the\nProvisioningNetworkCIDR where the 1st address represents\nthe start of the range and the 2nd address represents the\nlast usable address in the range.", + "type": "string" + }, + "provisioningDNS": { + "description": "ProvisioningDNS allows sending the DNS information via DHCP on the\nprovisionig network. It is off by default since the Provisioning\nservice itself (Ironic) does not require DNS, but it may be useful\nfor layered products (e.g. ZTP).", + "type": "boolean" + }, + "provisioningIP": { + "description": "ProvisioningIP is the IP address assigned to the\nprovisioningInterface of the baremetal server. This IP\naddress should be within the provisioning subnet, and\noutside of the DHCP range.", + "type": "string" + }, + "provisioningInterface": { + "description": "ProvisioningInterface is the name of the network interface\non a baremetal server to the provisioning network. It can\nhave values like eth1 or ens3.", + "type": "string" + }, + "provisioningMacAddresses": { + "description": "ProvisioningMacAddresses is a list of mac addresses of network interfaces\non a baremetal server to the provisioning network.\nUse this instead of ProvisioningInterface to allow interfaces of different\nnames. If not provided it will be populated by the BMH.Spec.BootMacAddress\nof each master.", + "items": { + "type": "string" + }, + "type": "array" + }, + "provisioningNetwork": { + "description": "ProvisioningNetwork provides a way to indicate the state of the\nunderlying network configuration for the provisioning network.\nThis field can have one of the following values -\n`Managed`- when the provisioning network is completely managed by\nthe Baremetal IPI solution.\n`Unmanaged`- when the provsioning network is present and used but\nthe user is responsible for managing DHCP. Virtual media provisioning\nis recommended but PXE is still available if required.\n`Disabled`- when the provisioning network is fully disabled. User can\nbring up the baremetal cluster using virtual media or assisted\ninstallation. If using metal3 for power management, BMCs must be\naccessible from the machine networks. User should provide two IPs on\nthe external network that would be used for provisioning services.", + "enum": [ + "Managed", + "Unmanaged", + "Disabled" + ], + "type": "string" + }, + "provisioningNetworkCIDR": { + "description": "ProvisioningNetworkCIDR is the network on which the\nbaremetal nodes are provisioned. The provisioningIP and the\nIPs in the dhcpRange all come from within this network. When using IPv6\nand in a network managed by the Baremetal IPI solution this cannot be a\nnetwork larger than a /64.", + "type": "string" + }, + "provisioningOSDownloadURL": { + "description": "ProvisioningOSDownloadURL is the location from which the OS\nImage used to boot baremetal host machines can be downloaded\nby the metal3 cluster.", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "UnsupportedConfigOverrides are site-specific overrides that are not\nofficially supported in the Metal platform and may cause the\ndeployment to fail. Carefully check the description of each field\nyou modify to understand its implications for stability and\nupgradability of your cluster.\nWhen reporting a bug, please make sure to reproduce it with\nUnsupportedConfigOverrides set to nil.", + "properties": { + "ironicAgentImage": { + "description": "Override for the IPA container image.\nThe image must be based on openshift/ironic-agent-image of the same\nrelease as the cluster. After each cluster upgrade, it must be\nrebased and updated immediately, before any BareMetalHosts are\nenrolled, provisioned or deprovisioned.", + "type": "string" + } + }, + "type": "object" + }, + "virtualMediaViaExternalNetwork": { + "description": "VirtualMediaViaExternalNetwork flag when set to \"true\" allows for workers\nto boot via Virtual Media and contact metal3 over the External Network.\nWhen the flag is set to \"false\" (which is the default), virtual media\ndeployments can still happen based on the configuration specified in the\nProvisioningNetwork i.e when in Disabled mode, over the External Network\nand over Provisioning Network when in Managed mode.\nPXE deployments will always use the Provisioning Network and will not be\naffected by this flag.", + "type": "boolean" + }, + "watchAllNamespaces": { + "description": "WatchAllNamespaces provides a way to explicitly allow use of this\nProvisioning configuration across all Namespaces. It is an\noptional configuration which defaults to false and in that state\nwill be used to provision baremetal hosts in only the\nopenshift-machine-api namespace. When set to true, this provisioning\nconfiguration would be used for baremetal hosts across all namespaces.", + "type": "boolean" + } }, - "type": "array" - }, - "state": { - "description": "state data from request", - "type": "string" - }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "type": "object" }, - "userUID": { - "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", - "type": "string" + "status": { + "description": "ProvisioningStatus defines the observed state of Provisioning", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthAuthorizeToken", - "version": "v1" + "group": "metal3.io", + "kind": "Provisioning", + "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/OAuthAuthorizeTokenList": { - "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metal3.io/v1alpha1/ProvisioningList": { + "description": "ProvisioningList is a list of Provisioning", "namespaced": true, "properties": { "apiVersion": { @@ -227626,14 +142215,9 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth authorization tokens", + "description": "List of provisionings. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" - } - ], - "default": {} + "$ref": "#/components/schemas/io.metal3.v1alpha1.Provisioning" }, "type": "array" }, @@ -227647,8 +142231,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -227657,42 +142240,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthAuthorizeTokenList", - "version": "v1" + "group": "metal3.io", + "kind": "ProvisioningList", + "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/OAuthClient": { - "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metrics.k8s.io/v1beta1/NodeMetrics": { + "description": "NodeMetrics sets resource usage metrics of a node.", "namespaced": false, "properties": { - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - "format": "int32", - "type": "integer" - }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", - "format": "int32", - "type": "integer" - }, - "additionalSecrets": { - "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "grantMethod": { - "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -227704,59 +142265,71 @@ } ], "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "redirectURIs": { - "description": "redirectURIs is the valid redirection URIs associated with a client", - "items": { - "default": "", - "type": "string" - }, - "type": "array", - "x-kubernetes-patch-strategy": "merge" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "respondWithChallenges": { - "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", - "type": "boolean" + "timestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "default": {}, + "description": "The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]." }, - "scopeRestrictions": { - "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", - "items": { + "usage": { + "additionalProperties": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.ScopeRestriction" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" } ], "default": {} }, - "type": "array" + "description": "The memory usage is the memory working set.", + "type": "object" }, - "secret": { - "description": "secret is the unique secret associated with a client", - "type": "string" + "window": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + } + ], + "default": 0 } }, - "required": [], + "required": [ + "timestamp", + "window", + "usage" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthClient", - "version": "v1" + "group": "metrics.k8s.io", + "kind": "NodeMetrics", + "version": "v1beta1" } ] }, - "oauth.openshift.io/v1/OAuthClientAuthorization": { - "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "metrics.k8s.io/v1beta1/NodeMetricsList": { + "description": "NodeMetricsList is a list of NodeMetrics.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientName": { - "description": "clientName references the client that created this authorization", - "type": "string" + "items": { + "description": "List of node metrics.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.NodeMetrics" + } + ], + "default": {} + }, + "type": "array" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -227765,58 +142338,45 @@ "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "scopes": { - "description": "scopes is an array of the granted scopes.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "userName": { - "description": "userName is the user name that authorized this client", - "type": "string" - }, - "userUID": { - "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", - "type": "string" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, - "required": [], + "required": [ + "items" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthClientAuthorization", - "version": "v1" + "group": "metrics.k8s.io", + "kind": "NodeMetricsList", + "version": "v1beta1" } ] }, - "oauth.openshift.io/v1/OAuthClientAuthorizationList": { - "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metrics.k8s.io/v1beta1/PodMetrics": { + "description": "PodMetrics sets resource usage metrics of a pod.", "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of OAuth client authorizations", + "containers": { + "description": "Metrics for all containers are collected within the same time window.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" + "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.ContainerMetrics" } ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -227825,27 +142385,46 @@ "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "timestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "default": {}, + "description": "The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]." + }, + "window": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + } + ], + "default": 0 } }, "required": [ - "items" + "timestamp", + "window", + "containers" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthClientAuthorizationList", - "version": "v1" + "group": "metrics.k8s.io", + "kind": "PodMetrics", + "version": "v1beta1" } ] }, - "oauth.openshift.io/v1/OAuthClientList": { - "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metrics.k8s.io/v1beta1/PodMetricsList": { + "description": "PodMetricsList is a list of PodMetrics.", "namespaced": true, "properties": { "apiVersion": { @@ -227853,11 +142432,11 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth clients", + "description": "List of pod metrics.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthClient" + "$ref": "#/components/schemas/io.k8s.metrics.pkg.apis.metrics.v1beta1.PodMetrics" } ], "default": {} @@ -227875,7 +142454,7 @@ } ], "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -227884,38 +142463,20 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "OAuthClientList", - "version": "v1" + "group": "metrics.k8s.io", + "kind": "PodMetricsList", + "version": "v1beta1" } ] }, - "oauth.openshift.io/v1/UserOAuthAccessToken": { - "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", + "migration.k8s.io/v1alpha1/StorageState": { + "description": "The state of the storage of a specific resource.", "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "format": "int64", - "type": "integer" - }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "format": "int32", - "type": "integer" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -227926,46 +142487,63 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" - }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", - "type": "string" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "scopes": { - "description": "scopes is an array of the requested scopes.", - "items": { - "default": "", - "type": "string" + "spec": { + "description": "Specification of the storage state.", + "properties": { + "resource": { + "description": "The resource this storageState is about.", + "properties": { + "group": { + "description": "The name of the group.", + "type": "string" + }, + "resource": { + "description": "The name of the resource.", + "type": "string" + } + }, + "type": "object" + } }, - "type": "array" - }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "type": "object" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", - "type": "string" + "status": { + "description": "Status of the storage state.", + "properties": { + "currentStorageVersionHash": { + "description": "The hash value of the current storage version, as shown in the discovery document served by the API server. Storage Version is the version to which objects are converted to before persisted.", + "type": "string" + }, + "lastHeartbeatTime": { + "description": "LastHeartbeatTime is the last time the storage migration triggering controller checks the storage version hash of this resource in the discovery document and updates this field.", + "format": "date-time", + "type": "string" + }, + "persistedStorageVersionHashes": { + "description": "The hash values of storage versions that persisted instances of spec.resource might still be encoded in. \"Unknown\" is a valid value in the list, and is the default value. It is not safe to upgrade or downgrade to an apiserver binary that does not support all versions listed in this field, or if \"Unknown\" is listed. Once the storage version migration for this resource has completed, the value of this field is refined to only contain the currentStorageVersionHash. Once the apiserver has changed the storage version, the new storage version is appended to the list.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "UserOAuthAccessToken", - "version": "v1" + "group": "migration.k8s.io", + "kind": "StorageState", + "version": "v1alpha1" } ] }, - "oauth.openshift.io/v1/UserOAuthAccessTokenList": { - "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "migration.k8s.io/v1alpha1/StorageStateList": { + "description": "StorageStateList is a list of StorageState", "namespaced": true, "properties": { "apiVersion": { @@ -227973,13 +142551,9 @@ "type": "string" }, "items": { + "description": "List of storagestates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" - } - ], - "default": {} + "$ref": "#/components/schemas/io.k8s.migration.v1alpha1.StorageState" }, "type": "array" }, @@ -227993,8 +142567,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -228003,14 +142576,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "oauth.openshift.io", - "kind": "UserOAuthAccessTokenList", - "version": "v1" + "group": "migration.k8s.io", + "kind": "StorageStateList", + "version": "v1alpha1" } ] }, - "objectbucket.io/v1alpha1/ObjectBucket": { - "description": "", + "migration.k8s.io/v1alpha1/StorageVersionMigration": { + "description": "StorageVersionMigration represents a migration of stored data to the latest storage version.", "namespaced": false, "properties": { "apiVersion": { @@ -228030,82 +142603,73 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the bucket.", + "description": "Specification of the migration.", "properties": { - "additionalState": { - "additionalProperties": { - "type": "string" - }, - "description": "additionalState gives providers a location to set proprietary config values (tenant, namespace, etc)", - "type": "object" - }, - "claimRef": { - "description": "ObjectReference to ObjectBucketClaim", - "type": "object" + "continueToken": { + "description": "The token used in the list options to get the next chunk of objects to migrate. When the .status.conditions indicates the migration is \"Running\", users can use this token to check the progress of the migration.", + "type": "string" }, - "endpoint": { - "description": "Endpoint contains all connection relevant data that an app may require for accessing the bucket", + "resource": { + "description": "The resource that is being migrated. The migrator sends requests to the endpoint serving the resource. Immutable.", "properties": { - "additionalConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)", - "type": "object" - }, - "bucketHost": { - "description": "Bucket address hostname", - "type": "string" - }, - "bucketName": { - "description": "Bucket name", + "group": { + "description": "The name of the group.", "type": "string" }, - "bucketPort": { - "description": "Bucket address port", - "type": "integer" - }, - "region": { - "description": "Bucket region", + "resource": { + "description": "The name of the resource.", "type": "string" }, - "subRegion": { - "description": "Bucket sub-region", + "version": { + "description": "The name of the version.", "type": "string" } }, "type": "object" - }, - "reclaimPolicy": { - "description": "Describes a policy for end-of-life maintenance of ObjectBucket.", - "enum": [ - "Delete", - "Retain", - "Recycle" - ], - "type": "string" - }, - "storageClassName": { - "description": "StorageClass names the StorageClass object representing the desired provisioner and parameters", - "type": "string" } }, "required": [ - "storageClassName" + "resource" ], "type": "object" }, "status": { - "description": "Most recently observed status of the bucket.", + "description": "Status of the migration.", "properties": { - "phase": { - "description": "ObjectBucketStatusPhase is set by the controller to save the state of the provisioning process", - "enum": [ - "Bound", - "Released", - "Failed" - ], - "type": "string" + "conditions": { + "description": "The latest available observations of the migration's current state.", + "items": { + "description": "Describes the state of a migration at a certain point.", + "properties": { + "lastUpdateTime": { + "description": "The last time this condition was updated.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type of the condition.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" } }, "type": "object" @@ -228115,14 +142679,54 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "objectbucket.io", - "kind": "ObjectBucket", + "group": "migration.k8s.io", + "kind": "StorageVersionMigration", "version": "v1alpha1" } ] }, - "objectbucket.io/v1alpha1/ObjectBucketClaim": { - "description": "", + "migration.k8s.io/v1alpha1/StorageVersionMigrationList": { + "description": "StorageVersionMigrationList is a list of StorageVersionMigration", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageversionmigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.migration.v1alpha1.StorageVersionMigration" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migration.k8s.io", + "kind": "StorageVersionMigrationList", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/MigController": { + "description": "MigController is the Schema for the migcontrollers API.", "namespaced": true, "properties": { "apiVersion": { @@ -228142,48 +142746,875 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the claim.", + "description": "MigControllerSpec defines the desired state of MigController.", "properties": { - "additionalConfig": { - "additionalProperties": { - "type": "string" + "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "type": "string" + }, + "infra": { + "description": "Rules on which nodes infrastructure pods will be scheduled", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "priorityClass": { + "description": "PriorityClass of the control plane", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "MigControllerStatus defines the observed state of MigController.", + "properties": { + "conditions": { + "description": "A list of current conditions of the resource", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" }, - "description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)", - "type": "object" + "type": "array" }, - "bucketName": { - "description": "BucketName (not recommended) the name of the bucket. Caution! In-store bucket names may collide across namespaces. If you define the name yourself, try to make it as unique as possible.", + "observedVersion": { + "description": "The observed version of the resource", "type": "string" }, - "generateBucketName": { - "description": "GenerateBucketName (recommended) a prefix for a bucket name to be followed by a hyphen and 5 random characters. Protects against in-store name collisions.", + "operatorVersion": { + "description": "The version of the resource as defined by the operator", "type": "string" }, - "objectBucketName": { - "description": "ObjectBucketName is the name of the object bucket resource. This is the authoritative determination for binding.", + "phase": { + "description": "Phase is the current phase of the deployment", "type": "string" }, - "storageClassName": { - "description": "StorageClass names the StorageClass object representing the desired provisioner and parameters", - "type": "string" - } - }, - "required": [ - "storageClassName" - ], - "type": "object" - }, - "status": { - "description": "Most recently observed status of the claim.", - "properties": { - "phase": { - "description": "ObjectBucketClaimStatusPhase is set by the controller to save the state of the provisioning process", - "enum": [ - "Pending", - "Bound", - "Released", - "Failed" - ], + "targetVersion": { + "description": "The desired version of the resource", "type": "string" } }, @@ -228194,54 +143625,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "objectbucket.io", - "kind": "ObjectBucketClaim", - "version": "v1alpha1" - } - ] - }, - "objectbucket.io/v1alpha1/ObjectBucketClaimList": { - "description": "ObjectBucketClaimList is a list of ObjectBucketClaim", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of objectbucketclaims. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.objectbucket.v1alpha1.ObjectBucketClaim" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "objectbucket.io", - "kind": "ObjectBucketClaimList", + "group": "migrations.kubevirt.io", + "kind": "MigController", "version": "v1alpha1" } ] }, - "objectbucket.io/v1alpha1/ObjectBucketList": { - "description": "ObjectBucketList is a list of ObjectBucket", + "migrations.kubevirt.io/v1alpha1/MigControllerList": { + "description": "MigControllerList is a list of MigController", "namespaced": true, "properties": { "apiVersion": { @@ -228249,9 +143640,9 @@ "type": "string" }, "items": { - "description": "List of objectbuckets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of migcontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.objectbucket.v1alpha1.ObjectBucket" + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.MigController" }, "type": "array" }, @@ -228274,15 +143665,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "objectbucket.io", - "kind": "ObjectBucketList", + "group": "migrations.kubevirt.io", + "kind": "MigControllerList", "version": "v1alpha1" } ] }, - "ocs.openshift.io/v1/OCSInitialization": { - "description": "OCSInitialization represents the initial data to be created when the operator is installed.", - "namespaced": true, + "migrations.kubevirt.io/v1alpha1/MigrationPolicy": { + "description": "MigrationPolicy holds migration policy (i.e. configurations) to apply to a VM or group of VMs", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -228301,112 +143692,74 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "OCSInitializationSpec defines the desired state of OCSInitialization", - "type": "object" - }, - "status": { - "description": "OCSInitializationStatus defines the observed state of OCSInitialization", "properties": { - "conditions": { - "description": "Conditions describes the state of the OCSInitialization resource.", - "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "allowAutoConverge": { + "type": "boolean" }, - "errorMessage": { - "type": "string" + "allowPostCopy": { + "type": "boolean" }, - "phase": { - "description": "Phase describes the Phase of OCSInitialization\nThis is used by OLM UI to provide status information\nto the user", - "type": "string" + "allowWorkloadDisruption": { + "type": "boolean" }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "bandwidthPerMigration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "completionTimeoutPerGiB": { + "format": "int64", + "type": "integer" + }, + "selectors": { + "properties": { + "namespaceSelector": { + "additionalProperties": { "type": "string" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "object" + }, + "virtualMachineInstanceSelector": { + "additionalProperties": { "type": "string" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" + } }, - "type": "array" - }, - "sCCsCreated": { - "type": "boolean" + "type": "object" } }, + "required": [ + "selectors" + ], + "type": "object" + }, + "status": { + "nullable": true, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "ocs.openshift.io", - "kind": "OCSInitialization", - "version": "v1" + "group": "migrations.kubevirt.io", + "kind": "MigrationPolicy", + "version": "v1alpha1" } ] }, - "ocs.openshift.io/v1/OCSInitializationList": { - "description": "OCSInitializationList is a list of OCSInitialization", + "migrations.kubevirt.io/v1alpha1/MigrationPolicyList": { + "description": "MigrationPolicyList is a list of MigrationPolicy", "namespaced": true, "properties": { "apiVersion": { @@ -228414,9 +143767,9 @@ "type": "string" }, "items": { - "description": "List of ocsinitializations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of migrationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1.OCSInitialization" + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.MigrationPolicy" }, "type": "array" }, @@ -228439,14 +143792,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "ocs.openshift.io", - "kind": "OCSInitializationList", - "version": "v1" + "group": "migrations.kubevirt.io", + "kind": "MigrationPolicyList", + "version": "v1alpha1" } ] }, - "ocs.openshift.io/v1/StorageAutoScaler": { - "description": "StorageAutoScaler represents the automatic storage scaling for storage cluster.", + "migrations.kubevirt.io/v1alpha1/MultiNamespaceVirtualMachineStorageMigration": { + "description": "VirtualMachineStorageMigration is the Schema for the virtualmachinestoragemigrations API", "namespaced": true, "properties": { "apiVersion": { @@ -228466,172 +143819,181 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "StorageAutoScalerSpec defines the desired state of StorageAutoScaler", + "description": "MigMigrationSpec defines the desired state of MigMigration", "properties": { - "deviceClass": { - "default": "ssd", - "description": "DeviceClass is the name of the device class for which the storage scaling is to be done.", - "type": "string" - }, - "maxOsdSize": { - "anyOf": [ - { - "type": "integer" + "multiNamespaceVirtualMachineStorageMigrationPlanRef": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" }, - { + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", "type": "string" - } - ], - "default": "8Ti", - "description": "MaxOsdSize is the maximum size that Osd disk can be expanded to.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "storageCapacityLimit": { - "anyOf": [ - { - "type": "integer" }, - { + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - ], - "description": "StorageCapacityLimit is the total aggregate capacity limit for the storage scaling for the specific deviceClass and storagecluster.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "storageCluster": { - "description": "StorageCluster is the name of the storage cluster for which the storage scaling is to be done.", - "properties": { + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic" - }, - "storageScalingThresholdPercent": { - "default": 70, - "description": "StorageScalingThresholdPercent is the threshold percentage of the storage capacity that triggers the auto-scaling of the OSDs.\nShould be less than the OsdNearFullThresholdPercentage.", - "type": "integer" - }, - "timeoutSeconds": { - "default": 1800, - "description": "TimeoutSeconds is the time in seconds after which the storage auto-scaler will alert the user that the scaling operation has been failed.", - "type": "integer" } }, "required": [ - "storageCapacityLimit", - "storageCluster" + "multiNamespaceVirtualMachineStorageMigrationPlanRef" ], "type": "object" }, "status": { - "description": "StorageAutoScalerStatus defines the observed state of StorageAutoScaler", + "description": "MultiNamespaceVirtualMachineStorageMigrationStatus defines the observed state of MultiNamespaceVirtualMachineStorageMigration", "properties": { - "error": { - "description": "Error is the error message in case the storage scaling operation has failed.", - "nullable": true, - "properties": { - "message": { - "description": "Message is the error message in case the storage scaling operation has failed.", - "type": "string" + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } }, - "timestamp": { - "description": "Timestamp is the time stamp when the error occurred.", - "format": "date-time", - "type": "string" - } + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "lastExpansion": { - "nullable": true, - "properties": { - "completionTime": { - "description": "CompletionTime is the time stamp of the last run completion of the storage scaling", - "format": "date-time", - "type": "string" - }, - "expectedOsdCount": { - "description": "The Expected OSD count is the count that the auto-expansion has decided to set.\nThis will be set on the storageCluster CR as the desired count of the OSDs.\nUsed for horizontal scaling of OSDs.", - "type": "integer" - }, - "expectedOsdSize": { - "anyOf": [ - { - "type": "integer" - }, - { + "namespaces": { + "description": "The status of the migrations in the namespaces.", + "items": { + "properties": { + "cancelledMigrations": { + "description": "The cancelled migrations.", + "items": { "type": "string" - } - ], - "description": "The ExpectedOsdSize is the size that the auto-expansion has decided to set.\nThis will be set on the storageCLuster CR as the desired size of the OSDs.\nUsed for vertical scaling of OSDs.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "expectedStorageCapacity": { - "anyOf": [ - { - "type": "integer" }, - { + "type": "array" + }, + "completedMigrations": { + "description": "The completed migrations.", + "items": { "type": "string" - } - ], - "description": "ExpectedStorageCapacity is the expected storage capacity of the storage cluster after the expansion in progress is completed.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "startOsdCount": { - "description": "The start OSD count is the original count of the OSDs before the expansion in progress is completed.\nAfter the expansion is completed, this would be updated to the expected OSD count.\nUsed for horizontal scaling of OSDs.", - "type": "integer" - }, - "startOsdSize": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "description": "The start OSD size is the original size of the OSDs before the expansion in progress is completed.\nAfter the expansion is completed, this would be updated to the expected OSD size.\nUsed for vertical scaling of OSDs.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "startStorageCapacity": { - "anyOf": [ - { - "type": "integer" + "type": "array" + }, + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - { + "type": "array" + }, + "errors": { + "description": "The errors occurred during the migration.", + "items": { "type": "string" - } - ], - "description": "StartStorageCapacity is the original storage capacity of the storage cluster before the expansion in progress is completed.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "array" + }, + "name": { + "description": "The name of the namespace to migrate.", + "type": "string" + }, + "phase": { + "description": "The current phase of the migration.", + "type": "string" + }, + "runningMigrations": { + "description": "The running migrations.", + "items": { + "description": "RunningVirtualMachineMigration has the name of the VirtualMachine and the progress of the migration.", + "properties": { + "name": { + "description": "The name of the VirtualMachine.", + "type": "string" + }, + "progress": { + "description": "The progress of the migration.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } }, - "startTime": { - "description": "StartTime is the time stamp of the last run start of the storage scaling", - "format": "date-time", - "type": "string" - } + "required": [ + "name" + ], + "type": "object" }, - "type": "object" - }, - "phase": { - "description": "Phase describes the Phase of StorageAutoScaler", - "type": "string" - }, - "storageCapacityLimitReached": { - "description": "StorageCapacityLimitReached is the flag that indicates if the storage capacity limit has been reached.", - "nullable": true, - "type": "boolean" + "type": "array" } }, "type": "object" @@ -228641,14 +144003,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "ocs.openshift.io", - "kind": "StorageAutoScaler", - "version": "v1" + "group": "migrations.kubevirt.io", + "kind": "MultiNamespaceVirtualMachineStorageMigration", + "version": "v1alpha1" } ] }, - "ocs.openshift.io/v1/StorageAutoScalerList": { - "description": "StorageAutoScalerList is a list of StorageAutoScaler", + "migrations.kubevirt.io/v1alpha1/MultiNamespaceVirtualMachineStorageMigrationList": { + "description": "MultiNamespaceVirtualMachineStorageMigrationList is a list of MultiNamespaceVirtualMachineStorageMigration", "namespaced": true, "properties": { "apiVersion": { @@ -228656,9 +144018,9 @@ "type": "string" }, "items": { - "description": "List of storageautoscalers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of multinamespacevirtualmachinestoragemigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageAutoScaler" + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.MultiNamespaceVirtualMachineStorageMigration" }, "type": "array" }, @@ -228681,14 +144043,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "ocs.openshift.io", - "kind": "StorageAutoScalerList", - "version": "v1" + "group": "migrations.kubevirt.io", + "kind": "MultiNamespaceVirtualMachineStorageMigrationList", + "version": "v1alpha1" } ] }, - "ocs.openshift.io/v1/StorageCluster": { - "description": "StorageCluster represents a cluster including Ceph Cluster, NooBaa and all the storage and compute resources required.", + "migrations.kubevirt.io/v1alpha1/MultiNamespaceVirtualMachineStorageMigrationPlan": { + "description": "MultiNamespaceVirtualMachineStorageMigrationPlan is the Schema for the multinamespacevmstoragemigrationplans API", "namespaced": true, "properties": { "apiVersion": { @@ -228708,2293 +144070,3792 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "StorageClusterSpec defines the desired state of StorageCluster", + "description": "MultiNamespaceVirtualMachineStorageMigrationPlanSpec defines the desired state of MultiNamespaceVirtualMachineStorageMigrationPlan", "properties": { - "allowRemoteStorageConsumers": { - "description": "AllowRemoteStorageConsumers Indicates that the OCS cluster should deploy the needed\ncomponents to enable connections from remote consumers.", - "type": "boolean", - "x-kubernetes-validations": [ - { - "message": "allowRemoteStorageConsumers is immutable", - "rule": "oldSelf == self" - } - ] - }, - "arbiter": { - "description": "ArbiterSpec specifies the storage cluster options related to arbiter.\nIf Arbiter is enabled, ArbiterLocation in the NodeTopologies must be specified.", - "properties": { - "arbiterMonPVCTemplate": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "namespaces": { + "description": "The virtual machines to migrate per namespace.", + "items": { + "properties": { + "name": { + "description": "The name of the namespace to migrate.", + "type": "string" + }, + "retentionPolicy": { + "default": "keepSource", + "description": "RetentionPolicy indicates whether to keep or delete the source DataVolume/PVC after each VM migration completes.\nWhen \"keepSource\" (default), the source is preserved. When \"deleteSource\", the source DataVolume is deleted\nif it exists, otherwise the source PVC is deleted.", + "enum": [ + "keepSource", + "deleteSource" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy value cannot be changed once set", + "rule": "self == oldSelf" + } + ] + }, + "virtualMachines": { + "description": "The virtual machines to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanVirtualMachine defines the VirtualMachine to migrate and the PVCs to migrate.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "finalizers": { + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", "items": { - "type": "string" + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", + "properties": { + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" + }, + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" }, "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" } }, + "required": [ + "name", + "targetMigrationPVCs" + ], "type": "object" }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "name", + "virtualMachines" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy cannot be removed once set", + "rule": "!has(oldSelf.retentionPolicy) || has(self.retentionPolicy)" + } + ] + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "retentionPolicy": { + "default": "keepSource", + "description": "RetentionPolicy indicates whether to keep or delete the source DataVolume/PVC after each VM migration completes\nin each created namespace plan. When set to \"deleteSource\", every created VirtualMachineStorageMigrationPlan\nwill have retentionPolicy set to deleteSource. When \"keepSource\" or unset, child plans keep their per-namespace\nspec or default to keepSource.", + "enum": [ + "keepSource", + "deleteSource" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy value cannot be changed once set", + "rule": "self == oldSelf" + } + ] + } + }, + "required": [ + "namespaces" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy cannot be removed once set", + "rule": "!has(oldSelf.retentionPolicy) || has(self.retentionPolicy)" + } + ] + }, + "status": { + "description": "MultiNamespaceVirtualMachineStorageMigrationPlanStatus defines the observed state of MultiNamespaceVirtualMachineStorageMigrationPlan", + "properties": { + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "namespaces": { + "description": "The status of the plans in the namespaces.", + "items": { + "description": "VirtualMachineStorageMigrationPlanNamespaceStatus defines the status of the plan in the namespace.", + "properties": { + "completedMigrations": { + "description": "The migrations that have been completed.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array" + } + }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "completedOutOf": { + "description": "The number of virtual machines that have been completed out of the total number of virtual machines.", + "type": "string" + }, + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "lastTransitionTime": { + "format": "date-time", "type": "string" }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "message": { "type": "string" }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "reason": { "type": "string" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "status": { + "type": "string" + }, + "type": { "type": "string" } }, + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], "type": "object" }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "array" + }, + "failedMigrations": { + "description": "The migrations that have failed.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", + "type": "string" }, - { + "namespace": { + "description": "The namespace of the source PVC.", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "sourcePVC": { + "description": "The source PVC.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", "type": "string" } + }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" + "type": "array" }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" + "destinationPVC": { + "description": "The destination PVC to migrate to.", + "properties": { + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" + }, + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" + } + }, + "type": "object" }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", "type": "string" } }, "required": [ - "status", - "type" + "destinationPVC", + "volumeName" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" + "type": "array" } }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], "type": "object" - } - }, - "type": "object" - }, - "disableMasterNodeToleration": { - "description": "DisableMasterNodeToleration can be used to turn off the arbiter mon toleration for the master node taint.", - "type": "boolean" - }, - "enable": { - "type": "boolean" - } - }, - "type": "object" - }, - "backingStorageClasses": { - "description": "BackingStorageClasses is a list of storage classes that will be\nprovisioned by the storagecluster controller to be used in\nstorageDeviceSets section of the CR.", - "items": { - "description": "BackingStorageClass defines the backing storageclass for StorageDeviceSet", - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters holds the parameters for the provisioner that should\ncreate volumes of this storage class.", - "type": "object" - }, - "provisioner": { - "description": "Provisioner indicates the type of the provisioner.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "csi": { - "description": "CSIDriverSpec defines the CSI driver settings for the StorageCluster.", - "properties": { - "readAffinity": { - "description": "ReadAffinity defines the read affinity settings for CSI driver.", - "properties": { - "crushLocationLabels": { - "description": "CrushLocationLabels defines which node labels to use\nas CRUSH location. This should correspond to the values set in\nthe CRUSH map.", - "items": { - "type": "string" - }, - "type": "array" - }, - "enabled": { - "description": "Enables read affinity for CSI driver.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enableCephTools": { - "description": "EnableCephTools toggles on whether or not the ceph tools pod\nshould be deployed.\nDefaults to false", - "type": "boolean" - }, - "encryption": { - "description": "EncryptionSpec defines if encryption should be enabled for the Storage Cluster\nIt is optional and defaults to false.", - "properties": { - "clusterWide": { - "type": "boolean" - }, - "enable": { - "description": "deprecated from OCS 4.10 onwards, acting as a dummy,\nUI will keep sending this flag for backward compatibility (OCP 4.10 + OCS 4.9)", - "type": "boolean" - }, - "keyRotation": { - "description": "KeyRotation defines options for Key Rotation.", - "properties": { - "enable": { - "description": "Enable represents whether the key rotation is enabled.", - "type": "boolean" - }, - "schedule": { - "default": "@weekly", - "description": "Schedule represents the cron schedule for key rotation.", - "type": "string" - } - }, - "type": "object" - }, - "kms": { - "description": "KeyManagementServiceSpec provides a way to enable KMS", - "properties": { - "enable": { - "type": "boolean" - } - }, - "type": "object" - }, - "storageClass": { - "type": "boolean" - }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for ceph encrypted block pools", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "type": "object" - }, - "externalStorage": { - "description": "ExternalStorage is optional and defaults to false. When set to true, OCS will\nconnect to an external OCS Storage Cluster instead of provisioning one locally.", - "properties": { - "enable": { - "type": "boolean" - } - }, - "type": "object" - }, - "flexibleScaling": { - "description": "If enabled, sets the failureDomain to host, allowing devices to be\ndistributed evenly across all nodes, regardless of distribution in zones\nor racks.", - "type": "boolean" - }, - "hostNetwork": { - "description": "HostNetwork defaults to false", - "type": "boolean" - }, - "labelSelector": { - "description": "LabelSelector is used to specify custom labels of nodes to run OCS on", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "array" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "logCollector": { - "description": "Logging represents loggings settings", - "nullable": true, - "properties": { - "enabled": { - "description": "Enabled represents whether the log collector is enabled", - "type": "boolean" - }, - "maxLogSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "periodicity": { - "description": "Periodicity is the periodicity of the log rotation.", - "pattern": "^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$", - "type": "string" - } - }, - "type": "object" - }, - "managedResources": { - "description": "ManagedResources specifies how to deal with auxiliary resources reconciled\nwith the StorageCluster", - "properties": { - "cephBlockPools": { - "description": "ManageCephBlockPools defines how to reconcile CephBlockPools", - "properties": { - "defaultStorageClass": { - "description": "if set to true, the storageClass created for cephBlockPools will be annotated as the default for the whole cluster", - "type": "boolean" - }, - "defaultVirtualizationStorageClass": { - "description": "if set to true, the virtualization storageClass will be annotated as the default for kubevirt workloads", - "type": "boolean" - }, - "poolSpec": { - "description": "PoolSpec specifies the pool specification for the default cephBlockPool", + "inProgressMigrations": { + "description": "InProgress migrations are migrations that are in progress.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, - "type": "string" - }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", - "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", - "type": "string" - }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" - }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "codingChunks", - "dataChunks" - ], - "type": "object" - }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "mirroring": { - "description": "The mirroring settings", - "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" - }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], - "type": "string" - }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, - "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", - "items": { + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "type": "array" - } + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" }, - "type": "object" + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" + } }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", "type": "string" }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], "type": "string" } }, "type": "object" }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", - "minLength": 1, - "type": "string" - }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], - "type": "object" - }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", - "type": "string" + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - } + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "array" } }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], "type": "object" }, - "reconcileStrategy": { - "type": "string" - }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for ceph block pools", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "virtualizationStorageClassName": { - "description": "VirtualizationStorageClassName specifies the name of the storage class created for ceph block pools\nfor virtualization environment", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "cephCluster": { - "description": "ManageCephCluster defines how to reconcile the Ceph cluster definition", - "properties": { - "allowDeviceClassUpdate": { - "description": "Whether to allow updating the device class after the OSD is initially provisioned", - "type": "boolean" - }, - "backfillFullRatio": { - "description": "BackfillFullRatio is the ratio at which the cluster is too full for backfill. Backfill will be disabled if above this threshold. Default is 0.80.", - "maximum": 1, - "minimum": 0, - "nullable": true, - "type": "number" - }, - "cephConfig": { - "additionalProperties": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "description": "Ceph Config options", - "type": "object" - }, - "cleanupPolicy": { - "description": "CleanupPolicy defines the cleanup policy for the Rook Ceph cluster.", + "invalidMigrations": { + "description": "Invalid migrations are migrations that are invalid and cannot be started.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", "properties": { - "allowUninstallWithVolumes": { - "description": "AllowUninstallWithVolumes defines whether we can proceed with the uninstall if they are RBD images still present", - "type": "boolean" - }, - "confirmation": { - "description": "Confirmation represents the cleanup confirmation", - "nullable": true, - "pattern": "^$|^yes-really-destroy-data$", + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "sanitizeDisks": { - "description": "SanitizeDisks represents way we sanitize disks", - "nullable": true, - "properties": { - "dataSource": { - "description": "DataSource is the data source to use to sanitize the disk with", - "enum": [ - "zero", - "random" - ], - "type": "string" - }, - "iteration": { - "description": "Iteration is the number of pass to apply the sanitizing", - "format": "int32", - "type": "integer" - }, - "method": { - "description": "Method is the method we use to sanitize disks", - "enum": [ - "complete", - "quick" - ], - "type": "string" - } - }, - "type": "object" - }, - "wipeDevicesFromOtherClusters": { - "description": "WipeDevicesFromOtherClusters wipes the OSD disks belonging to other clusters. This is useful in scenarios where ceph cluster\nwas reinstalled but OSD disk still contains the metadata from previous ceph cluster.", - "type": "boolean" - } - }, - "type": "object" - }, - "continueUpgradeAfterChecksEvenIfNotHealthy": { - "description": "Whether or not continue if PGs are not clean during an upgrade", - "type": "boolean" - }, - "fullRatio": { - "description": "FullRatio is the ratio at which the cluster is considered full and ceph will stop accepting writes. Default is 0.85.", - "maximum": 1, - "minimum": 0, - "nullable": true, - "type": "number" - }, - "healthCheck": { - "description": "CephClusterHealthCheckSpec represent the healthcheck for Ceph daemons", - "properties": { - "daemonHealth": { - "description": "DaemonHealth is the health check for a given daemon", - "nullable": true, - "properties": { - "mon": { - "description": "Monitor represents the health check settings for the Ceph monitor", - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - }, - "osd": { - "description": "ObjectStorageDaemon represents the health check settings for the Ceph OSDs", - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "Status represents the health check settings for the Ceph health", - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "livenessProbe": { - "additionalProperties": { - "description": "ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon", + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", "properties": { - "disabled": { - "description": "Disabled determines whether probe is disable or not", - "type": "boolean" + "name": { + "description": "The name of the source PVC.", + "type": "string" }, - "probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "port" - ], "type": "object" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "value": { - "description": "The header field value", + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string" } }, "required": [ - "name", - "value" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "path": { - "description": "Path to access on the HTTP server.", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" }, - { + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } + }, + "required": [ + "status" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, - "required": [ - "port" - ], "type": "object" + } + }, + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" + } + }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", + "properties": { + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "type": "string" } }, "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" } }, + "required": [ + "destinationPVC", + "volumeName" + ], "type": "object" }, - "description": "LivenessProbe allows changing the livenessProbe configuration for a given daemon", - "type": "object" + "type": "array" + } + }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the namespace to migrate.", + "type": "string" + }, + "readyMigrations": { + "description": "Ready migrations are migrations that are ready to be started.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "startupProbe": { - "additionalProperties": { - "description": "ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon", + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", "properties": { - "disabled": { - "description": "Disabled determines whether probe is disable or not", - "type": "boolean" + "name": { + "description": "The name of the source PVC.", + "type": "string" }, - "probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "port" - ], "type": "object" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "value": { - "description": "The header field value", + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string" } }, "required": [ - "name", - "value" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "path": { - "description": "Path to access on the HTTP server.", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" }, - { + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } + }, + "required": [ + "status" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" } }, "type": "object" - } - }, - "type": "object" - }, - "description": "StartupProbe allows changing the startupProbe configuration for a given daemon", - "type": "object" - } - }, - "type": "object" - }, - "mgrCount": { - "enum": [ - 1, - 2 - ], - "type": "integer" - }, - "monCount": { - "enum": [ - 3, - 5 - ], - "type": "integer" - }, - "nearFullRatio": { - "description": "NearFullRatio is the ratio at which the cluster is considered nearly full and will raise a ceph health warning. Default is 0.75.", - "maximum": 1, - "minimum": 0, - "nullable": true, - "type": "number" - }, - "osdMaintenanceTimeout": { - "description": "A duration in minutes that determines how long an entire failureDomain like `region/zone/host` will be held in `noout` (in addition to the\ndefault DOWN/OUT interval) when it is draining. This is only relevant when `managePodBudgets` is `true` in cephCluster CR.\nThe default value is `30` minutes.", - "format": "int64", - "type": "integer" - }, - "reconcileStrategy": { - "type": "string" - }, - "skipUpgradeChecks": { - "description": "Whether or not upgrade should continue even if a check fails\nThis means Ceph's status could be degraded and we don't recommend upgrading but you might decide otherwise\nUse at your OWN risk", - "type": "boolean" - }, - "upgradeOSDRequiresHealthyPGs": { - "description": "Whether or not requires PGs are clean before an OSD upgrade. If set to `true` OSD upgrade process won't start until PGs are healthy.\nThis configuration will be ignored if `skipUpgradeChecks` is `true`.", - "type": "boolean" - }, - "waitTimeoutForHealthyOSDInMinutes": { - "description": "WaitTimeoutForHealthyOSDInMinutes defines the time the operator would wait before an OSD can be stopped for upgrade or restart.\nIf `continueUpgradeAfterChecksEvenIfNotHealthy` is `false` and the timeout exceeds and OSD is not ok to stop, then the operator\nwould skip upgrade for the current OSD and proceed with the next one.\nIf `continueUpgradeAfterChecksEvenIfNotHealthy` is `true`, then operator would continue with the upgrade of an OSD even if its\nnot ok to stop after the timeout.\nThis timeout won't be applied if `skipUpgradeChecks` is `true`.\nThe default wait timeout is 10 minutes.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "cephConfig": { - "description": "ManageCephConfig defines how to reconcile the Ceph configuration", - "properties": { - "reconcileStrategy": { - "type": "string" - } - }, - "type": "object" - }, - "cephDashboard": { - "description": "ManageCephDashboard defines how to reconcile Ceph dashboard", - "properties": { - "enable": { - "type": "boolean" - }, - "ssl": { - "description": "serve the dashboard using SSL", - "type": "boolean" - } - }, - "type": "object" - }, - "cephFilesystems": { - "description": "ManageCephFilesystems defines how to reconcile CephFilesystems", - "properties": { - "activeMetadataServers": { - "type": "integer" - }, - "additionalDataPools": { - "description": "AdditionalDataPools specifies list of additional named cephfs data pools", - "items": { - "description": "NamedPoolSpec represents the named ceph pool spec", - "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, - "type": "string" - }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", - "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", - "type": "string" - }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" } }, "required": [ - "codingChunks", - "dataChunks" + "name", + "namespace", + "sourcePVC", + "volumeName" ], "type": "object" }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", - "type": "string" - }, - "mirroring": { - "description": "The mirroring settings", + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" - }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], - "type": "string" - }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], "type": "string" }, "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", - "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", - "type": "string" - }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", - "type": "string" - }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", - "type": "string" - } }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the pool", - "type": "string" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" + }, + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], "type": "string" } }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], "type": "object" }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", "type": "string" - }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" } }, "required": [ - "size" + "destinationPVC", + "volumeName" ], "type": "object" }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, - "properties": { - "disabled": { - "type": "boolean" - }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", - "type": "string" - }, - "timeout": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" + "type": "array" + } }, - "type": "array" + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" }, - "dataPoolSpec": { - "description": "DataPoolSpec specifies the pool specification for the default cephfs data pool", + "type": "array" + }, + "suffix": { + "description": "The suffix to automatically append to the source PVC name. If the target name is not provided. This will replace the suffix \"-new\" or \"-mig-xxxx\" if present on the source PVC name.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "MultiNamespaceVirtualMachineStorageMigrationPlan", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/MultiNamespaceVirtualMachineStorageMigrationPlanList": { + "description": "MultiNamespaceVirtualMachineStorageMigrationPlanList is a list of MultiNamespaceVirtualMachineStorageMigrationPlan", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of multinamespacevirtualmachinestoragemigrationplans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.MultiNamespaceVirtualMachineStorageMigrationPlan" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "MultiNamespaceVirtualMachineStorageMigrationPlanList", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/VirtualMachineStorageMigration": { + "description": "VirtualMachineStorageMigration is the Schema for the virtualmachinestoragemigrations API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "MigMigrationSpec defines the desired state of MigMigration", + "properties": { + "virtualMachineStorageMigrationPlanRef": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "virtualMachineStorageMigrationPlanRef" + ], + "type": "object" + }, + "status": { + "description": "VirtualMachineStorageMigrationStatus defines the observed state of VirtualMachineStorageMigration", + "properties": { + "cancelledMigrations": { + "description": "The cancelled migrations.", + "items": { + "type": "string" + }, + "type": "array" + }, + "completedMigrations": { + "description": "The completed migrations.", + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "errors": { + "description": "The errors occurred during the migration.", + "items": { + "type": "string" + }, + "type": "array" + }, + "phase": { + "description": "The current phase of the migration.", + "type": "string" + }, + "runningMigrations": { + "description": "The running migrations.", + "items": { + "description": "RunningVirtualMachineMigration has the name of the VirtualMachine and the progress of the migration.", + "properties": { + "name": { + "description": "The name of the VirtualMachine.", + "type": "string" + }, + "progress": { + "description": "The progress of the migration.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "VirtualMachineStorageMigration", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/VirtualMachineStorageMigrationList": { + "description": "VirtualMachineStorageMigrationList is a list of VirtualMachineStorageMigration", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of virtualmachinestoragemigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.VirtualMachineStorageMigration" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "VirtualMachineStorageMigrationList", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/VirtualMachineStorageMigrationPlan": { + "description": "VirtualMachineStorageMigrationPlan is the Schema for the virtualmachinestoragemigrationplans API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "VirtualMachineStorageMigrationPlanSpec defines the desired state of VirtualMachineStorageMigrationPlan", + "properties": { + "retentionPolicy": { + "default": "keepSource", + "description": "RetentionPolicy indicates whether to keep or delete the source DataVolume/PVC after each VM migration completes.\nWhen \"keepSource\" (default), the source is preserved. When \"deleteSource\", the source DataVolume is deleted\nif it exists, otherwise the source PVC is deleted.", + "enum": [ + "keepSource", + "deleteSource" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy value cannot be changed once set", + "rule": "self == oldSelf" + } + ] + }, + "virtualMachines": { + "description": "The virtual machines to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanVirtualMachine defines the VirtualMachine to migrate and the PVCs to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, - "type": "string" - }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" } }, - "required": [ - "codingChunks", - "dataChunks" - ], "type": "object" }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "virtualMachines" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "retentionPolicy cannot be removed once set", + "rule": "!has(oldSelf.retentionPolicy) || has(self.retentionPolicy)" + } + ] + }, + "status": { + "description": "VirtualMachineStorageMigrationPlanStatus defines the observed state of VirtualMachineStorageMigrationPlan", + "properties": { + "completedMigrations": { + "description": "The migrations that have been completed.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", "type": "string" }, - "mirroring": { - "description": "The mirroring settings", + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", - "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", - "type": "string" - } + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", - "minLength": 1, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], "type": "object" }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", - "type": "string" - }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "disabled": { - "type": "boolean" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "timeout": { + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, "type": "object" } }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" } }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], "type": "object" }, - "metadataPoolSpec": { - "description": "MetadataPoolSpec specifies the pool specification for the default cephFS metadata pool", + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, - "type": "string" - }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" } }, - "required": [ - "codingChunks", - "dataChunks" - ], "type": "object" }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "completedOutOf": { + "description": "The number of virtual machines that have been completed out of the total number of virtual machines.", + "type": "string" + }, + "conditions": { + "items": { + "description": "Condition\nType - The condition type.\nStatus - The condition status.\nReason - The reason for the condition.\nMessage - The human readable description of the condition.\nDurable - The condition is not un-staged.\nItems - A list of `items` associated with the condition used to replace [] in `Message`.\nstaging - A condition has been explicitly set/updated.", + "properties": { + "category": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "category", + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "failedMigrations": { + "description": "The migrations that have failed.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", "type": "string" }, - "mirroring": { - "description": "The mirroring settings", + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", - "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", - "type": "string" - } + "required": [ + "kind", + "name" + ], + "type": "object" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", - "minLength": 1, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], "type": "object" }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", - "type": "string" - }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "disabled": { - "type": "boolean" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "timeout": { + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, "type": "object" } }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" } }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], "type": "object" }, - "reconcileStrategy": { - "type": "string" - }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for cephfs", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "cephNonResilientPools": { - "description": "ManageCephNonResilientPools defines how to reconcile ceph non-resilient pools", - "properties": { - "count": { - "description": "Count is the number of devices in this set", - "minimum": 1, - "type": "integer" - }, - "enable": { - "type": "boolean" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on the non-resilient cephBlockPools", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "resources": { - "description": "ResourceRequirements (requests/limits) for the devices", + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "destinationPVC": { + "description": "The destination PVC to migrate to.", + "properties": { + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } + "type": "array" }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" + }, + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" + } }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" } }, + "required": [ + "destinationPVC", + "volumeName" + ], "type": "object" }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for ceph non-resilient pools", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "volumeClaimTemplate": { - "description": "VolumeClaimTemplates is a PVC template for the underlying storage devices", + "type": "array" + } + }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "inProgressMigrations": { + "description": "InProgress migrations are migrations that are in progress.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "name": { + "description": "The name of the source PVC.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "namespace": { + "description": "The namespace of the source PVC.", "type": "string" }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "sourcePVC": { + "description": "The source PVC.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "namespace": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "kind": { - "description": "Kind is the type of resource being referenced", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", "type": "string" }, - "name": { - "description": "Name is the name of resource being referenced", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "kind", - "name" - ], "type": "object" }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "limits": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { "additionalProperties": { "anyOf": [ { @@ -231007,10 +147868,10 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, - "requests": { + "capacity": { "additionalProperties": { "anyOf": [ { @@ -231023,1069 +147884,1849 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "capacity represents the actual resources of the underlying volume.", "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" } }, "required": [ - "key", - "operator" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "status" + ], "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" + "type": "object" } }, "type": "object" }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" + } + }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "string" }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" + "type": "array" }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", - "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" - }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", "type": "string" }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" } }, + "required": [ + "destinationPVC", + "volumeName" + ], "type": "object" - } - }, - "type": "object" + }, + "type": "array" + } }, - "cephObjectStoreUsers": { - "description": "ManageCephObjectStoreUsers defines how to reconcile CephObjectStoreUsers", - "properties": { - "reconcileStrategy": { - "type": "string" - } + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "invalidMigrations": { + "description": "Invalid migrations are migrations that are invalid and cannot be started.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" }, - "type": "object" - }, - "cephObjectStores": { - "description": "ManageCephObjectStores defines how to reconcile CephObjectStores", - "properties": { - "dataPoolSpec": { - "description": "DataPoolSpec specifies the pool specification for the default cephObjectStore data pool", + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, + "name": { + "description": "The name of the source PVC.", "type": "string" }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, + "namespace": { + "description": "The namespace of the source PVC.", "type": "string" }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", + "sourcePVC": { + "description": "The source PVC.", "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" - }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "codingChunks", - "dataChunks" - ], - "type": "object" - }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", - "type": "string" - }, - "mirroring": { - "description": "The mirroring settings", - "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" - }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", - "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", - "type": "string" - } + "required": [ + "kind", + "name" + ], + "type": "object" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", - "minLength": 1, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], "type": "object" }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", - "type": "string" - }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "disabled": { - "type": "boolean" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "timeout": { + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, "type": "object" } }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" } }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], "type": "object" }, - "disableRoute": { - "type": "boolean" - }, - "gatewayInstances": { - "type": "integer" - }, - "hostNetwork": { - "type": "boolean" - }, - "metadataPoolSpec": { - "description": "MetadataPoolSpec specifies the pool specification for the default cephObjectStore metadata pool", + "type": "array" + }, + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", "properties": { - "application": { - "description": "The application name to set on the pool. Only expected to be set for rgw pools.", - "type": "string" - }, - "compressionMode": { - "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", - "enum": [ - "none", - "passive", - "aggressive", - "force", - "" - ], - "nullable": true, - "type": "string" - }, - "crushRoot": { - "description": "The root of the crush hierarchy utilized by the pool", - "nullable": true, - "type": "string" - }, - "deviceClass": { - "description": "The device class the OSD should set to for use in the pool", - "nullable": true, - "type": "string" - }, - "enableCrushUpdates": { - "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", - "type": "boolean" - }, - "enableRBDStats": { - "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", - "type": "boolean" - }, - "erasureCoded": { - "description": "The erasure code settings", + "destinationPVC": { + "description": "The destination PVC to migrate to.", "properties": { - "algorithm": { - "description": "The algorithm for erasure coding", + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, - "codingChunks": { - "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", - "minimum": 0, - "type": "integer" + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" }, - "dataChunks": { - "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", - "minimum": 0, - "type": "integer" + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" } }, - "required": [ - "codingChunks", - "dataChunks" - ], "type": "object" }, - "failureDomain": { - "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" + }, + "type": "array" + }, + "readyMigrations": { + "description": "Ready migrations are migrations that are ready to be started.", + "items": { + "description": "VirtualMachineStorageMigrationPlanStatusVirtualMachine defines the status of the VirtualMachine to migrate.", + "properties": { + "name": { + "description": "The name of the virtual machine to migrate.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "sourcePVCs": { + "description": "A list of source PVCs currently used by the VirtualMachine.", + "items": { + "description": "VirtualMachineStorageMigrationPlanSourcePVC defines the source PVC used by the VirtualMachine.", + "properties": { + "name": { + "description": "The name of the source PVC.", "type": "string" }, - "mirroring": { - "description": "The mirroring settings", + "namespace": { + "description": "The namespace of the source PVC.", + "type": "string" + }, + "sourcePVC": { + "description": "The source PVC.", "properties": { - "enabled": { - "description": "Enabled whether this pool is mirrored or not", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mode": { - "description": "Mode is the mirroring mode: pool, image or init-only.", - "enum": [ - "pool", - "image", - "init-only" - ], + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "peers": { - "description": "Peers represents the peers spec", - "nullable": true, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "secretNames": { - "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "snapshotSchedules": { - "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", - "items": { - "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", - "properties": { - "interval": { - "description": "Interval represent the periodicity of the snapshot.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "path": { - "description": "Path is the path to snapshot, only valid for CephFS", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "startTime": { - "description": "StartTime indicates when to start the snapshot", - "type": "string" - } + "required": [ + "kind", + "name" + ], + "type": "object" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a list of properties to enable on a given pool", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "quotas": { - "description": "The quota settings", - "nullable": true, - "properties": { - "maxBytes": { - "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", - "format": "int64", - "type": "integer" - }, - "maxObjects": { - "description": "MaxObjects represents the quota in objects", - "format": "int64", - "type": "integer" - }, - "maxSize": { - "description": "MaxSize represents the quota in bytes as a string", - "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", - "type": "string" - } - }, - "type": "object" - }, - "replicated": { - "description": "The replication settings", - "properties": { - "hybridStorage": { - "description": "HybridStorage represents hybrid storage tier settings", - "nullable": true, - "properties": { - "primaryDeviceClass": { - "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", - "minLength": 1, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string or nil value indicates that no\nVolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,\nthis field can be reset to its previous value (including nil) to cancel the modification.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", "type": "string" }, - "secondaryDeviceClass": { - "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", - "minLength": 1, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "primaryDeviceClass", - "secondaryDeviceClass" - ], "type": "object" }, - "replicasPerFailureDomain": { - "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", - "minimum": 1, - "type": "integer" - }, - "requireSafeReplicaSize": { - "description": "RequireSafeReplicaSize if false allows you to set replica 1", - "type": "boolean" - }, - "size": { - "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", - "minimum": 0, - "type": "integer" - }, - "subFailureDomain": { - "description": "SubFailureDomain the name of the sub-failure domain", - "type": "string" - }, - "targetSizeRatio": { - "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", - "minimum": 0, - "type": "number" - } - }, - "required": [ - "size" - ], - "type": "object" - }, - "statusCheck": { - "description": "The mirroring statusCheck", - "properties": { - "mirror": { - "description": "HealthCheckSpec represents the health check of an object store bucket", - "nullable": true, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "disabled": { - "type": "boolean" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "interval": { - "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", "type": "string" }, - "timeout": { + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, "type": "object" } }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine.", + "type": "string" } }, + "required": [ + "name", + "namespace", + "sourcePVC", + "volumeName" + ], "type": "object" }, - "reconcileStrategy": { - "type": "string" - }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for ceph obc's", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "cephRBDMirror": { - "description": "ManageCephRBDMirror defines how to reconcile Ceph RBDMirror", - "properties": { - "daemonCount": { - "minimum": 1, - "type": "integer" + "targetMigrationPVCs": { + "description": "A list of PVCs associated with the VirtualMachine to migrate.", + "items": { + "description": "VirtualMachineStorageMigrationPlanTargetMigrationPVC defines the PVC to migrate to.", + "properties": { + "destinationPVC": { + "description": "The destination PVC to migrate to.", + "properties": { + "accessModes": { + "description": "The access modes to use for the PVC, if set to Auto, the access mode will be looked up from the storage class storage profile.", + "items": { + "description": "The access mode of the source PVC. If set to Auto, the access mode will be looked up from the storage class storage profile.", + "enum": [ + "ReadWriteOnce", + "ReadOnlyMany", + "ReadWriteMany", + "Auto" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the destination PVC. If not provided, the PVC will be named after the source PVC with a \"-mig-xxxx\" suffix.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "storageClassName": { + "description": "The target storage class to use for the PVC. If not provided, the PVC will use the default storage class.", + "type": "string" + }, + "volumeMode": { + "description": "The volume mode to use for the PVC, if set to Auto, the volume mode will be looked up from the storage class storage profile. If empty, it will be set to filesystem.", + "enum": [ + "Filesystem", + "Block", + "Auto" + ], + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "description": "The name of the volume in the VirtualMachine to migrate.", + "type": "string" + } + }, + "required": [ + "destinationPVC", + "volumeName" + ], + "type": "object" }, - "reconcileStrategy": { - "type": "string" - } - }, - "type": "object" + "type": "array" + } }, - "cephToolbox": { - "description": "ManageCephToolbox defines how to reconcile Ceph toolbox", - "properties": { - "reconcileStrategy": { - "type": "string" - } - }, - "type": "object" - } + "required": [ + "name", + "sourcePVCs", + "targetMigrationPVCs" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "mirroring": { - "description": "Mirroring specifies data mirroring configuration for the storage cluster.\nThis configuration will only be applied to resources managed by the operator.", - "properties": { - "enabled": { - "description": "If true, data mirroring is enabled for the StorageCluster.\nThis configuration will only be applied to resources (such as CephBlockPool)\nmanaged by the operator.\nIt is optional and defaults to false.", - "type": "boolean" - }, - "peerSecretNames": { - "description": "PeerSecretNames represents the Kubernetes Secret names of rbd-mirror peers tokens", - "items": { + "suffix": { + "description": "The suffix to automatically append to the source PVC name. If the target name is not provided. This will replace the suffix \"-new\" or \"-mig-xxxx\" if present on the source PVC name.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "VirtualMachineStorageMigrationPlan", + "version": "v1alpha1" + } + ] + }, + "migrations.kubevirt.io/v1alpha1/VirtualMachineStorageMigrationPlanList": { + "description": "VirtualMachineStorageMigrationPlanList is a list of VirtualMachineStorageMigrationPlan", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of virtualmachinestoragemigrationplans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.migrations.v1alpha1.VirtualMachineStorageMigrationPlan" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "migrations.kubevirt.io", + "kind": "VirtualMachineStorageMigrationPlanList", + "version": "v1alpha1" + } + ] + }, + "monitoring.coreos.com/v1/Alertmanager": { + "description": "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the Alertmanager cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the 'Alertmanager' container.\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nAlertmanager container which may cause issues if they are invalid or not supported\nby the given Alertmanager version.", + "items": { + "description": "Argument as part of the AdditionalArgs list.", + "properties": { + "name": { + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "minLength": 1, "type": "string" }, - "type": "array" - } + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "monDataDirHostPath": { - "type": "string" + "additionalPeers": { + "description": "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.", + "items": { + "type": "string" + }, + "type": "array" }, - "monPVCTemplate": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "affinity": { + "description": "If specified, the pod's scheduling constraints.", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "type": "string" + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "kind", - "name" + "nodeSelectorTerms" ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } + }, + "required": [ + "topologyKey" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", "type": "integer" - }, - { - "type": "string" } + }, + "required": [ + "podAffinityTerm", + "weight" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "status", - "type" + "topologyKey" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -232093,3880 +149734,2512 @@ }, "type": "object" }, - "monitoring": { - "description": "Monitoring controls the configuration of resources for exposing OCS metrics", - "properties": { - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Labels to add to monitoring resources created by operator.\nThese labels are used as LabelSelector for Prometheus", - "type": "object" - }, - "reconcileStrategy": { - "type": "string" - } - }, - "type": "object" - }, - "multiCloudGateway": { - "description": "MultiCloudGatewaySpec defines specific multi-cloud gateway configuration options", + "alertmanagerConfigMatcherStrategy": { + "description": "AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects\nprocess incoming alerts.", "properties": { - "dbStorageClassName": { - "description": "DbStorageClassName specifies the default storage class\nfor nooba-db pods", - "type": "string" - }, - "denyHTTP": { - "description": "DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS)", - "type": "boolean" - }, - "disableLoadBalancerService": { - "description": "DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer", - "nullable": true, - "type": "boolean" - }, - "disableRoutes": { - "description": "DisableRoutes (optional) disables the reconciliation of openshift route resources in the cluster", - "nullable": true, - "type": "boolean" - }, - "endpoints": { - "description": "Endpoints (optional) sets configuration info for the noobaa endpoint\ndeployment.", - "properties": { - "additionalVirtualHosts": { - "description": "AdditionalVirtualHosts (optional) provide a list of additional hostnames\n(on top of the builtin names defined by the cluster: service name, elb name, route name)\nto be used as virtual hosts by the the endpoints in the endpoint deployment", - "items": { - "type": "string" - }, - "type": "array" - }, - "maxCount": { - "description": "MaxCount, the number of endpoint instances (pods)\nto be used as the upper bound when autoscaling", - "format": "int32", - "type": "integer" - }, - "minCount": { - "description": "MinCount, the number of endpoint instances (pods)\nto be used as the lower bound when autoscaling", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources (optional) overrides the default resource requirements for every endpoint pod", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "externalPgConfig": { - "description": "Allows Noobaa to connect to an external Postgres server", - "properties": { - "allowSelfSignedCerts": { - "description": "AllowSelfSignedCerts will allow the Postgres server to use self signed certificates to authenticate", - "type": "boolean" - }, - "enableTls": { - "description": "EnableTLS will allow the postgres server to connect via TLS/SSL", - "type": "boolean" - }, - "pgSecretName": { - "description": "PGSecret stores the secret name which contains connection string of the Postgres server", - "type": "string" - }, - "tlsSecretName": { - "description": "TLSSecret stores the secret name which contains the client side certificates if enabled", - "type": "string" - } - }, - "type": "object" - }, - "reconcileStrategy": { - "description": "ReconcileStrategy specifies whether to reconcile NooBaa CRs. Valid\nvalues are \"manage\", \"standalone\", \"ignore\" (same as \"standalone\"),\nand \"\" (same as \"manage\").", + "type": { + "default": "OnNamespace", + "description": "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\nThe default value is `OnNamespace`.", + "enum": [ + "OnNamespace", + "OnNamespaceExceptForAlertmanagerNamespace", + "None" + ], "type": "string" } }, "type": "object" }, - "network": { - "description": "Network represents cluster network settings", + "alertmanagerConfigNamespaceSelector": { + "description": "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only\ncheck own namespace.", "properties": { - "addressRanges": { - "description": "AddressRanges specify a list of CIDRs that Rook will apply to Ceph's 'public_network' and/or\n'cluster_network' configurations. This config section may be used for the \"host\" or \"multus\"\nnetwork providers.", - "nullable": true, - "properties": { - "cluster": { - "description": "Cluster defines a list of CIDRs to use for Ceph cluster network communication.", - "items": { - "description": "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code.", - "pattern": "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array" - }, - "public": { - "description": "Public defines a list of CIDRs to use for Ceph public network communication.", - "items": { - "description": "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code.", - "pattern": "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "connections": { - "description": "Settings for network connections such as compression and encryption across the\nwire.", - "nullable": true, - "properties": { - "compression": { - "description": "Compression settings for the network connections.", - "nullable": true, - "properties": { - "enabled": { - "description": "Whether to compress the data in transit across the wire.\nThe default is not set.", - "type": "boolean" - } - }, - "type": "object" - }, - "encryption": { - "description": "Encryption settings for the network connections.", - "nullable": true, - "properties": { - "enabled": { - "description": "Whether to encrypt the data in transit across the wire to prevent eavesdropping\nthe data on the network. The default is not set. Even if encryption is not enabled,\nclients still establish a strong initial authentication for the connection\nand data integrity is still validated with a crc check. When encryption is enabled,\nall communication between clients and Ceph daemons, or between Ceph daemons will\nbe encrypted.", - "type": "boolean" - } - }, - "type": "object" - }, - "requireMsgr2": { - "description": "Whether to require msgr2 (port 3300) even if compression or encryption are not enabled.\nIf true, the msgr1 port (6789) will be disabled.\nRequires a kernel that supports msgr2 (kernel 5.11 or CentOS 8.4 or newer).", - "type": "boolean" - } - }, - "type": "object" - }, - "dualStack": { - "description": "DualStack determines whether Ceph daemons should listen on both IPv4 and IPv6", - "type": "boolean" - }, - "hostNetwork": { - "description": "HostNetwork to enable host network.\nIf host networking is enabled or disabled on a running cluster, then the operator will automatically fail over all the mons to\napply the new network settings.", - "type": "boolean" - }, - "ipFamily": { - "description": "IPFamily is the single stack IPv6 or IPv4 protocol", - "enum": [ - "IPv4", - "IPv6" - ], - "nullable": true, - "type": "string" - }, - "multiClusterService": { - "description": "Enable multiClusterService to export the Services between peer clusters", - "properties": { - "clusterID": { - "description": "ClusterID uniquely identifies a cluster. It is used as a prefix to nslookup exported\nservices. For example: ...svc.clusterset.local", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "enabled": { - "description": "Enable multiClusterService to export the mon and OSD services to peer cluster.\nEnsure that peer clusters are connected using an MCS API compatible application,\nlike Globalnet Submariner.", - "type": "boolean" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" - }, - "provider": { - "description": "Provider is what provides network connectivity to the cluster e.g. \"host\" or \"multus\".\nIf the Provider is updated from being empty to \"host\" on a running cluster, then the operator will automatically fail over all the mons to apply the \"host\" network settings.", - "enum": [ - "", - "host", - "multus" - ], - "nullable": true, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "network provider must be disabled (reverted to empty string) before a new provider is enabled", - "rule": "self == '' || oldSelf == '' || self == oldSelf" - } - ] + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "selectors": { + "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster\nnetworks when the \"multus\" network provider is used. This config section is not used for\nother network providers.\n\nValid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more:\nhttps://docs.ceph.com/en/latest/rados/configuration/network-config-ref/\n\nRefer to Multus network annotation documentation for help selecting values:\nhttps://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\n\nRook will make a best-effort attempt to automatically detect CIDR address ranges for given\nnetwork attachment definitions. Rook's methods are robust but may be imprecise for\nsufficiently complicated networks. Rook's auto-detection process obtains a new IP address\nlease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only\npartially detects, or if underlying networks do not support reusing old IP addresses, it is\nbest to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster.\n\nAs a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client\ntraffic and a theoretical Rook-only network for Ceph replication traffic as shown:\n selectors:\n public: \"default/cluster-fast-net\"\n cluster: \"rook-ceph/ceph-backend-net\"", - "nullable": true, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", - "x-kubernetes-validations": [ - { - "message": "at least one network selector must be specified when using multus", - "rule": "!has(self.provider) || (self.provider != 'multus' || (self.provider == 'multus' && size(self.selectors) > 0))" - }, - { - "message": "the legacy hostNetwork setting can only be set if the network.provider is set to the empty string", - "rule": "!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) || self.provider == \"\"" - } - ] - }, - "nfs": { - "description": "NFSSpec defines specific nfs configuration options", - "properties": { - "enable": { - "description": "Enable specifies whether to enable NFS.", - "type": "boolean" - }, - "logLevel": { - "description": "LogLevel set logging level\nLog levels: NIV_NULL | NIV_FATAL | NIV_MAJ | NIV_CRIT | NIV_WARN | NIV_EVENT | NIV_INFO | NIV_DEBUG | NIV_MID_DEBUG | NIV_FULL_DEBUG | NB_LOG_LEVEL", - "type": "string" - }, - "reconcileStrategy": { - "type": "string" - }, - "storageClassName": { - "description": "StorageClassName specifies the name of the storage class created for NFS", - "maxLength": 253, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - } - }, - "type": "object" + "x-kubernetes-map-type": "atomic" }, - "nodeTopologies": { - "description": "NodeTopologies specifies the nodes available for the storage cluster,\npreferred failure domain and location for the arbiter resources. This is\noptional for non-arbiter clusters. For arbiter clusters, the\narbiterLocation is required; failure domain and the node labels are\noptional. When the failure domain and the node labels are missing, the\nocs-operator makes a best effort to determine them automatically.", + "alertmanagerConfigSelector": { + "description": "AlertmanagerConfigs to be selected for to merge and configure Alertmanager with.", "properties": { - "arbiterLocation": { - "description": "ArbiterLocation is the chosen location in the failure domain for placing the arbiter resources.\nWhen the failure domain is not provided as an input, ocs-operator determines the failure domain.", - "type": "string" - }, - "labels": { - "additionalProperties": { - "description": "TopologyLabelValues is a list of values for a topology label", - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Labels is a map of topology label keys\n(e.g. \"topology.kubernetes.io/zone\") to a set of values for those\nkeys.", - "nullable": true, - "type": "object" - } - }, - "type": "object" - }, - "overprovisionControl": { - "description": "OverprovisionControl specifies the allowed hard-limit PVs overprovisioning relative to\nthe effective usable storage capacity.", - "items": { - "description": "OverprovisionControlSpec defines the allowed overprovisioning PVC consumption from the underlying cluster.\nThis may be an absolute value or as a percentage of the overall effective capacity.\nOne, and only one of those two (Capacity and Percentage) may be defined.", - "properties": { - "capacity": { - "anyOf": [ - { - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "quotaName": { - "type": "string" - }, - "selector": { - "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector\nmust present. If only one is present, it is the only selection criteria. If both are specified,\nthe project must match both restrictions.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "AnnotationSelector is used to select projects by annotation.", - "nullable": true, - "type": "object" }, - "labels": { - "description": "LabelSelector is used to select projects by label.", - "nullable": true, - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "storageClassName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "placement": { - "additionalProperties": { - "description": "Placement is the placement for an object", - "properties": { - "nodeAffinity": { - "description": "NodeAffinity is a group of node affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "podAffinity": { - "description": "PodAffinity is a group of inter pod affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "alertmanagerConfiguration": { + "description": "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\nIf defined, it takes precedence over the `configSecret` field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "properties": { + "global": { + "description": "Defines the global parameters of the Alertmanager configuration.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "topologyKey" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" } }, - "required": [ - "podAffinityTerm", - "weight" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the Alertmanager\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "topologyKey" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key to select.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" } }, - "required": [ - "topologyKey" - ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + "endpointParams": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "array" }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "object", "x-kubernetes-map-type": "atomic" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "tolerations": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "description": "Placement is optional and used to specify placements of OCS components explicitly", - "type": "object" - }, - "providerAPIServerServiceType": { - "description": "ProviderAPIServerServiceType Indicates the ServiceType for OCS Provider API Server Service.\nThe default ServiceType is derived from hostNetwork field.", - "enum": [ - "ClusterIP", - "NodePort", - "LoadBalancer" - ], - "type": "string" - }, - "resourceProfile": { - "description": "Resource Profile can be used to choose from a set of predefined resource profiles for the ceph daemons.\nWe have 3 profiles\nlean: suitable for clusters with limited resources,\nbalanced: suitable for most use cases,\nperformance: suitable for clusters with high amount of resources.", - "enum": [ - "lean", - "Lean", - "balanced", - "Balanced", - "performance", - "Performance" - ], - "type": "string" - }, - "resources": { - "additionalProperties": { - "description": "ResourceRequirements describes the compute resource requirements.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "description": "Resources follows the conventions of and is mapped to CephCluster.Spec.Resources", - "type": "object" - }, - "storageDeviceSets": { - "items": { - "description": "StorageDeviceSet defines a set of storage devices.\nIt configures the StorageClassDeviceSets field in Rook-Ceph.", - "properties": { - "config": { - "description": "StorageDeviceSetConfig defines Ceph OSD specific config options for the StorageDeviceSet", - "properties": { - "tuneFastDeviceClass": { - "description": "TuneFastDeviceClass tunes the OSD when running on a fast Device Class", - "type": "boolean" - }, - "tuneSlowDeviceClass": { - "description": "TuneSlowDeviceClass tunes the OSD when running on a slow Device Class", - "type": "boolean" - } - }, - "type": "object" - }, - "count": { - "description": "Count is the number of devices in each StorageClassDeviceSet", - "minimum": 1, - "type": "integer" - }, - "dataPVCTemplate": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + "type": "array" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "status", - "type" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "deviceClass": { - "description": "DeviceClass is an optional, fine-grained property of DeviceType.\nIf non empty, it defines the 'crushDeviceClass' value as used by ceph's\nCRUSH map. If empty, then operator will set 'crushDeviceClass' to SSD and\n'TuneFastDeviceClass' to true", - "type": "string" - }, - "deviceType": { - "description": "DeviceType is the value of device type in\nthis StorageDeviceSet. It can have one of the\nthree values (SSD, HDD, NVMe)", - "enum": [ - "SSD", - "ssd", - "HDD", - "hdd", - "NVMe", - "NVME", - "nvme" - ], - "type": "string" - }, - "encrypted": { - "description": "Whether to encrypt the deviceSet or not", - "type": "boolean" - }, - "initialWeight": { - "description": "InitialWeight is an optional explicit OSD weight value in TiB units.\nIf non empty, it defines the 'CrushInitialWeight' value which is\nassigned to ceph OSD upon init", - "pattern": "^([0-9]*[.])?[0-9]+(Ti[B])$", - "type": "string" - }, - "metadataPVCTemplate": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key to select.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" - }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", - "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "status", - "type" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "type": "string" + "type": "object" + } + }, + "type": "object" + }, + "jira": { + "description": "The default configuration for Jira.", + "properties": { + "apiURL": { + "description": "The default Jira API URL.\n\nIt requires Alertmanager >= v0.28.0.", + "pattern": "^(http|https)://.+$", + "type": "string" + } + }, + "type": "object" + }, + "opsGenieApiKey": { + "description": "The default OpsGenie API Key.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "opsGenieApiUrl": { + "description": "The default OpsGenie API URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pagerdutyUrl": { + "description": "The default Pagerduty URL.", + "type": "string" + }, + "resolveTimeout": { + "description": "ResolveTimeout is the default value used by alertmanager if the alert does\nnot include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated.\nThis has no impact on alerts from Prometheus, as they always include EndsAt.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "rocketChat": { + "description": "The default configuration for Rocket Chat.", + "properties": { + "apiURL": { + "description": "The default Rocket Chat API URL.\n\nIt requires Alertmanager >= v0.28.0.", + "pattern": "^(http|https)://.+$", + "type": "string" + }, + "token": { + "description": "The default Rocket Chat token.\n\nIt requires Alertmanager >= v0.28.0.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" - }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tokenID": { + "description": "The default Rocket Chat Token ID.\n\nIt requires Alertmanager >= v0.28.0.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "status" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "slackApiUrl": { + "description": "The default Slack API URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "placement": { - "description": "Placement is the placement for an object", - "properties": { - "nodeAffinity": { - "description": "NodeAffinity is a group of node affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "smtp": { + "description": "Configures global SMTP parameters.", + "properties": { + "authIdentity": { + "description": "SMTP Auth using PLAIN", + "type": "string" + }, + "authPassword": { + "description": "SMTP Auth using LOGIN and PLAIN.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authSecret": { + "description": "SMTP Auth using CRAM-MD5.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authUsername": { + "description": "SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server.", + "type": "string" + }, + "from": { + "description": "The default SMTP From header field.", + "type": "string" + }, + "hello": { + "description": "The default hostname to identify to the SMTP server.", + "type": "string" + }, + "requireTLS": { + "description": "The default SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "smartHost": { + "description": "The default SMTP smarthost used for sending emails.", + "properties": { + "host": { + "description": "Defines the host's address, it can be a DNS name or a literal IP address.", + "minLength": 1, + "type": "string" + }, + "port": { + "description": "Defines the host's port, it can be a literal port number or a port name.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "host", + "port" + ], + "type": "object" + }, + "tlsConfig": { + "description": "The default TLS configuration for SMTP receivers", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "PodAffinity is a group of inter pod affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "topologyKey" + "key" ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "podAffinityTerm", - "weight" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key to select.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "telegram": { + "description": "The default Telegram config", + "properties": { + "apiURL": { + "description": "The default Telegram API URL.\n\nIt requires Alertmanager >= v0.24.0.", + "pattern": "^(http|https)://.+$", + "type": "string" + } + }, + "type": "object" + }, + "victorops": { + "description": "The default configuration for VictorOps.", + "properties": { + "apiKey": { + "description": "The default VictorOps API Key.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiURL": { + "description": "The default VictorOps API URL.", + "pattern": "^(http|https)://.+$", + "type": "string" + } + }, + "type": "object" + }, + "webex": { + "description": "The default configuration for Jira.", + "properties": { + "apiURL": { + "description": "The default Webex API URL.\n\nIt requires Alertmanager >= v0.25.0.", + "pattern": "^(http|https)://.+$", + "type": "string" + } + }, + "type": "object" + }, + "wechat": { + "description": "The default WeChat Config", + "properties": { + "apiCorpID": { + "description": "The default WeChat API Corporate ID.", + "minLength": 1, + "type": "string" + }, + "apiSecret": { + "description": "The default WeChat API Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiURL": { + "description": "The default WeChat API URL.\nThe default value is \"https://qyapi.weixin.qq.com/cgi-bin/\"", + "pattern": "^(http|https)://.+$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "description": "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration.\nIt must be defined in the same namespace as the Alertmanager object.\nThe operator will not enforce a `namespace` label for routes and inhibition rules.", + "minLength": 1, + "type": "string" + }, + "templates": { + "description": "Custom notification templates.", + "items": { + "description": "SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.", + "type": "boolean" + }, + "baseImage": { + "description": "Base image that is used to deploy pods, without tag.\nDeprecated: use 'image' instead.", + "type": "string" + }, + "clusterAdvertiseAddress": { + "description": "ClusterAdvertiseAddress is the explicit address to advertise in cluster.\nNeeds to be provided for non RFC1918 [1] (public) addresses.\n[1] RFC1918: https://tools.ietf.org/html/rfc1918", + "type": "string" + }, + "clusterGossipInterval": { + "description": "Interval between gossip attempts.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterLabel": { + "description": "Defines the identifier that uniquely identifies the Alertmanager cluster.\nYou should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field.", + "type": "string" + }, + "clusterPeerTimeout": { + "description": "Timeout for cluster peering.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterPushpullInterval": { + "description": "Interval between pushpull attempts.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterTLS": { + "description": "Configures the mutual TLS configuration for the Alertmanager cluster's gossip protocol.\n\nIt requires Alertmanager >= 0.24.0.", + "properties": { + "client": { + "description": "Client-side configuration for mutual TLS.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "server": { + "description": "Server-side configuration for mutual TLS.", + "properties": { + "cert": { + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", + "type": "string" + }, + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", + "type": "string" + }, + "client_ca": { + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "type": "string" + }, + "type": "array" + }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable.", + "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "client", + "server" + ], + "type": "object" + }, + "configMaps": { + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container.", + "items": { + "type": "string" + }, + "type": "array" + }, + "configSecret": { + "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications).", + "type": "string" + }, + "containers": { + "description": "Containers allows injecting additional containers. This is meant to\nallow adding an authentication proxy to an Alertmanager pod.\nContainers described here modify an operator generated container if they\nshare the same name and modifications are done via a strategic merge\npatch. The current container names are: `alertmanager` and\n`config-reloader`. Overriding containers is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "topologyKey" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" } }, "required": [ - "podAffinityTerm", - "weight" + "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "divisor": { + "anyOf": [ + { + "type": "integer" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + { + "type": "string" } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "resource": { + "description": "Required: resource to select", "type": "string" } }, "required": [ - "topologyKey" + "resource" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "tolerations": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - } + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "portable": { - "description": "Portable says whether the OSDs in this device set can move between\nnodes. This is ignored if Placement is not set", - "type": "boolean" + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" }, - "preparePlacement": { - "description": "Placement is the placement for an object", + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { - "nodeAffinity": { - "description": "NodeAffinity is a group of node affinity scheduling rules", + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "PodAffinity is a group of inter pod affinity scheduling rules", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "topologyKey" + "name", + "value" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + { "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "required": [ - "topologyKey" - ], - "type": "object" + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "port" + ], + "type": "object" } }, "type": "object" }, - "podAntiAffinity": { - "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "topologyKey" + "name", + "value" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "topologyKey" + "name", + "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" } }, + "required": [ + "port" + ], "type": "object" }, - "tolerations": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "type": "object" + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } }, - "type": "array" + "required": [ + "port" + ], + "type": "object" }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "value": { + "description": "The header field value", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name", + "value" + ], + "type": "object" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "type": "array" + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, "type": "object" }, - "primaryAffinity": { - "description": "PrimaryAffinity is an optional OSD primary-affinity value within the\nrange [0,1). This value influence the way Ceph's CRUSH selection of\nprimary OSDs. Lower value reduce performance bottlenecks (especially\non read operations). If not set, default value is 1.\nhttps://docs.ceph.com/en/latest/rados/operations/crush-map/#primary-affinity", - "pattern": "^0.[0-9]+$", - "type": "string" - }, - "replica": { - "description": "Replica is the number of StorageClassDeviceSets for this\nStorageDeviceSet", - "minimum": 1, - "type": "integer" + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "resources": { - "description": "ResourceRequirements describes the compute resource requirements.", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", @@ -236028,967 +152301,392 @@ }, "type": "object" }, - "topologyKey": { - "description": "TopologyKey is the Kubernetes topology label that the\nStorageClassDeviceSets will be distributed across. Ignored if\nPlacement is set", + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, - "walPVCTemplate": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "type": "object" }, - "status": { - "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "allocatedResourceStatuses": { - "additionalProperties": { - "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", - "type": "string" - }, - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object" + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "type": { - "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "status", - "type" + "name", + "value" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", - "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + { "type": "string" } - }, - "required": [ - "status" ], - "type": "object" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, + "required": [ + "port" + ], "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, "type": "object" - } - }, - "required": [ - "count", - "dataPVCTemplate", - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "StorageClusterStatus defines the observed state of StorageCluster", - "properties": { - "conditions": { - "description": "Conditions describes the state of the StorageCluster resource.", - "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "currentMonCount": { - "description": "CurrentMonCount holds the value of ceph mons configured in ceph cluster.", - "type": "integer" - }, - "defaultCephDeviceClass": { - "description": "DefaultCephDeviceClass holds the default ceph device class to be used for the pools", - "type": "string" - }, - "externalSecretHash": { - "description": "ExternalSecretHash holds the checksum value of external secret data.", - "type": "string" - }, - "failureDomain": { - "description": "FailureDomain is the base CRUSH element Ceph will use to distribute\nits data replicas for the default CephBlockPool", - "type": "string" - }, - "failureDomainKey": { - "description": "FailureDomainKey is the specific key used to find the locations available\nunder a failure domain. For example topology.kubernetes.io/zone", - "type": "string" - }, - "failureDomainValues": { - "description": "FailureDomainValues is the list of locations available for a failure\ndomain under the failure domain key.", - "items": { - "type": "string" - }, - "type": "array" - }, - "images": { - "description": "Images holds the image reconcile status for all images reconciled by the operator", - "properties": { - "ceph": { - "description": "ComponentImageStatus holds image status information for a specific component image", - "properties": { - "actualImage": { - "type": "string" - }, - "desiredImage": { - "type": "string" - } - }, - "type": "object" - }, - "noobaaCore": { - "description": "ComponentImageStatus holds image status information for a specific component image", - "properties": { - "actualImage": { - "type": "string" - }, - "desiredImage": { - "type": "string" - } - }, - "type": "object" - }, - "noobaaDB": { - "description": "ComponentImageStatus holds image status information for a specific component image", - "properties": { - "actualImage": { - "type": "string" - }, - "desiredImage": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "kmsServerConnection": { - "description": "KMSServerConnection holds the connection state to the KMS server.", - "properties": { - "kmsServerAddress": { - "type": "string" - }, - "kmsServerConnectionError": { - "type": "string" - } - }, - "type": "object" - }, - "lastAppliedResourceProfile": { - "description": "LastAppliedResourceProfile is the resource profile that was last applied successfully & is currently in use.", - "type": "string" - }, - "nodeTopologies": { - "description": "NodeTopologies is a list of topology labels on all nodes matching\nthe StorageCluster's placement selector.", - "properties": { - "arbiterLocation": { - "description": "ArbiterLocation is the chosen location in the failure domain for placing the arbiter resources.\nWhen the failure domain is not provided as an input, ocs-operator determines the failure domain.", - "type": "string" - }, - "labels": { - "additionalProperties": { - "description": "TopologyLabelValues is a list of values for a topology label", - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Labels is a map of topology label keys\n(e.g. \"topology.kubernetes.io/zone\") to a set of values for those\nkeys.", - "nullable": true, - "type": "object" - } - }, - "type": "object" - }, - "phase": { - "description": "Phase describes the Phase of StorageCluster\nThis is used by OLM UI to provide status information\nto the user", - "type": "string" - }, - "relatedObjects": { - "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", - "items": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - }, - "storageProviderEndpoint": { - "description": "StorageProviderEndpoint holds endpoint info on Provider cluster which is required\nfor consumer to establish connection with the storage providing cluster.", - "type": "string" - }, - "version": { - "description": "Version specifies the version of StorageCluster", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageCluster", - "version": "v1" - } - ] - }, - "ocs.openshift.io/v1/StorageClusterList": { - "description": "StorageClusterList is a list of StorageCluster", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storageclusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageCluster" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageClusterList", - "version": "v1" - } - ] - }, - "ocs.openshift.io/v1/StorageClusterPeer": { - "description": "StorageClusterPeer is the Schema for the storageclusterpeers API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "StorageClusterPeerSpec defines the desired state of StorageClusterPeer", - "properties": { - "apiEndpoint": { - "description": "ApiEndpoint is the URI of the ODF api server", - "type": "string" - }, - "onboardingToken": { - "description": "OnboardingToken holds an identity information required by the local ODF cluster to onboard.", - "type": "string" - } - }, - "required": [ - "apiEndpoint", - "onboardingToken" - ], - "type": "object" - }, - "status": { - "description": "StorageClusterPeerStatus defines the observed state of StorageClusterPeer", - "properties": { - "peerInfo": { - "properties": { - "storageClusterUid": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "type": "string" - } - }, - "required": [ - "peerInfo" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageClusterPeer", - "version": "v1" - } - ] - }, - "ocs.openshift.io/v1/StorageClusterPeerList": { - "description": "StorageClusterPeerList is a list of StorageClusterPeer", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storageclusterpeers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageClusterPeer" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageClusterPeerList", - "version": "v1" - } - ] - }, - "ocs.openshift.io/v1alpha1/StorageClient": { - "description": "StorageClient is the Schema for the storageclients API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "StorageClientSpec defines the desired state of StorageClient", - "properties": { - "onboardingTicket": { - "description": "OnboardingTicket holds an identity information required for consumer to onboard.", - "type": "string" - }, - "storageProviderEndpoint": { - "description": "StorageProviderEndpoint holds info to establish connection with the storage providing cluster.", - "type": "string" - } - }, - "required": [ - "onboardingTicket", - "storageProviderEndpoint" - ], - "type": "object" - }, - "status": { - "description": "StorageClientStatus defines the observed state of StorageClient", - "properties": { - "id": { - "description": "ConsumerID will hold the identity of this cluster inside the attached provider cluster", - "type": "string" - }, - "inMaintenanceMode": { - "type": "boolean" - }, - "phase": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageClient", - "version": "v1alpha1" - } - ] - }, - "ocs.openshift.io/v1alpha1/StorageClientList": { - "description": "StorageClientList is a list of StorageClient", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storageclients. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1alpha1.StorageClient" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageClientList", - "version": "v1alpha1" - } - ] - }, - "ocs.openshift.io/v1alpha1/StorageConsumer": { - "description": "StorageConsumer is the Schema for the storageconsumers API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "StorageConsumerSpec defines the desired state of StorageConsumer", - "properties": { - "enable": { - "description": "Enable flag ignores a reconcile if set to false", - "type": "boolean" - }, - "resourceNameMappingConfigMap": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClasses": { - "items": { - "properties": { - "aliases": { - "items": { - "type": "string" - }, - "type": "array" }, - "name": { - "type": "string" + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" }, - "rename": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "storageQuotaInGiB": { - "description": "StorageQuotaInGiB describes quota for the consumer", - "type": "integer" - }, - "volumeGroupReplicationClasses": { - "items": { - "properties": { - "aliases": { - "items": { - "type": "string" - }, - "type": "array" + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" }, - "name": { + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, - "rename": { + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumeGroupSnapshotClasses": { - "items": { - "properties": { - "aliases": { - "items": { - "type": "string" - }, - "type": "array" }, - "name": { - "type": "string" + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" }, - "rename": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumeReplicationClasses": { - "items": { - "properties": { - "aliases": { + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "items": { - "type": "string" + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" }, - "type": "array" - }, - "name": { - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, - "rename": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumeSnapshotClasses": { - "items": { - "properties": { - "aliases": { + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { - "type": "string" + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" }, - "type": "array" - }, - "name": { - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, - "rename": { + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -236998,980 +152696,406 @@ "type": "object" }, "type": "array" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "storageQuotaInGiB cannot be decreased unless setting to 0", - "rule": "!(has(self.storageQuotaInGiB) && has(oldSelf.storageQuotaInGiB) && self.storageQuotaInGiB < oldSelf.storageQuotaInGiB && self.storageQuotaInGiB != 0)" - } - ] - }, - "status": { - "description": "StorageConsumerStatus defines the observed state of StorageConsumer", - "properties": { - "cephResources": { - "description": "CephResources provide details of created ceph resources required for external storage", - "items": { - "description": "CephResourcesSpec hold details of created ceph resources required for external storage", - "properties": { - "cephClients": { - "additionalProperties": { - "type": "string" + }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } }, - "description": "CephClients holds the name of CephClients mapped to the created ceph resource", + "required": [ + "name" + ], "type": "object" }, - "kind": { - "description": "Kind describes the kind of created ceph resource", - "type": "string" - }, - "name": { - "description": "Name describes the name of created ceph resource", + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, "type": "string" }, - "status": { - "description": "Phase describes the phase of created ceph resource", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "client": { - "description": "Information of storage client received from consumer", - "nullable": true, - "properties": { - "clientId": { - "description": "ID is the k8s UID of connected storageclient", - "type": "string" - }, - "clusterId": { - "description": "ClusterID is the id of the openshift cluster", - "type": "string" - }, - "clusterName": { - "description": "ClusterName is the name of the openshift cluster", - "type": "string" - }, - "name": { - "description": "Name is the name of connected storageclient", - "type": "string" - }, - "operatorNamespace": { - "description": "Client Operator Namespace", - "type": "string" - }, - "operatorVersion": { - "description": "StorageClient Operator Version", - "type": "string" - }, - "platformVersion": { - "description": "StorageClient Platform Version", - "type": "string" - }, - "storageQuotaUtilizationRatio": { - "description": "StorageQuotaUtilizationRatio is the ratio of utilized quota of connected client", - "type": "number" + "type": "array", + "x-kubernetes-list-type": "set" } }, "type": "object" }, - "lastHeartbeat": { - "description": "Timestamp of last heartbeat received from consumer", - "format": "date-time", + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], "type": "string" }, - "onboardingTicketSecret": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "enableFeatures": { + "description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0.", + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array" }, - "resourceNameMappingConfigMap": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "enableServiceLinks": { + "description": "Indicates whether information about services should be injected into pod's environment variables", + "type": "boolean" }, - "state": { - "description": "State describes the state of StorageConsumer", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageConsumer", - "version": "v1alpha1" - } - ] - }, - "ocs.openshift.io/v1alpha1/StorageConsumerList": { - "description": "StorageConsumerList is a list of StorageConsumer", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storageconsumers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.ocs.v1alpha1.StorageConsumer" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ocs.openshift.io", - "kind": "StorageConsumerList", - "version": "v1alpha1" - } - ] - }, - "olm.operatorframework.io/v1/ClusterCatalog": { - "description": "ClusterCatalog enables users to make File-Based Catalog (FBC) catalog data available to the cluster.\nFor more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the desired state of the ClusterCatalog.\nspec is required.\nThe controller will work to ensure that the desired\ncatalog is unpacked and served over the catalog content HTTP server.", - "properties": { - "availabilityMode": { - "default": "Available", - "description": "availabilityMode allows users to define how the ClusterCatalog is made available to clients on the cluster.\navailabilityMode is optional.\n\nAllowed values are \"Available\" and \"Unavailable\" and omitted.\n\nWhen omitted, the default value is \"Available\".\n\nWhen set to \"Available\", the catalog contents will be unpacked and served over the catalog content HTTP server.\nSetting the availabilityMode to \"Available\" tells clients that they should consider this ClusterCatalog\nand its contents as usable.\n\nWhen set to \"Unavailable\", the catalog contents will no longer be served over the catalog content HTTP server.\nWhen set to this availabilityMode it should be interpreted the same as the ClusterCatalog not existing.\nSetting the availabilityMode to \"Unavailable\" can be useful in scenarios where a user may not want\nto delete the ClusterCatalog all together, but would still like it to be treated as if it doesn't exist.", - "enum": [ - "Unavailable", - "Available" - ], + "externalUrl": { + "description": "The external URL the Alertmanager instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Alertmanager is not\nserved from root of a DNS name.", "type": "string" }, - "priority": { - "default": 0, - "description": "priority allows the user to define a priority for a ClusterCatalog.\npriority is optional.\n\nA ClusterCatalog's priority is used by clients as a tie-breaker between ClusterCatalogs that meet the client's requirements.\nA higher number means higher priority.\n\nIt is up to clients to decide how to handle scenarios where multiple ClusterCatalogs with the same priority meet their requirements.\nWhen deciding how to break the tie in this scenario, it is recommended that clients prompt their users for additional input.\n\nWhen omitted, the default priority is 0 because that is the zero value of integers.\n\nNegative numbers can be used to specify a priority lower than the default.\nPositive numbers can be used to specify a priority higher than the default.\n\nThe lowest possible value is -2147483648.\nThe highest possible value is 2147483647.", - "format": "int32", - "type": "integer" + "forceEnableClusterMode": { + "description": "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.\nUse case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.", + "type": "boolean" }, - "source": { - "description": "source allows a user to define the source of a catalog.\nA \"catalog\" contains information on content that can be installed on a cluster.\nProviding a catalog source makes the contents of the catalog discoverable and usable by\nother on-cluster components.\nThese on-cluster components may do a variety of things with this information, such as\npresenting the content in a GUI dashboard or installing content from the catalog on the cluster.\nThe catalog source must contain catalog metadata in the File-Based Catalog (FBC) format.\nFor more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs.\nsource is a required field.\n\nBelow is a minimal example of a ClusterCatalogSpec that sources a catalog from an image:\n\n source:\n type: Image\n image:\n ref: quay.io/operatorhubio/catalog:latest", - "properties": { - "image": { - "description": "image is used to configure how catalog contents are sourced from an OCI image.\nThis field is required when type is Image, and forbidden otherwise.", - "properties": { - "pollIntervalMinutes": { - "description": "pollIntervalMinutes allows the user to set the interval, in minutes, at which the image source should be polled for new content.\npollIntervalMinutes is optional.\npollIntervalMinutes can not be specified when ref is a digest-based reference.\n\nWhen omitted, the image will not be polled for new content.", - "minimum": 1, - "type": "integer" - }, - "ref": { - "description": "ref allows users to define the reference to a container image containing Catalog contents.\nref is required.\nref can not be more than 1000 characters.\n\nA reference can be broken down into 3 parts - the domain, name, and identifier.\n\nThe domain is typically the registry where an image is located.\nIt must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.\nHyphenation is allowed, but the domain must start and end with alphanumeric characters.\nSpecifying a port to use is also allowed by adding the \":\" character followed by numeric values.\nThe port must be the last value in the domain.\nSome examples of valid domain values are \"registry.mydomain.io\", \"quay.io\", \"my-registry.io:8080\".\n\nThe name is typically the repository in the registry where an image is located.\nIt must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.\nMultiple names can be concatenated with the \"/\" character.\nThe domain and name are combined using the \"/\" character.\nSome examples of valid name values are \"operatorhubio/catalog\", \"catalog\", \"my-catalog.prod\".\nAn example of the domain and name parts of a reference being combined is \"quay.io/operatorhubio/catalog\".\n\nThe identifier is typically the tag or digest for an image reference and is present at the end of the reference.\nIt starts with a separator character used to distinguish the end of the name and beginning of the identifier.\nFor a digest-based reference, the \"@\" character is the separator.\nFor a tag-based reference, the \":\" character is the separator.\nAn identifier is required in the reference.\n\nDigest-based references must contain an algorithm reference immediately after the \"@\" separator.\nThe algorithm reference must be followed by the \":\" character and an encoded string.\nThe algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.\nSome examples of valid algorithm values are \"sha256\", \"sha256+b64u\", \"multihash+base58\".\nThe encoded string following the algorithm must be hex digits (a-f, A-F, 0-9) and must be a minimum of 32 characters.\n\nTag-based references must begin with a word character (alphanumeric + \"_\") followed by word characters or \".\", and \"-\" characters.\nThe tag must not be longer than 127 characters.\n\nAn example of a valid digest-based image reference is \"quay.io/operatorhubio/catalog@sha256:200d4ddb2a73594b91358fe6397424e975205bfbe44614f5846033cad64b3f05\"\nAn example of a valid tag-based image reference is \"quay.io/operatorhubio/catalog:latest\"", - "maxLength": 1000, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "must start with a valid domain. valid domains must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.", - "rule": "self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\\\b')" - }, - { - "message": "a valid name is required. valid names must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.", - "rule": "self.find('(\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') != \"\"" - }, - { - "message": "must end with a digest or a tag", - "rule": "self.find('(@.*:)') != \"\" || self.find(':.*$') != \"\"" - }, - { - "message": "tag is invalid. the tag must not be more than 127 characters", - "rule": "self.find('(@.*:)') == \"\" ? (self.find(':.*$') != \"\" ? self.find(':.*$').substring(1).size() <= 127 : true) : true" - }, - { - "message": "tag is invalid. valid tags must begin with a word character (alphanumeric + \"_\") followed by word characters or \".\", and \"-\" characters", - "rule": "self.find('(@.*:)') == \"\" ? (self.find(':.*$') != \"\" ? self.find(':.*$').matches(':[\\\\w][\\\\w.-]*$') : true) : true" - }, - { - "message": "digest algorithm is not valid. valid algorithms must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.", - "rule": "self.find('(@.*:)') != \"\" ? self.find('(@.*:)').matches('(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])') : true" - }, - { - "message": "digest is not valid. the encoded string must be at least 32 characters", - "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').substring(1).size() >= 32 : true" - }, - { - "message": "digest is not valid. the encoded string must only contain hex characters (A-F, a-f, 0-9)", - "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').matches(':[0-9A-Fa-f]*$') : true" - } - ] - } - }, - "required": [ - "ref" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "cannot specify pollIntervalMinutes while using digest-based image", - "rule": "self.ref.find('(@.*:)') != \"\" ? !has(self.pollIntervalMinutes) : true" - } - ] - }, - "type": { - "description": "type is a reference to the type of source the catalog is sourced from.\ntype is required.\n\nThe only allowed value is \"Image\".\n\nWhen set to \"Image\", the ClusterCatalog content will be sourced from an OCI image.\nWhen using an image source, the image field must be set and must be the only field defined for this type.", - "enum": [ - "Image" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "image is required when source type is Image, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Image' ? has(self.image) : !has(self.image)" - } - ] - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "status": { - "description": "status contains information about the state of the ClusterCatalog such as:\n - Whether or not the catalog contents are being served via the catalog content HTTP server\n - Whether or not the ClusterCatalog is progressing to a new state\n - A reference to the source from which the catalog contents were retrieved", - "properties": { - "conditions": { - "description": "conditions is a representation of the current state for this ClusterCatalog.\n\nThe current condition types are Serving and Progressing.\n\nThe Serving condition is used to represent whether or not the contents of the catalog is being served via the HTTP(S) web server.\nWhen it has a status of True and a reason of Available, the contents of the catalog are being served.\nWhen it has a status of False and a reason of Unavailable, the contents of the catalog are not being served because the contents are not yet available.\nWhen it has a status of False and a reason of UserSpecifiedUnavailable, the contents of the catalog are not being served because the catalog has been intentionally marked as unavailable.\n\nThe Progressing condition is used to represent whether or not the ClusterCatalog is progressing or is ready to progress towards a new state.\nWhen it has a status of True and a reason of Retrying, there was an error in the progression of the ClusterCatalog that may be resolved on subsequent reconciliation attempts.\nWhen it has a status of True and a reason of Succeeded, the ClusterCatalog has successfully progressed to a new state and is ready to continue progressing.\nWhen it has a status of False and a reason of Blocked, there was an error in the progression of the ClusterCatalog that requires manual intervention for recovery.\n\nIn the case that the Serving condition is True with reason Available and Progressing is True with reason Retrying, the previously fetched\ncatalog contents are still being served via the HTTP(S) web server while we are progressing towards serving a new version of the catalog\ncontents. This could occur when we've initially fetched the latest contents from the source for this catalog and when polling for changes\nto the contents we identify that there are updates to the contents.", + "hostAliases": { + "description": "Pods' hostAliases configuration", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "ip": { + "description": "IP address of the host file entry.", "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "hostnames", + "ip" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ - "type" + "ip" ], "x-kubernetes-list-type": "map" }, - "lastUnpacked": { - "description": "lastUnpacked represents the last time the contents of the\ncatalog were extracted from their source format. As an example,\nwhen using an Image source, the OCI image will be pulled and the\nimage layers written to a file-system backed cache. We refer to the\nact of this extraction from the source format as \"unpacking\".", - "format": "date-time", - "type": "string" + "hostUsers": { + "description": "HostUsers supports the user space in Kubernetes.\n\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/\n\nThe feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled.\nStarting Kubernetes 1.33, the feature is enabled by default.", + "type": "boolean" }, - "resolvedSource": { - "description": "resolvedSource contains information about the resolved source based on the source type.", - "properties": { - "image": { - "description": "image is a field containing resolution information for a catalog sourced from an image.\nThis field must be set when type is Image, and forbidden otherwise.", - "properties": { - "ref": { - "description": "ref contains the resolved image digest-based reference.\nThe digest format is used so users can use other tooling to fetch the exact\nOCI manifests that were used to extract the catalog contents.", - "maxLength": 1000, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "must start with a valid domain. valid domains must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.", - "rule": "self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\\\b')" - }, - { - "message": "a valid name is required. valid names must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.", - "rule": "self.find('(\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') != \"\"" - }, - { - "message": "must end with a digest", - "rule": "self.find('(@.*:)') != \"\"" - }, - { - "message": "digest algorithm is not valid. valid algorithms must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.", - "rule": "self.find('(@.*:)') != \"\" ? self.find('(@.*:)').matches('(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])') : true" - }, - { - "message": "digest is not valid. the encoded string must be at least 32 characters", - "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').substring(1).size() >= 32 : true" - }, - { - "message": "digest is not valid. the encoded string must only contain hex characters (A-F, a-f, 0-9)", - "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').matches(':[0-9A-Fa-f]*$') : true" - } - ] - } - }, - "required": [ - "ref" - ], - "type": "object" - }, - "type": { - "description": "type is a reference to the type of source the catalog is sourced from.\ntype is required.\n\nThe only allowed value is \"Image\".\n\nWhen set to \"Image\", information about the resolved image source will be set in the 'image' field.", - "enum": [ - "Image" - ], - "type": "string" - } - }, - "required": [ - "image", - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "image is required when source type is Image, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Image' ? has(self.image) : !has(self.image)" - } - ] + "image": { + "description": "Image if specified has precedence over baseImage, tag and sha\ncombinations. Specifying the version is still necessary to ensure the\nPrometheus Operator knows what version of Alertmanager is being\nconfigured.", + "type": "string" }, - "urls": { - "description": "urls contains the URLs that can be used to access the catalog.", - "properties": { - "base": { - "description": "base is a cluster-internal URL that provides endpoints for\naccessing the content of the catalog.\n\nIt is expected that clients append the path for the endpoint they wish\nto access.\n\nCurrently, only a single endpoint is served and is accessible at the path\n/api/v1.\n\nThe endpoints served for the v1 API are:\n - /all - this endpoint returns the entirety of the catalog contents in the FBC format\n\nAs the needs of users and clients of the evolve, new endpoints may be added.", - "maxLength": 525, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "must be a valid URL", - "rule": "isURL(self)" - }, - { - "message": "scheme must be either http or https", - "rule": "isURL(self) ? (url(self).getScheme() == \"http\" || url(self).getScheme() == \"https\") : true" - } - ] - } - }, - "required": [ - "base" + "imagePullPolicy": { + "description": "Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", + "enum": [ + "", + "Always", + "Never", + "IfNotPresent" ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "olm.operatorframework.io", - "kind": "ClusterCatalog", - "version": "v1" - } - ] - }, - "olm.operatorframework.io/v1/ClusterCatalogList": { - "description": "ClusterCatalogList is a list of ClusterCatalog", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clustercatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.operatorframework.olm.v1.ClusterCatalog" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "olm.operatorframework.io", - "kind": "ClusterCatalogList", - "version": "v1" - } - ] - }, - "olm.operatorframework.io/v1/ClusterExtension": { - "description": "ClusterExtension is the Schema for the clusterextensions API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is an optional field that defines the desired state of the ClusterExtension.", - "properties": { - "install": { - "description": "install is an optional field used to configure the installation options\nfor the ClusterExtension such as the pre-flight check configuration.", - "properties": { - "preflight": { - "description": "preflight is an optional field that can be used to configure the checks that are\nrun before installation or upgrade of the content for the package specified in the packageName field.\n\nWhen specified, it replaces the default preflight configuration for install/upgrade actions.\nWhen not specified, the default configuration will be used.", - "properties": { - "crdUpgradeSafety": { - "description": "crdUpgradeSafety is used to configure the CRD Upgrade Safety pre-flight\nchecks that run prior to upgrades of installed content.\n\nThe CRD Upgrade Safety pre-flight check safeguards from unintended\nconsequences of upgrading a CRD, such as data loss.", - "properties": { - "enforcement": { - "description": "enforcement is a required field, used to configure the state of the CRD Upgrade Safety pre-flight check.\n\nAllowed values are \"None\" or \"Strict\". The default value is \"Strict\".\n\nWhen set to \"None\", the CRD Upgrade Safety pre-flight check will be skipped\nwhen performing an upgrade operation. This should be used with caution as\nunintended consequences such as data loss can occur.\n\nWhen set to \"Strict\", the CRD Upgrade Safety pre-flight check will be run when\nperforming an upgrade operation.", - "enum": [ - "None", - "Strict" - ], - "type": "string" - } - }, - "required": [ - "enforcement" - ], - "type": "object" - } - }, - "required": [ - "crdUpgradeSafety" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "at least one of [crdUpgradeSafety] are required when preflight is specified", - "rule": "has(self.crdUpgradeSafety)" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "at least one of [preflight] are required when install is specified", - "rule": "has(self.preflight)" - } - ] + "type": "string" }, - "namespace": { - "description": "namespace is a reference to a Kubernetes namespace.\nThis is the namespace in which the provided ServiceAccount must exist.\nIt also designates the default namespace where namespace-scoped resources\nfor the extension are applied to the cluster.\nSome extensions may contain namespace-scoped resources to be applied in other namespaces.\nThis namespace must exist.\n\nnamespace is required, immutable, and follows the DNS label standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),\nstart and end with an alphanumeric character, and be no longer than 63 characters\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", - "maxLength": 63, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "namespace is immutable", - "rule": "self == oldSelf" + "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace\nto use for pulling prometheus and alertmanager images from registries\nsee https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } }, - { - "message": "namespace must be a valid DNS1123 label", - "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$\")" - } - ] - }, - "serviceAccount": { - "description": "serviceAccount is a reference to a ServiceAccount used to perform all interactions\nwith the cluster that are required to manage the extension.\nThe ServiceAccount must be configured with the necessary permissions to perform these interactions.\nThe ServiceAccount must exist in the namespace referenced in the spec.\nserviceAccount is required.", - "properties": { - "name": { - "description": "name is a required, immutable reference to the name of the ServiceAccount\nto be used for installation and management of the content for the package\nspecified in the packageName field.\n\nThis ServiceAccount must exist in the installNamespace.\n\nname follows the DNS subdomain standard as defined in [RFC 1123].\nIt must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.\n\nSome examples of valid values are:\n - some-serviceaccount\n - 123-serviceaccount\n - 1-serviceaccount-2\n - someserviceaccount\n - some.serviceaccount\n\nSome examples of invalid values are:\n - -some-serviceaccount\n - some-serviceaccount-\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "name is immutable", - "rule": "self == oldSelf" - }, - { - "message": "name must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", - "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" - } - ] - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "name" - ], - "type": "object" + "type": "array" }, - "source": { - "description": "source is a required field which selects the installation source of content\nfor this ClusterExtension. Selection is performed by setting the sourceType.\n\nCatalog is currently the only implemented sourceType, and setting the\nsourcetype to \"Catalog\" requires the catalog field to also be defined.\n\nBelow is a minimal example of a source definition (in yaml):\n\nsource:\n sourceType: Catalog\n catalog:\n packageName: example-package", - "properties": { - "catalog": { - "description": "catalog is used to configure how information is sourced from a catalog.\nThis field is required when sourceType is \"Catalog\", and forbidden otherwise.", - "properties": { - "channels": { - "description": "channels is an optional reference to a set of channels belonging to\nthe package specified in the packageName field.\n\nA \"channel\" is a package-author-defined stream of updates for an extension.\n\nEach channel in the list must follow the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters. No more than 256 channels can be specified.\n\nWhen specified, it is used to constrain the set of installable bundles and\nthe automated upgrade path. This constraint is an AND operation with the\nversion field. For example:\n - Given channel is set to \"foo\"\n - Given version is set to \">=1.0.0, <1.5.0\"\n - Only bundles that exist in channel \"foo\" AND satisfy the version range comparison will be considered installable\n - Automatic upgrades will be constrained to upgrade edges defined by the selected channel\n\nWhen unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths.\n\nSome examples of valid values are:\n - 1.1.x\n - alpha\n - stable\n - stable-v1\n - v1-stable\n - dev-preview\n - preview\n - community\n\nSome examples of invalid values are:\n - -some-channel\n - some-channel-\n - thisisareallylongchannelnamethatisgreaterthanthemaximumlength\n - original_40\n - --default-channel\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", - "items": { - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "channels entries must be valid DNS1123 subdomains", - "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" - } - ] - }, - "maxItems": 256, - "type": "array" + "initContainers": { + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the Alertmanager configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator\ngenerated init containers if they share the same name and modifications are\ndone via a strategic merge patch. The current init container name is:\n`init-config-reloader`. Overriding init containers is entirely outside the\nscope of what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" }, - "packageName": { - "description": "packageName is a reference to the name of the package to be installed\nand is used to filter the content from catalogs.\n\npackageName is required, immutable, and follows the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.\n\nSome examples of valid values are:\n - some-package\n - 123-package\n - 1-package-2\n - somepackage\n\nSome examples of invalid values are:\n - -some-package\n - some-package-\n - thisisareallylongpackagenamethatisgreaterthanthemaximumlength\n - some.package\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "packageName is immutable", - "rule": "self == oldSelf" - }, - { - "message": "packageName must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", - "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" - } - ] + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" }, - "selector": { - "description": "selector is an optional field that can be used\nto filter the set of ClusterCatalogs used in the bundle\nselection process.\n\nWhen unspecified, all ClusterCatalogs will be used in\nthe bundle selection process.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "upgradeConstraintPolicy": { - "default": "CatalogProvided", - "description": "upgradeConstraintPolicy is an optional field that controls whether\nthe upgrade path(s) defined in the catalog are enforced for the package\nreferenced in the packageName field.\n\nAllowed values are: \"CatalogProvided\" or \"SelfCertified\", or omitted.\n\nWhen this field is set to \"CatalogProvided\", automatic upgrades will only occur\nwhen upgrade constraints specified by the package author are met.\n\nWhen this field is set to \"SelfCertified\", the upgrade constraints specified by\nthe package author are ignored. This allows for upgrades and downgrades to\nany version of the package. This is considered a dangerous operation as it\ncan lead to unknown and potentially disastrous outcomes, such as data\nloss. It is assumed that users have independently verified changes when\nusing this option.\n\nWhen this field is omitted, the default value is \"CatalogProvided\".", - "enum": [ - "CatalogProvided", - "SelfCertified" + "required": [ + "name" ], - "type": "string" + "type": "object" }, - "version": { - "description": "version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed.\n\nAcceptable version ranges are no longer than 64 characters.\nVersion ranges are composed of comma- or space-delimited values and one or\nmore comparison operators, known as comparison strings. Additional\ncomparison strings can be added using the OR operator (||).\n\n# Range Comparisons\n\nTo specify a version range, you can use a comparison string like \">=3.0,\n<3.6\". When specifying a range, automatic updates will occur within that\nrange. The example comparison string means \"install any version greater than\nor equal to 3.0.0 but less than 3.6.0.\". It also states intent that if any\nupgrades are available within the version range after initial installation,\nthose upgrades should be automatically performed.\n\n# Pinned Versions\n\nTo specify an exact version to install you can use a version range that\n\"pins\" to a specific version. When pinning to a specific version, no\nautomatic updates will occur. An example of a pinned version range is\n\"0.6.0\", which means \"only install version 0.6.0 and never\nupgrade from this version\".\n\n# Basic Comparison Operators\n\nThe basic comparison operators and their meanings are:\n - \"=\", equal (not aliased to an operator)\n - \"!=\", not equal\n - \"<\", less than\n - \">\", greater than\n - \">=\", greater than OR equal to\n - \"<=\", less than OR equal to\n\n# Wildcard Comparisons\n\nYou can use the \"x\", \"X\", and \"*\" characters as wildcard characters in all\ncomparison operations. Some examples of using the wildcard characters:\n - \"1.2.x\", \"1.2.X\", and \"1.2.*\" is equivalent to \">=1.2.0, < 1.3.0\"\n - \">= 1.2.x\", \">= 1.2.X\", and \">= 1.2.*\" is equivalent to \">= 1.2.0\"\n - \"<= 2.x\", \"<= 2.X\", and \"<= 2.*\" is equivalent to \"< 3\"\n - \"x\", \"X\", and \"*\" is equivalent to \">= 0.0.0\"\n\n# Patch Release Comparisons\n\nWhen you want to specify a minor version up to the next major version you\ncan use the \"~\" character to perform patch comparisons. Some examples:\n - \"~1.2.3\" is equivalent to \">=1.2.3, <1.3.0\"\n - \"~1\" and \"~1.x\" is equivalent to \">=1, <2\"\n - \"~2.3\" is equivalent to \">=2.3, <2.4\"\n - \"~1.2.x\" is equivalent to \">=1.2.0, <1.3.0\"\n\n# Major Release Comparisons\n\nYou can use the \"^\" character to make major release comparisons after a\nstable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples:\n - \"^1.2.3\" is equivalent to \">=1.2.3, <2.0.0\"\n - \"^1.2.x\" is equivalent to \">=1.2.0, <2.0.0\"\n - \"^2.3\" is equivalent to \">=2.3, <3\"\n - \"^2.x\" is equivalent to \">=2.0.0, <3\"\n - \"^0.2.3\" is equivalent to \">=0.2.3, <0.3.0\"\n - \"^0.2\" is equivalent to \">=0.2.0, <0.3.0\"\n - \"^0.0.3\" is equvalent to \">=0.0.3, <0.0.4\"\n - \"^0.0\" is equivalent to \">=0.0.0, <0.1.0\"\n - \"^0\" is equivalent to \">=0.0.0, <1.0.0\"\n\n# OR Comparisons\nYou can use the \"||\" character to represent an OR operation in the version\nrange. Some examples:\n - \">=1.2.3, <2.0.0 || >3.0.0\"\n - \"^0 || ^3 || ^5\"\n\nFor more information on semver, please see https://semver.org/", - "maxLength": 64, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "invalid version expression", - "rule": "self.matches(\"^(\\\\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\\\\^)\\\\s*(v?(0|[1-9]\\\\d*|[x|X|\\\\*])(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*]))?(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*))?(-([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?(\\\\+([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?)\\\\s*)((?:\\\\s+|,\\\\s*|\\\\s*\\\\|\\\\|\\\\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\\\\^)\\\\s*(v?(0|[1-9]\\\\d*|x|X|\\\\*])(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*))?(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*]))?(-([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?(\\\\+([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?)\\\\s*)*$\")" - } - ] - } - }, - "required": [ - "packageName" - ], - "type": "object" - }, - "sourceType": { - "description": "sourceType is a required reference to the type of install source.\n\nAllowed values are \"Catalog\"\n\nWhen this field is set to \"Catalog\", information for determining the\nappropriate bundle of content to install will be fetched from\nClusterCatalog resources existing on the cluster.\nWhen using the Catalog sourceType, the catalog field must also be set.", - "enum": [ - "Catalog" - ], - "type": "string" - } - }, - "required": [ - "sourceType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "catalog is required when sourceType is Catalog, and forbidden otherwise", - "rule": "has(self.sourceType) && self.sourceType == 'Catalog' ? has(self.catalog) : !has(self.catalog)" - } - ] - } - }, - "required": [ - "namespace", - "serviceAccount", - "source" - ], - "type": "object" - }, - "status": { - "description": "status is an optional field that defines the observed state of the ClusterExtension.", - "properties": { - "conditions": { - "description": "The set of condition types which apply to all spec.source variations are Installed and Progressing.\n\nThe Installed condition represents whether or not the bundle has been installed for this ClusterExtension.\nWhen Installed is True and the Reason is Succeeded, the bundle has been successfully installed.\nWhen Installed is False and the Reason is Failed, the bundle has failed to install.\n\nThe Progressing condition represents whether or not the ClusterExtension is advancing towards a new state.\nWhen Progressing is True and the Reason is Succeeded, the ClusterExtension is making progress towards a new state.\nWhen Progressing is True and the Reason is Retrying, the ClusterExtension has encountered an error that could be resolved on subsequent reconciliation attempts.\nWhen Progressing is False and the Reason is Blocked, the ClusterExtension has encountered an error that requires manual intervention for recovery.\n\nWhen the ClusterExtension is sourced from a catalog, if may also communicate a deprecation condition.\nThese are indications from a package owner to guide users away from a particular package, channel, or bundle.\nBundleDeprecated is set if the requested bundle version is marked deprecated in the catalog.\nChannelDeprecated is set if the requested channel is marked deprecated in the catalog.\nPackageDeprecated is set if the requested package is marked deprecated in the catalog.\nDeprecated is a rollup condition that is present when any of the deprecated conditions are present.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" ], - "type": "string" + "x-kubernetes-list-type": "map" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "install": { - "description": "install is a representation of the current installation status for this ClusterExtension.", - "properties": { - "bundle": { - "description": "bundle is a required field which represents the identifying attributes of a bundle.\n\nA \"bundle\" is a versioned set of content that represents the resources that\nneed to be applied to a cluster to install a package.", - "properties": { - "name": { - "description": "name is required and follows the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "packageName must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", - "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" } - ] + }, + "type": "object" }, - "version": { - "description": "version is a required field and is a reference to the version that this bundle represents\nversion follows the semantic versioning standard as defined in https://semver.org/.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "version must be well-formed semver", - "rule": "self.matches(\"^([0-9]+)(\\\\.[0-9]+)?(\\\\.[0-9]+)?(-([-0-9A-Za-z]+(\\\\.[-0-9A-Za-z]+)*))?(\\\\+([-0-9A-Za-z]+(-\\\\.[-0-9A-Za-z]+)*))?\")" - } - ] - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "name", - "version" - ], - "type": "object" - } - }, - "required": [ - "bundle" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "olm.operatorframework.io", - "kind": "ClusterExtension", - "version": "v1" - } - ] - }, - "olm.operatorframework.io/v1/ClusterExtensionList": { - "description": "ClusterExtensionList is a list of ClusterExtension", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterextensions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.operatorframework.olm.v1.ClusterExtension" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "olm.operatorframework.io", - "kind": "ClusterExtensionList", - "version": "v1" - } - ] - }, - "opentelemetry.io/v1alpha1/Instrumentation": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "apacheHttpd": { - "properties": { - "attrs": { - "items": { + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "configMapKeyRef": { + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "fieldRef": { + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "apiVersion": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "divisor": { + "port": { "anyOf": [ { "type": "integer" @@ -237980,103 +153104,113 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, - "resource": { + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "resource" + "port" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "secretKeyRef": { + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "optional": { - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, "required": [ - "key" + "port" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" } }, "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "configPath": { - "type": "string" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" }, - "value": { - "type": "string" - }, - "valueFrom": { + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "configMapKeyRef": { + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "fieldRef": { + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "apiVersion": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "divisor": { + "port": { "anyOf": [ { "type": "integer" @@ -238085,1240 +153219,1020 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, - "resource": { + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "resource" + "port" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "secretKeyRef": { + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "optional": { - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, "required": [ - "key" + "port" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" } }, "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" } }, - "required": [ - "name" - ], "type": "object" }, - "type": "array" - }, - "image": { - "type": "string" - }, - "resourceRequirements": { - "properties": { - "claims": { - "items": { + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "name": { - "type": "string" - }, - "request": { - "type": "string" + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "name" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", "type": "integer" }, - { + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } + }, + "required": [ + "port" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "type": "object" - } - }, - "type": "object" - }, - "version": { - "type": "string" - }, - "volumeClaimTemplate": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array" - }, - "labels": { - "additionalProperties": { + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "type": "object" - }, - "name": { - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "namespace": { - "type": "string" - } + "required": [ + "port" + ], + "type": "object" }, - "type": "object" - }, - "spec": { - "properties": { - "accessModes": { - "items": { + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + { "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } }, - "storageClassName": { - "type": "string" + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" }, - "volumeAttributesClassName": { + "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, - "volumeMode": { + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, - "volumeName": { + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, + "required": [ + "containerPort" + ], "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "defaults": { - "properties": { - "useLabelsForResourceAttributes": { - "type": "boolean" - } - }, - "type": "object" - }, - "dotnet": { - "properties": { - "env": { - "items": { + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "name": { - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "value": { - "type": "string" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "valueFrom": { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } }, - "resource": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "name": { - "default": "", + { "type": "string" - }, - "optional": { - "type": "boolean" } - }, - "required": [ - "key" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "image": { - "type": "string" - }, - "resourceRequirements": { - "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "request": { + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "name" + "port" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } + }, + "required": [ + "port" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" }, - "type": "object" - } + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" }, - "type": "object" - }, - "volumeClaimTemplate": { - "properties": { - "metadata": { + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", "type": "string" }, - "namespace": { + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", "type": "string" } }, + "required": [ + "resourceName", + "restartPolicy" + ], "type": "object" }, - "spec": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, - "namespace": { + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, "required": [ - "kind", "name" ], "type": "object" }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + { + "type": "string" } - }, - "type": "object" + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + { + "type": "string" } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "type": "string" - }, - "volumeAttributesClassName": { - "type": "string" - }, - "volumeMode": { - "type": "string" + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "volumeName": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" + "type": "object" }, - "value": { + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, - "valueFrom": { + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { - "configMapKeyRef": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "key": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", "type": "string" }, - "name": { - "default": "", + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", "type": "string" - }, - "optional": { - "type": "boolean" } }, "required": [ - "key" + "type" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "fieldRef": { + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "apiVersion": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, - "fieldPath": { + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "resourceFieldRef": { + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "containerName": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "required": [ - "resource" + "type" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "secretKeyRef": { + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { - "key": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, - "name": { - "default": "", + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, - "optional": { + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" } }, "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "exporter": { - "properties": { - "endpoint": { - "type": "string" - }, - "tls": { - "properties": { - "ca_file": { - "type": "string" - }, - "cert_file": { - "type": "string" - }, - "configMapName": { - "type": "string" - }, - "key_file": { - "type": "string" - }, - "secretName": { - "type": "string" - } }, - "type": "object" - } - }, - "type": "object" - }, - "go": { - "properties": { - "env": { - "items": { + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "name": { - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "value": { - "type": "string" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "valueFrom": { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } }, - "resource": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "name": { - "default": "", + { "type": "string" - }, - "optional": { - "type": "boolean" } - }, - "required": [ - "key" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" } }, + "required": [ + "port" + ], "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "image": { - "type": "string" - }, - "resourceRequirements": { - "properties": { - "claims": { - "items": { + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { - "name": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "request": { - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, "required": [ - "name" + "port" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" }, - "type": "object" + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } + "type": "object" }, - "type": "object" - }, - "volumeClaimTemplate": { - "properties": { - "metadata": { + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, - "namespace": { + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, + "required": [ + "devicePath", + "name" + ], "type": "object" }, - "spec": { + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" }, - "storageClassName": { + "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, - "volumeAttributesClassName": { + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, - "volumeMode": { + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, - "volumeName": { + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, + "required": [ + "mountPath", + "name" + ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "spec" - ], + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "limits": { + "description": "Defines the limits command line flags when starting Alertmanager.", + "properties": { + "maxPerSilenceBytes": { + "description": "The maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's\n`--silences.max-per-silence-bytes` flag.\nIt requires Alertmanager >= v0.28.0.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "maxSilences": { + "description": "The maximum number active and pending silences. This corresponds to the\nAlertmanager's `--silences.max-silences` flag.\nIt requires Alertmanager >= v0.28.0.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "listenLocal": { + "description": "ListenLocal makes the Alertmanager server listen on loopback, so that it\ndoes not bind against the Pod IP. Note this is only for the Alertmanager\nUI, not the gossip communication.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for Alertmanager to be configured with.", + "enum": [ + "", + "logfmt", + "json" + ], + "type": "string" + }, + "logLevel": { + "description": "Log level for Alertmanager to be configured with.", + "enum": [ + "", + "debug", + "info", + "warn", + "error" + ], + "type": "string" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\n\nIf unset, pods will be considered available as soon as they are ready.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "Define which Nodes the Pods are scheduled on.", + "type": "object" + }, + "paused": { + "description": "If set to true all actions on the underlying managed objects are not\ngoing to be performed, except for delete actions.", + "type": "boolean" + }, + "persistentVolumeClaimRetentionPolicy": { + "description": "The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.\nThe default behavior is all PVCs are retained.\nThis is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.\nIt requires enabling the StatefulSetAutoDeletePVC feature gate.", + "properties": { + "whenDeleted": { + "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is deleted. The default policy\nof `Retain` causes PVCs to not be affected by StatefulSet deletion. The\n`Delete` policy causes those PVCs to be deleted.", + "type": "string" + }, + "whenScaled": { + "description": "WhenScaled specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is scaled down. The default\npolicy of `Retain` causes PVCs to not be affected by a scaledown. The\n`Delete` policy causes the associated PVCs for any excess pods above\nthe replica count to be deleted.", + "type": "string" + } + }, + "type": "object" + }, + "podMetadata": { + "description": "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", "type": "object" }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", + "type": "string" } }, "type": "object" }, - "imagePullPolicy": { + "portName": { + "default": "web", + "description": "Port name used for the pods and governing service.\nDefaults to `web`.", + "type": "string" + }, + "priorityClassName": { + "description": "Priority class assigned to the Pods", "type": "string" }, - "java": { + "replicas": { + "description": "Size is the expected size of the alertmanager cluster. The controller will\neventually make the size of the running cluster equal to the expected\nsize.", + "format": "int32", + "type": "integer" + }, + "resources": { + "description": "Define resources requests and limits for single Pods.", "properties": { - "env": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, - "value": { + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" } }, "required": [ @@ -239326,928 +154240,475 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "extensions": { - "items": { - "properties": { - "dir": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "image": { + { "type": "string" } - }, - "required": [ - "dir", - "image" ], - "type": "object" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array" + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "retention": { + "default": "120h", + "description": "Time duration Alertmanager shall retain data for. Default is '120h',\nand must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix Alertmanager registers HTTP handlers for. This is useful,\nif using ExternalURL and a proxy is rewriting HTTP routes of a request,\nand the actual ExternalURL is still true, but the server serves requests\nunder a different route prefix. For example for use with `kubectl proxy`.", + "type": "string" + }, + "secrets": { + "description": "Secrets is a list of Secrets in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container.", + "items": { + "type": "string" + }, + "type": "array" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", + "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" }, - "image": { + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "resources": { + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "request": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" } }, "type": "object" }, - "volumeClaimTemplate": { + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" }, - "spec": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "type": "string" - }, - "volumeAttributesClassName": { - "type": "string" - }, - "volumeMode": { - "type": "string" - }, - "volumeName": { - "type": "string" - } - }, - "type": "object" + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" } }, "required": [ - "spec" + "type" ], "type": "object" }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "nginx": { - "properties": { - "attrs": { + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" + "format": "int64", + "type": "integer" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "configFile": { + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "env": { + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { + "description": "Sysctl defines a kernel parameter to be set", "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" } }, "required": [ - "name" + "name", + "value" ], "type": "object" }, - "type": "array" - }, - "image": { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resourceRequirements": { + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "request": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" } }, "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", + "type": "string" + }, + "serviceName": { + "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the Alertmanager resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `alertmanager-operated` for Alermanager resources.\nWhen deploying multiple Alertmanager resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", + "minLength": 1, + "type": "string" + }, + "sha": { + "description": "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`.\nSimilar to a tag, but the SHA explicitly deploys an immutable container image.\nVersion and Tag are ignored if SHA is set.\nDeprecated: use 'image' instead. The image digest can be specified as part of the image URL.", + "type": "string" + }, + "storage": { + "description": "Storage is the definition of how storage will be used by the Alertmanager\ninstances.", + "properties": { + "disableMountSubPath": { + "description": "Deprecated: subPath usage will be removed in a future release.", + "type": "boolean" }, - "volumeClaimTemplate": { + "emptyDir": { + "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" }, - "namespace": { + { "type": "string" } - }, - "type": "object" - }, - "spec": { + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, - "selector": { + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { - "matchExpressions": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "type": "string" - }, - "volumeAttributesClassName": { - "type": "string" - }, - "volumeMode": { - "type": "string" - }, - "volumeName": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "nodejs": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "name": { - "default": "", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "optional": { - "type": "boolean" - } + "required": [ + "kind", + "name" + ], + "type": "object" }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - "fieldPath": { - "type": "string" - } + "type": "object" }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - { + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "resource": { - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "image": { - "type": "string" - }, - "resourceRequirements": { - "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } }, - "request": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "spec" ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, "type": "object" } }, "type": "object" }, "volumeClaimTemplate": { + "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, "metadata": { + "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", "properties": { "annotations": { "additionalProperties": { "type": "string" }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", "type": "object" }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, "labels": { "additionalProperties": { "type": "string" }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "type": "object" }, "name": { - "type": "string" - }, - "namespace": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", "type": "string" } }, "type": "object" }, "spec": { + "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, @@ -240255,14 +154716,18 @@ "x-kubernetes-list-type": "atomic" }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -240274,17 +154739,22 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, @@ -240295,6 +154765,7 @@ "type": "object" }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { "limits": { "additionalProperties": { @@ -240309,6 +154780,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -240324,23 +154796,30 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -240361,6 +154840,7 @@ "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -240368,989 +154848,823 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "propagators": { - "items": { - "enum": [ - "tracecontext", - "baggage", - "b3", - "b3multi", - "jaeger", - "xray", - "ottrace", - "none" - ], - "type": "string" - }, - "type": "array" - }, - "python": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" + "status": { + "description": "Deprecated: this field is never set.", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "name": { - "default": "", + { "type": "string" - }, - "optional": { - "type": "boolean" } - }, - "required": [ - "key" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "fieldPath": { + { "type": "string" } - }, - "required": [ - "fieldPath" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "resourceFieldRef": { + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "containerName": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" }, - "resource": { + "message": { + "description": "message is the human-readable message indicating details about last transition.", "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", "type": "string" }, - "name": { - "default": "", + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", "type": "string" }, - "optional": { - "type": "boolean" + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" } }, "required": [ - "key" + "status", + "type" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "tag": { + "description": "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`.\nVersion is ignored if Tag is set.\nDeprecated: use 'image' instead. The image tag can be specified as part of the image URL.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 120 seconds.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "If specified, the pod's topology spread constraints.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version the cluster should be on.", + "type": "string" + }, + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the alertmanager container,\nthat are generated as a result of StorageSpec objects.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "volumes": { + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition.\nVolumes specified will be appended to other volumes that are generated as a result of\nStorageSpec objects.", + "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, "required": [ - "name" + "volumeID" ], "type": "object" }, - "type": "array" - }, - "image": { - "type": "string" - }, - "resourceRequirements": { - "properties": { - "claims": { - "items": { + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "properties": { "name": { - "type": "string" - }, - "request": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" }, - "type": "object" - } - }, - "type": "object" - }, - "volumeClaimTemplate": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" + } }, - "namespace": { - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" + "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } }, - "spec": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { + "key": { + "description": "key is the key to project.", "type": "string" }, - "name": { - "type": "string" + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" }, - "namespace": { + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, "required": [ - "kind", - "name" + "key", + "path" ], "type": "object" }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "type": "string" - }, - "volumeAttributesClassName": { - "type": "string" - }, - "volumeMode": { - "type": "string" - }, - "volumeName": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "volumeLimitSize": { - "anyOf": [ - { - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "resource": { - "properties": { - "addK8sUIDAttributes": { - "type": "boolean" - }, - "resourceAttributes": { - "additionalProperties": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - } - }, - "type": "object" - }, - "sampler": { - "properties": { - "argument": { - "type": "string" - }, - "type": { - "enum": [ - "always_on", - "always_off", - "traceidratio", - "parentbased_always_on", - "parentbased_always_off", - "parentbased_traceidratio", - "jaeger_remote", - "xray" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "opentelemetry.io", - "kind": "Instrumentation", - "version": "v1alpha1" - } - ] - }, - "opentelemetry.io/v1alpha1/InstrumentationList": { - "description": "InstrumentationList is a list of Instrumentation", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of instrumentations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.opentelemetry.v1alpha1.Instrumentation" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "opentelemetry.io", - "kind": "InstrumentationList", - "version": "v1alpha1" - } - ] - }, - "opentelemetry.io/v1alpha1/OpAMPBridge": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "affinity": { - "properties": { - "nodeAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "properties": { - "preference": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "format": "int32", - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "properties": { - "nodeSelectorTerms": { - "items": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", + "type": "boolean" }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" }, - "type": "object" - }, - "podAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { + "description": "Items is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } }, - "mismatchLabelKeys": { - "items": { + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "divisor": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + { "type": "string" - }, - "type": "object" - } + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { + "resource": { + "description": "Required: resource to select", "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "weight": { - "format": "int32", + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { "type": "integer" + }, + { + "type": "string" } - }, - "required": [ - "podAffinityTerm", - "weight" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { + "type": "object" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { - "labelSelector": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { - "matchExpressions": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, + "required": [ + "kind", + "name" + ], "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "operator": { + { "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } - }, - "required": [ - "key", - "operator" ], - "type": "object" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "matchLabels": { + "requests": { "additionalProperties": { - "type": "string" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "namespaceSelector": { + "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -241371,972 +155685,733 @@ "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" }, - "topologyKey": { + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" + "type": "object" } }, "required": [ - "topologyKey" + "spec" ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "capabilities": { - "additionalProperties": { - "type": "boolean" - }, - "type": "object" - }, - "componentsAllowed": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "description": { - "properties": { - "non_identifying_attributes": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "required": [ - "non_identifying_attributes" - ], - "type": "object" - }, - "endpoint": { - "type": "string" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" + } + }, + "type": "object" }, - "valueFrom": { + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" }, - "secretKeyRef": { + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "properties": { - "key": { - "type": "string" - }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - }, - "optional": { - "type": "boolean" } }, - "required": [ - "key" - ], "type": "object", "x-kubernetes-map-type": "atomic" } }, + "required": [ + "driver" + ], "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "items": { - "properties": { - "configMapRef": { + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", "properties": { - "name": { - "default": "", + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, - "optional": { - "type": "boolean" + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "type": "string" + "type": "object" }, - "secretRef": { + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { - "name": { - "default": "", + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, - "optional": { + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "ipFamilies": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ipFamilyPolicy": { - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "podAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "podDnsConfig": { - "properties": { - "nameservers": { - "items": { - "type": "string" + "required": [ + "pdName" + ], + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "items": { + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "properties": { - "name": { + "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, - "value": { + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, + "required": [ + "repository" + ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podSecurityContext": { - "properties": { - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "type": "string" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "type": "string" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "type": "string" - }, - "sysctls": { - "items": { + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "properties": { - "name": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, - "value": { + "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" } }, "required": [ - "name", - "value" + "endpoints", + "path" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "ports": { - "items": { - "properties": { - "appProtocol": { - "type": "string" - }, - "name": { - "type": "string" - }, - "nodePort": { - "format": "int32", - "type": "integer" - }, - "port": { - "format": "int32", - "type": "integer" - }, - "protocol": { - "default": "TCP", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "priorityClassName": { - "type": "string" - }, - "replicas": { - "format": "int32", - "maximum": 1, - "type": "integer" - }, - "resources": { - "properties": { - "claims": { - "items": { + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { - "name": { + "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, - "request": { + "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "required": [ - "name" + "path" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "securityContext": { - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" }, - "type": { - "type": "string" - } + "type": "object" }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "properties": { - "add": { - "items": { + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "type": "boolean" - }, - "procMount": { - "type": "string" - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccount": { - "type": "string" - }, - "tolerations": { - "items": { - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "tolerationSeconds": { - "format": "int64", - "type": "integer" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "format": "int32", - "type": "integer" - }, - "minDomains": { - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "type": "string" - }, - "nodeTaintsPolicy": { - "type": "string" - }, - "topologyKey": { - "type": "string" - }, - "whenUnsatisfiable": { - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "upgradeStrategy": { - "enum": [ - "automatic", - "none" - ], - "type": "string" - }, - "volumeMounts": { - "items": { - "properties": { - "mountPath": { - "type": "string" - }, - "mountPropagation": { - "type": "string" + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "readOnly": { - "type": "boolean" - }, - "recursiveReadOnly": { - "type": "string" + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "properties": { + "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" }, - "subPath": { - "type": "string" + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" }, - "subPathExpr": { - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "volumes": { - "items": { - "properties": { - "awsElasticBlockStore": { + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "partition": { - "format": "int32", - "type": "integer" + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, - "required": [ - "volumeID" - ], + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "description": "secret information about the secret data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, "type": "object" }, - "azureDisk": { + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", "properties": { - "cachingMode": { + "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, - "diskName": { - "type": "string" + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", + "type": "boolean" }, - "diskURI": { + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, - "fsType": { - "default": "ext4", + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, - "kind": { + "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, - "readOnly": { - "default": false, - "type": "boolean" + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" } }, "required": [ - "diskName", - "diskURI" + "registry", + "volume" ], "type": "object" }, - "azureFile": { + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { - "readOnly": { - "type": "boolean" + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" }, - "secretName": { + "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, - "shareName": { + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "properties": { + }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { + "pool": { + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, - "secretFile": { - "type": "string" - }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -242344,58 +156419,102 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "required": [ + "image", "monitors" ], "type": "object" }, - "cinder": { + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", "properties": { "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "volumeID": { + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, "required": [ - "volumeID" + "gateway", + "secretRef", + "system" ], "type": "object" }, - "configMap": { + "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { + "description": "Maps a string key to a path within a volume.", "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -242408,1072 +156527,1542 @@ "type": "array", "x-kubernetes-list-type": "atomic" }, - "name": { - "default": "", - "type": "string" - }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "csi": { + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", "properties": { - "driver": { - "type": "string" - }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "nodePublishSecretRef": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "readOnly": { - "type": "boolean" + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", + "type": "string" }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" } }, "required": [ - "driver" + "volumePath" ], "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "web": { + "description": "Defines the web command line flags when starting Alertmanager.", + "properties": { + "getConcurrency": { + "description": "Maximum number of GET requests processed concurrently. This corresponds to the\nAlertmanager's `--web.get-concurrency` flag.", + "format": "int32", + "type": "integer" + }, + "httpConfig": { + "description": "Defines HTTP parameters for web server.", + "properties": { + "headers": { + "description": "List of headers that can be added to HTTP responses.", + "properties": { + "contentSecurityPolicy": { + "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", + "type": "string" + }, + "strictTransportSecurity": { + "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "type": "string" + }, + "xContentTypeOptions": { + "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", + "enum": [ + "", + "NoSniff" + ], + "type": "string" + }, + "xFrameOptions": { + "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "enum": [ + "", + "Deny", + "SameOrigin" + ], + "type": "string" + }, + "xXSSProtection": { + "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", + "type": "string" + } + }, + "type": "object" + }, + "http2": { + "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", + "type": "boolean" + } }, - "downwardAPI": { - "properties": { - "defaultMode": { - "format": "int32", - "type": "integer" + "type": "object" + }, + "timeout": { + "description": "Timeout for HTTP requests. This corresponds to the Alertmanager's\n`--web.timeout` flag.", + "format": "int32", + "type": "integer" + }, + "tlsConfig": { + "description": "Defines the TLS parameters for HTTPS.", + "properties": { + "cert": { + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, + "type": "object" + }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", + "type": "string" + }, + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", "items": { - "items": { + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", + "type": "string" + }, + "client_ca": { + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "key": { + "description": "The key to select.", + "type": "string" }, - "mode": { - "format": "int32", - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "path": { + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "path" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "type": "string" + }, + "type": "array" + }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable.", + "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "Most recent observed status of the Alertmanager cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "availableReplicas": { + "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Alertmanager cluster.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "The current state of the Alertmanager object.", + "items": { + "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details for the condition's last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", + "format": "int64", + "type": "integer" + }, + "reason": { + "description": "Reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition.", + "minLength": 1, + "type": "string" + }, + "type": { + "description": "Type of the condition being reported.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "paused": { + "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", + "type": "boolean" + }, + "replicas": { + "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject (their labels match the selector).", + "format": "int32", + "type": "integer" + }, + "selector": { + "description": "The selector used to match the pods targeted by this Alertmanager object.", + "type": "string" + }, + "unavailableReplicas": { + "description": "Total number of unavailable pods targeted by this Alertmanager object.", + "format": "int32", + "type": "integer" + }, + "updatedReplicas": { + "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject that have the desired version spec.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "availableReplicas", + "paused", + "replicas", + "unavailableReplicas", + "updatedReplicas" + ], + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "Alertmanager", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/AlertmanagerList": { + "description": "AlertmanagerList is a list of Alertmanager", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of alertmanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.monitoring.v1.Alertmanager" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "AlertmanagerList", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/PodMonitor": { + "description": "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of desired Pod selection for target discovery by Prometheus.", + "properties": { + "attachMetadata": { + "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.35.0.", + "properties": { + "node": { + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", + "type": "boolean" + } + }, + "type": "object" + }, + "bodySizeLimit": { + "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", + "type": "boolean" + }, + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "jobLabel": { + "description": "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`).", + "type": "string" + }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" + }, + "namespaceSelector": { + "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.\nBy default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.", + "properties": { + "any": { + "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", + "type": "boolean" + }, + "matchNames": { + "description": "List of namespace names to select from.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "podMetricsEndpoints": { + "description": "Defines how to scrape metrics from the selected pods.", + "items": { + "description": "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", + "properties": { + "authorization": { + "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" } }, "type": "object" }, - "emptyDir": { + "basicAuth": { + "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { - "medium": { - "type": "string" + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "ephemeral": { + "bearerTokenSecret": { + "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", "properties": { - "volumeClaimTemplate": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "enableHttp2": { + "description": "`enableHttp2` can be used to disable HTTP2 when scraping the target.", + "type": "boolean" + }, + "filterRunning": { + "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "type": "boolean" + }, + "followRedirects": { + "description": "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects.", + "type": "boolean" + }, + "honorLabels": { + "description": "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels.", + "type": "boolean" + }, + "honorTimestamps": { + "description": "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "metricRelabelings": { + "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { - "metadata": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "namespace": { - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "spec": { + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { + "key": { + "description": "The key to select.", "type": "string" }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "kind", - "name" + "key" ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "dataSourceRef": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "namespace": { - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "kind", - "name" + "key" ], - "type": "object" - }, - "resources": { + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "key": { + "description": "The key to select.", + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "selector": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "type": "string" - }, - "volumeAttributesClassName": { + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "volumeMode": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "volumeName": { - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "properties": { - "fsType": { - "type": "string" - }, - "lun": { - "format": "int32", - "type": "integer" - }, - "readOnly": { - "type": "boolean" - }, - "targetWWNs": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "properties": { - "driver": { - "type": "string" - }, - "fsType": { - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "readOnly": { - "type": "boolean" - }, - "secretRef": { - "properties": { - "name": { - "default": "", + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "properties": { - "datasetName": { - "type": "string" - }, - "datasetUUID": { - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "properties": { - "fsType": { - "type": "string" - }, - "partition": { - "format": "int32", - "type": "integer" + "type": "object" }, - "pdName": { + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, "type": "string" - }, - "readOnly": { - "type": "boolean" } }, "required": [ - "pdName" + "clientId", + "clientSecret", + "tokenUrl" ], "type": "object" }, - "gitRepo": { - "properties": { - "directory": { - "type": "string" - }, - "repository": { + "params": { + "additionalProperties": { + "items": { "type": "string" }, - "revision": { - "type": "string" - } + "type": "array" }, - "required": [ - "repository" - ], + "description": "`params` define optional HTTP URL parameters.", "type": "object" }, - "glusterfs": { - "properties": { - "endpoints": { - "type": "string" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" + "path": { + "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", + "type": "string" }, - "hostPath": { - "properties": { - "path": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" + "port": { + "description": "The `Pod` port name which exposes the endpoint.\n\nIt takes precedence over the `portNumber` and `targetPort` fields.", + "type": "string" }, - "image": { - "properties": { - "pullPolicy": { - "type": "string" - }, - "reference": { - "type": "string" - } - }, - "type": "object" + "portNumber": { + "description": "The `Pod` port number which exposes the endpoint.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "iscsi": { - "properties": { - "chapAuthDiscovery": { - "type": "boolean" - }, - "chapAuthSession": { - "type": "boolean" - }, - "fsType": { - "type": "string" - }, - "initiatorName": { - "type": "string" - }, - "iqn": { - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "type": "string" - }, - "lun": { - "format": "int32", - "type": "integer" - }, - "portals": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "type": "boolean" - }, - "secretRef": { + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "targetPortal": { - "type": "string" - } + "type": "array" }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "nfs": { - "properties": { - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" + "relabelings": { + "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } }, - "server": { - "type": "string" - } + "type": "object" }, - "required": [ - "path", - "server" - ], - "type": "object" + "type": "array" }, - "persistentVolumeClaim": { - "properties": { - "claimName": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - } - }, - "required": [ - "claimName" + "scheme": { + "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", + "enum": [ + "http", + "https" ], - "type": "object" + "type": "string" }, - "photonPersistentDisk": { - "properties": { - "fsType": { - "type": "string" - }, - "pdID": { - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" + "scrapeTimeout": { + "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" }, - "portworxVolume": { - "properties": { - "fsType": { - "type": "string" - }, - "readOnly": { - "type": "boolean" + "targetPort": { + "anyOf": [ + { + "type": "integer" }, - "volumeID": { + { "type": "string" } - }, - "required": [ - "volumeID" ], - "type": "object" + "description": "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' or 'portNumber' instead.", + "x-kubernetes-int-or-string": true }, - "projected": { + "tlsConfig": { + "description": "TLS configuration to use when scraping the target.", "properties": { - "defaultMode": { - "format": "int32", - "type": "integer" - }, - "sources": { - "items": { - "properties": { - "clusterTrustBundle": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "type": "string" - }, - "optional": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "signerName": { - "type": "string" - } + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "properties": { - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "downwardAPI": { - "properties": { - "items": { - "items": { - "properties": { - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object" - }, - "secret": { - "properties": { - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "serviceAccountToken": { - "properties": { - "audience": { - "type": "string" - }, - "expirationSeconds": { - "format": "int64", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "properties": { - "group": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "registry": { - "type": "string" - }, - "tenant": { - "type": "string" - }, - "user": { - "type": "string" - }, - "volume": { - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "properties": { - "fsType": { - "type": "string" - }, - "image": { - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "type": "string" - }, - "monitors": { - "items": { - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "type": "string" - }, - "readOnly": { - "type": "boolean" + "type": "object" }, - "secretRef": { + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "name": { - "default": "", - "type": "string" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "properties": { - "fsType": { - "default": "xfs", - "type": "string" - }, - "gateway": { - "type": "string" - }, - "protectionDomain": { - "type": "string" + "type": "object" }, - "readOnly": { + "insecureSkipVerify": { + "description": "Disable target certificate validation.", "type": "boolean" }, - "secretRef": { + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "sslEnabled": { - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "type": "string" - }, - "storagePool": { + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "system": { + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "volumeName": { + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], "type": "object" }, - "secret": { + "trackTimestampsStaleness": { + "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", + "type": "boolean" + } + }, + "type": "object" + }, + "type": "array" + }, + "podTargetLabels": { + "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sampleLimit": { + "description": "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted.", + "format": "int64", + "type": "integer" + }, + "scrapeClass": { + "description": "The scrape class to apply.", + "minLength": 1, + "type": "string" + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.", + "type": "boolean" + }, + "scrapeProtocols": { + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "selector": { + "description": "Label selector to select the Kubernetes `Pod` objects to scrape metrics from.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "defaultMode": { - "format": "int32", - "type": "integer" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "optional": { - "type": "boolean" - }, - "secretName": { - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "properties": { - "fsType": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "type": "string" - }, - "volumeNamespace": { - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "properties": { - "fsType": { - "type": "string" - }, - "storagePolicyID": { - "type": "string" - }, - "storagePolicyName": { - "type": "string" - }, - "volumePath": { - "type": "string" } }, "required": [ - "volumePath" + "key", + "operator" ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "name" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "selectorMechanism": { + "description": "Mechanism used to select the endpoints to scrape.\nBy default, the selection process relies on relabel configurations to filter the discovered targets.\nAlternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.\nWhich strategy is best for your use case needs to be carefully evaluated.\n\nIt requires Prometheus >= v2.17.0.", + "enum": [ + "RelabelConfig", + "RoleSelector" + ], + "type": "string" + }, + "targetLimit": { + "description": "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted.", + "format": "int64", + "type": "integer" } }, "required": [ - "capabilities", - "endpoint" + "selector" ], "type": "object" - }, - "status": { - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "opentelemetry.io", - "kind": "OpAMPBridge", - "version": "v1alpha1" + "group": "monitoring.coreos.com", + "kind": "PodMonitor", + "version": "v1" } ] }, - "opentelemetry.io/v1alpha1/OpAMPBridgeList": { - "description": "OpAMPBridgeList is a list of OpAMPBridge", + "monitoring.coreos.com/v1/PodMonitorList": { + "description": "PodMonitorList is a list of PodMonitor", "namespaced": true, "properties": { "apiVersion": { @@ -243481,9 +158070,9 @@ "type": "string" }, "items": { - "description": "List of opampbridges. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of podmonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.opentelemetry.v1alpha1.OpAMPBridge" + "$ref": "#/components/schemas/com.coreos.monitoring.v1.PodMonitor" }, "type": "array" }, @@ -243506,14 +158095,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "opentelemetry.io", - "kind": "OpAMPBridgeList", - "version": "v1alpha1" + "group": "monitoring.coreos.com", + "kind": "PodMonitorList", + "version": "v1" } ] }, - "opentelemetry.io/v1alpha1/TargetAllocator": { - "description": "", + "monitoring.coreos.com/v1/Probe": { + "description": "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.", "namespaced": true, "properties": { "apiVersion": { @@ -243533,1052 +158122,1233 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { + "description": "Specification of desired Ingress selection for target discovery by Prometheus.", "properties": { - "additionalContainers": { - "items": { - "properties": { - "args": { - "items": { + "authorization": { + "description": "Authorization section for this endpoint", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "command": { - "items": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "env": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", + "type": "boolean" + }, + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "interval": { + "description": "Interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "jobName": { + "description": "The job name assigned to scraped metrics by default.", + "type": "string" + }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", + "format": "int64", + "type": "integer" + }, + "metricRelabelings": { + "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "module": { + "description": "The module to use for probing specifying how to probe the target.\nExample module configuring in the blackbox exporter:\nhttps://github.com/prometheus/blackbox_exporter/blob/master/example.yml", + "type": "string" + }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "oauth2": { + "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "name": { + "key": { + "description": "The key to select.", "type": "string" }, - "value": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "items": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "configMapRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "prefix": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "lifecycle": { - "properties": { - "postStart": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - } + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object" - }, - "livenessProbe": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "name": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { "type": "string" }, - "ports": { + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "containerPort": { - "format": "int32", - "type": "integer" - }, - "hostIP": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "hostPort": { - "format": "int32", - "type": "integer" - }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "protocol": { - "default": "TCP", - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "containerPort" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "readinessProbe": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "scheme": { - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "items": { - "properties": { - "resourceName": { - "type": "string" - }, - "restartPolicy": { - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "resourceName", - "restartPolicy" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "properties": { - "claims": { - "items": { + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "name": { + "key": { + "description": "The key to select.", "type": "string" }, - "request": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, - "restartPolicy": { + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "params": { + "description": "The list of HTTP query parameters for the scrape.\nPlease note that the `.spec.module` field takes precedence over the `module` parameter from this list when both are defined.\nThe module name must be added using Module under ProbeSpec.", + "items": { + "description": "ProbeParam defines specification of extra parameters for a Probe.", + "properties": { + "name": { + "description": "The parameter name", + "minLength": 1, "type": "string" }, - "securityContext": { - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } + "values": { + "description": "The parameter values", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "prober": { + "description": "Specification for the prober to use for probing targets.\nThe prober.URL parameter is required. Targets cannot be probed if left empty.", + "properties": { + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "path": { + "default": "/probe", + "description": "Path to collect metrics from.\nDefaults to `/probe`.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "properties": { - "add": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" - }, - "privileged": { - "type": "boolean" - }, - "procMount": { - "type": "string" - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scheme": { + "description": "HTTP scheme to use for scraping.\n`http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling.\nIf empty, Prometheus uses the default value `http`.", + "enum": [ + "http", + "https" + ], + "type": "string" + }, + "url": { + "description": "Mandatory URL of the prober.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "format": "int64", + "type": "integer" + }, + "scrapeClass": { + "description": "The scrape class to apply.", + "minLength": 1, + "type": "string" + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.", + "type": "boolean" + }, + "scrapeProtocols": { + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "scrapeTimeout": { + "description": "Timeout for scraping metrics from the Prometheus exporter.\nIf not specified, the Prometheus global scrape timeout is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "format": "int64", + "type": "integer" + }, + "targets": { + "description": "Targets defines a set of static or dynamically discovered targets to probe.", + "properties": { + "ingress": { + "description": "ingress defines the Ingress objects to probe and the relabeling\nconfiguration.\nIf `staticConfig` is also defined, `staticConfig` takes precedence.", + "properties": { + "namespaceSelector": { + "description": "From which namespaces to select Ingress objects.", + "properties": { + "any": { + "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", + "type": "boolean" }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { + "matchNames": { + "description": "List of namespace names to select from.", + "items": { "type": "string" }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" + "type": "array" + } }, - "windowsOptions": { + "type": "object" + }, + "relabelingConfigs": { + "description": "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "gmsaCredentialSpec": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], "type": "string" }, - "gmsaCredentialSpecName": { + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, - "hostProcess": { - "type": "boolean" + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" }, - "runAsUserName": { + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "properties": { - "exec": { - "properties": { - "command": { + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" + "type": "array" }, - "service": { - "default": "", + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, - "required": [ - "port" - ], "type": "object" }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "type": "array" + }, + "selector": { + "description": "Selector to select the Ingress objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } + }, + "required": [ + "key", + "operator" ], - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "successThreshold": { - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "staticConfig": { + "description": "staticConfig defines the static list of targets to probe and the\nrelabeling configuration.\nIf `ingress` is also defined, `staticConfig` takes precedence.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" }, - "tcpSocket": { + "description": "Labels assigned to all metrics scraped from the targets.", + "type": "object" + }, + "relabelingConfigs": { + "description": "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "host": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" } }, - "required": [ - "port" - ], "type": "object" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } + "type": "array" }, - "type": "object" - }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { - "type": "string" - }, - "terminationMessagePolicy": { - "type": "string" - }, - "tty": { - "type": "boolean" + "static": { + "description": "The list of hosts to probe.", + "items": { + "type": "string" + }, + "type": "array" + } }, - "volumeDevices": { - "items": { + "type": "object" + } + }, + "type": "object" + }, + "tlsConfig": { + "description": "TLS configuration to use when scraping the endpoint.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "devicePath": { + "key": { + "description": "The key to select.", "type": "string" }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "devicePath", - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "items": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "mountPath": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "mountPropagation": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "readOnly": { + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" - }, - "recursiveReadOnly": { + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "subPath": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "subPathExpr": { - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "mountPath", - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "workingDir": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "Probe", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/ProbeList": { + "description": "ProbeList is a list of Probe", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of probes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.monitoring.v1.Probe" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "ProbeList", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/Prometheus": { + "description": "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "additionalAlertManagerConfigs": { + "description": "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "additionalAlertRelabelConfigs": { + "description": "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", + "items": { + "description": "Argument as part of the AdditionalArgs list.", + "properties": { + "name": { + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", "type": "string" } }, @@ -244589,25 +159359,58 @@ }, "type": "array" }, + "additionalScrapeConfigs": { + "description": "AdditionalScrapeConfigs allows specifying a key of a Secret containing\nadditional Prometheus scrape configurations. Scrape configurations\nspecified are appended to the configurations generated by the Prometheus\nOperator. Job configurations specified must have the form as specified\nin the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.\nAs scrape configs are appended, the user is responsible to make sure it\nis valid. Note that using this feature may expose the possibility to\nbreak upgrades of Prometheus. It is advised to review Prometheus release\nnotes to ensure that no incompatible scrape configs are going to break\nPrometheus after the upgrade.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "affinity": { + "description": "Defines the Pods' affinity scheduling rules if specified.", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, @@ -244625,15 +159428,20 @@ "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, @@ -244655,6 +159463,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "format": "int32", "type": "integer" } @@ -244669,20 +159478,28 @@ "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, @@ -244700,15 +159517,20 @@ "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, @@ -244743,24 +159565,34 @@ "type": "object" }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -244781,6 +159613,7 @@ "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -244788,6 +159621,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -244795,6 +159629,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -244802,17 +159637,23 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -244828,2839 +159669,1483 @@ }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "allocationStrategy": { - "default": "consistent-hashing", - "enum": [ - "least-weighted", - "consistent-hashing", - "per-node" - ], - "type": "string" - }, - "args": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "collectorNotReadyGracePeriod": { - "default": "30s", - "format": "duration", - "type": "string" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "items": { - "properties": { - "configMapRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "type": "string" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "filterStrategy": { - "default": "relabel-config", - "enum": [ - "", - "relabel-config" - ], - "type": "string" - }, - "global": { - "type": "object" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "initContainers": { - "items": { - "properties": { - "args": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "items": { - "properties": { - "configMapRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "type": "string" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "lifecycle": { - "properties": { - "postStart": { - "properties": { - "exec": { - "properties": { - "command": { + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" }, - "httpGet": { + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "port" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "required": [ - "seconds" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpGet": { + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "seconds" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "livenessProbe": { - "properties": { - "exec": { - "properties": { - "command": { + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" }, - "service": { - "default": "", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "port" + "topologyKey" ], "type": "object" }, - "httpGet": { + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { "type": "string" }, - "value": { + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { "type": "string" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } + }, + "required": [ + "topologyKey" ], - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "port" + "podAffinityTerm", + "weight" ], "type": "object" }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "ports": { - "items": { - "properties": { - "containerPort": { - "format": "int32", - "type": "integer" - }, - "hostIP": { - "type": "string" - }, - "hostPort": { - "format": "int32", - "type": "integer" - }, - "name": { - "type": "string" - }, - "protocol": { - "default": "TCP", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "properties": { - "exec": { - "properties": { - "command": { + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" }, - "httpHeaders": { + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, "required": [ - "port" + "topologyKey" ], "type": "object" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "items": { - "properties": { - "resourceName": { - "type": "string" - }, - "restartPolicy": { - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "resources": { + "type": "object" + } + }, + "type": "object" + }, + "alerting": { + "description": "Defines the settings related to Alertmanager.", + "properties": { + "alertmanagers": { + "description": "Alertmanager endpoints where Prometheus should send alerts to.", + "items": { + "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object\ncontaining Alertmanager IPs to fire alerts against.", "properties": { - "claims": { + "alertRelabelings": { + "description": "Relabeling configs applied before sending alerts to a specific Alertmanager.\nIt requires Prometheus >= v2.51.0.", "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "name": { - "type": "string" - }, - "request": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", "type": "integer" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "type": "string" - }, - "securityContext": { - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "properties": { - "add": { - "items": { + "regex": { + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "type": "boolean" - }, - "procMount": { - "type": "string" - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } }, - "port": { - "anyOf": [ - { - "type": "integer" + "type": "object" + }, + "type": "array" + }, + "apiVersion": { + "description": "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"V1\" or \"V2\".\nThe field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported.", + "enum": [ + "v1", + "V1", + "v2", + "V2" + ], + "type": "string" + }, + "authorization": { + "description": "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "scheme": { + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, - "required": [ - "port" - ], "type": "object" }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { + "basicAuth": { + "description": "BasicAuth configuration for Alertmanager.\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.", "properties": { - "host": { - "type": "string" + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "port": { - "anyOf": [ - { - "type": "integer" + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "port" - ], "type": "object" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "bearerTokenFile": { + "description": "File to read bearer token for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "type": "string" }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { - "type": "string" - }, - "terminationMessagePolicy": { - "type": "string" - }, - "tty": { - "type": "boolean" - }, - "volumeDevices": { - "items": { - "properties": { - "devicePath": { - "type": "string" - }, - "name": { - "type": "string" - } + "enableHttp2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "items": { - "properties": { - "mountPath": { - "type": "string" - }, - "mountPropagation": { - "type": "string" - }, - "name": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "recursiveReadOnly": { - "type": "string" - }, - "subPath": { - "type": "string" - }, - "subPathExpr": { - "type": "string" - } + "name": { + "description": "Name of the Endpoints object in the namespace.", + "minLength": 1, + "type": "string" }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ipFamilyPolicy": { - "default": "SingleStack", - "type": "string" - }, - "lifecycle": { - "properties": { - "postStart": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" + "namespace": { + "description": "Namespace of the Endpoints object.\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object.", + "minLength": 1, + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "pathPrefix": { + "description": "Prefix for the HTTP path alerts are pushed to.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + { + "type": "string" + } + ], + "description": "Port on which the Alertmanager API is exposed.", + "x-kubernetes-int-or-string": true }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { + "proxyConnectHeader": { + "additionalProperties": { "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "name": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "value": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name", - "value" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "array" }, - "scheme": { - "type": "string" - } + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "relabelings": { + "description": "Relabel configuration applied to the discovered Alertmanagers.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", "type": "integer" }, - { + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" + "type": "object" }, - "httpHeaders": { - "items": { + "type": "array" + }, + "scheme": { + "description": "Scheme to use when firing alerts.", + "type": "string" + }, + "sigv4": { + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.48.0.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", "properties": { - "name": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "value": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name", - "value" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "managementState": { - "default": "managed", - "enum": [ - "managed", - "unmanaged" - ], - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "observability": { - "properties": { - "metrics": { - "properties": { - "disablePrometheusAnnotations": { - "type": "boolean" - }, - "enableMetrics": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "podAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "podDisruptionBudget": { - "properties": { - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "minAvailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "podDnsConfig": { - "properties": { - "nameservers": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podSecurityContext": { - "properties": { - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "type": "string" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "type": "string" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "type": "string" - }, - "sysctls": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "ports": { - "items": { - "properties": { - "appProtocol": { - "type": "string" - }, - "hostPort": { - "format": "int32", - "type": "integer" - }, - "name": { - "type": "string" - }, - "nodePort": { - "format": "int32", - "type": "integer" - }, - "port": { - "format": "int32", - "type": "integer" - }, - "protocol": { - "default": "TCP", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "priorityClassName": { - "type": "string" - }, - "prometheusCR": { - "properties": { - "allowNamespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "denyNamespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "enabled": { - "type": "boolean" - }, - "podMonitorSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", "type": "string" }, - "operator": { + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", "type": "string" }, - "values": { - "items": { - "type": "string" + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "timeout": { + "description": "Timeout is a per-target Alertmanager timeout when pushing alerts.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "probeSelector": { - "properties": { - "matchExpressions": { - "items": { + "tlsConfig": { + "description": "TLS Config to use for Alertmanager.", "properties": { - "key": { - "type": "string" + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "operator": { + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", "type": "string" }, - "values": { - "items": { - "type": "string" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "scrapeConfigSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { + "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", "type": "string" }, - "operator": { + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", "type": "string" }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "scrapeInterval": { - "default": "30s", - "format": "duration", - "type": "string" - }, - "serviceMonitorSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "operator": { + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "key", - "operator" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "replicas": { - "default": 1, - "format": "int32", - "type": "integer" - }, - "resources": { - "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "request": { - "type": "string" } }, "required": [ - "name" + "name", + "port" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "type": "array" } }, + "required": [ + "alertmanagers" + ], "type": "object" }, - "scrapeConfigs": { - "items": { - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-preserve-unknown-fields": true + "allowOverlappingBlocks": { + "description": "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.", + "type": "boolean" }, - "securityContext": { + "apiserverConfig": { + "description": "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { + "authorization": { + "description": "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { - "localhostProfile": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with `credentials`.", "type": "string" }, "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, - "required": [ - "type" - ], "type": "object" }, - "capabilities": { + "basicAuth": { + "description": "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { - "add": { - "items": { - "type": "string" + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "drop": { - "items": { - "type": "string" + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "privileged": { - "type": "boolean" + "bearerToken": { + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", + "type": "string" }, - "procMount": { + "bearerTokenFile": { + "description": "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, - "readOnlyRootFilesystem": { - "type": "boolean" + "host": { + "description": "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number.", + "type": "string" }, - "runAsGroup": { - "format": "int64", - "type": "integer" + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" }, - "runAsNonRoot": { + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "boolean" }, - "runAsUser": { - "format": "int64", - "type": "integer" + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" }, - "seLinuxOptions": { + "tlsConfig": { + "description": "TLS Config to use for the API server.", "properties": { - "level": { - "type": "string" + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "role": { + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", "type": "string" }, - "type": { - "type": "string" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", "type": "string" }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", "type": "string" }, - "gmsaCredentialSpecName": { + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "hostProcess": { - "type": "boolean" + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" }, - "runAsUserName": { + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" } }, "type": "object" } }, + "required": [ + "host" + ], "type": "object" }, - "serviceAccount": { - "type": "string" + "arbitraryFSAccessThroughSMs": { + "description": "When true, ServiceMonitor, PodMonitor and Probe object are forbidden to\nreference arbitrary files on the file system of the 'prometheus'\ncontainer.\nWhen a ServiceMonitor's endpoint specifies a `bearerTokenFile` value\n(e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a\nmalicious target can get access to the Prometheus service account's\ntoken in the Prometheus' scrape request. Setting\n`spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.\nUsers should instead provide the credentials using the\n`spec.bearerTokenSecret` field.", + "properties": { + "deny": { + "type": "boolean" + } + }, + "type": "object" }, - "shareProcessNamespace": { + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", "type": "boolean" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "baseImage": { + "description": "Deprecated: use 'spec.image' instead.", + "type": "string" }, - "tolerations": { + "bodySizeLimit": { + "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "configMaps": { + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container.", "items": { - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "tolerationSeconds": { - "format": "int64", - "type": "integer" - }, - "value": { - "type": "string" - } - }, - "type": "object" + "type": "string" }, "type": "array" }, - "topologySpreadConstraints": { + "containers": { + "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { + "description": "A single application container that you want to run within a pod.", "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "maxSkew": { - "format": "int32", - "type": "integer" - }, - "minDomains": { - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "type": "string" - }, - "nodeTaintsPolicy": { - "type": "string" - }, - "topologyKey": { - "type": "string" - }, - "whenUnsatisfiable": { - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "volumeMounts": { - "items": { - "properties": { - "mountPath": { - "type": "string" - }, - "mountPropagation": { - "type": "string" - }, - "name": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "recursiveReadOnly": { - "type": "string" - }, - "subPath": { - "type": "string" - }, - "subPathExpr": { - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "volumes": { - "items": { - "properties": { - "awsElasticBlockStore": { - "properties": { - "fsType": { - "type": "string" - }, - "partition": { - "format": "int32", - "type": "integer" - }, - "readOnly": { - "type": "boolean" - }, - "volumeID": { - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "properties": { - "cachingMode": { - "type": "string" - }, - "diskName": { - "type": "string" - }, - "diskURI": { - "type": "string" - }, - "fsType": { - "default": "ext4", - "type": "string" - }, - "kind": { - "type": "string" - }, - "readOnly": { - "default": false, - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "properties": { - "readOnly": { - "type": "boolean" - }, - "secretName": { - "type": "string" - }, - "shareName": { - "type": "string" - } + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "cephfs": { - "properties": { - "monitors": { - "items": { + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "secretFile": { - "type": "string" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "properties": { - "fsType": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "properties": { - "defaultMode": { - "format": "int32", - "type": "integer" - }, - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "properties": { - "driver": { - "type": "string" - }, - "fsType": { - "type": "string" - }, - "nodePublishSecretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "properties": { - "defaultMode": { - "format": "int32", - "type": "integer" - }, - "items": { - "items": { + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -247670,16 +161155,11 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { @@ -247691,10 +161171,12 @@ "type": "string" } ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -247703,1037 +161185,1447 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + } + }, + "required": [ + "name" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "emptyDir": { - "properties": { - "medium": { - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "ephemeral": { + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { - "volumeClaimTemplate": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "spec": { + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "accessModes": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "type": "string" + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "name": { + { "type": "string" } - }, - "required": [ - "kind", - "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "namespace": { + { "type": "string" } - }, - "required": [ - "kind", - "name" ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "type": "object" - } + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "storageClassName": { + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "volumeAttributesClassName": { - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "volumeMode": { + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" - }, - "volumeName": { + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, + "required": [ + "port" + ], "type": "object" } }, - "required": [ - "spec" - ], "type": "object" - } - }, - "type": "object" - }, - "fc": { - "properties": { - "fsType": { - "type": "string" - }, - "lun": { - "format": "int32", - "type": "integer" - }, - "readOnly": { - "type": "boolean" - }, - "targetWWNs": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "wwids": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" } }, "type": "object" }, - "flexVolume": { + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "driver": { - "type": "string" - }, - "fsType": { - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, "type": "object" }, - "readOnly": { - "type": "boolean" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "secretRef": { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { - "name": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "properties": { - "datasetName": { - "type": "string" + "required": [ + "port" + ], + "type": "object" }, - "datasetUUID": { - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "properties": { - "fsType": { - "type": "string" + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" }, - "partition": { + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, - "pdName": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "properties": { - "directory": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "revision": { - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "properties": { - "endpoints": { - "type": "string" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "properties": { - "path": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "properties": { - "pullPolicy": { - "type": "string" - }, - "reference": { - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "properties": { - "chapAuthDiscovery": { - "type": "boolean" - }, - "chapAuthSession": { - "type": "boolean" - }, - "fsType": { - "type": "string" - }, - "initiatorName": { - "type": "string" - }, - "iqn": { - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "type": "string" - }, - "lun": { + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, - "portals": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "type": "boolean" + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "secretRef": { + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { - "name": { - "default": "", + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "port" + ], + "type": "object" }, - "targetPortal": { - "type": "string" + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], "type": "object" }, "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, - "nfs": { - "properties": { - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "server": { - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "properties": { - "claimName": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "properties": { - "fsType": { - "type": "string" + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } }, - "pdID": { - "type": "string" - } + "required": [ + "containerPort" + ], + "type": "object" }, - "required": [ - "pdID" + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" ], - "type": "object" + "x-kubernetes-list-type": "map" }, - "portworxVolume": { + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "fsType": { - "type": "string" - }, - "readOnly": { - "type": "boolean" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "volumeID": { - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "properties": { - "defaultMode": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, - "sources": { - "items": { - "properties": { - "clusterTrustBundle": { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "optional": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "signerName": { + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "path" + "name", + "value" ], "type": "object" }, - "configMap": { - "properties": { - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "properties": { - "items": { - "items": { - "properties": { - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object" - }, - "secret": { - "properties": { - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" }, - "serviceAccountToken": { - "properties": { - "audience": { - "type": "string" - }, - "expirationSeconds": { - "format": "int64", - "type": "integer" - }, - "path": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } }, "type": "object" }, - "quobyte": { + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { - "group": { - "type": "string" - }, - "readOnly": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, - "registry": { - "type": "string" + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" }, - "tenant": { - "type": "string" + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "user": { - "type": "string" + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" }, - "volume": { - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "properties": { - "fsType": { + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "image": { - "type": "string" + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" }, - "keyring": { - "default": "/etc/ceph/keyring", - "type": "string" + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" }, - "monitors": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" }, - "pool": { - "default": "rbd", - "type": "string" + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" }, - "readOnly": { - "type": "boolean" + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" }, - "secretRef": { + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "name": { - "default": "", + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "type" + ], + "type": "object" }, - "user": { - "default": "admin", - "type": "string" + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" } }, - "required": [ - "image", - "monitors" - ], "type": "object" }, - "scaleIO": { + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "fsType": { - "default": "xfs", - "type": "string" - }, - "gateway": { - "type": "string" - }, - "protectionDomain": { - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "readOnly": { - "type": "boolean" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "secretRef": { + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { - "name": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "type": "boolean" + "required": [ + "port" + ], + "type": "object" }, - "storageMode": { - "default": "ThinProvisioned", - "type": "string" + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" }, - "storagePool": { - "type": "string" + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" }, - "system": { - "type": "string" + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "volumeName": { - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "properties": { - "defaultMode": { + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, - "items": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "mode": { - "format": "int32", - "type": "integer" - }, - "path": { - "type": "string" - } + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" }, - "required": [ - "key", - "path" - ], - "type": "object" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "port" + ], + "type": "object" }, - "optional": { - "type": "boolean" + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" }, - "secretName": { - "type": "string" + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, "type": "object" }, - "storageos": { - "properties": { - "fsType": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - } + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } }, - "volumeName": { - "type": "string" + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } }, - "volumeNamespace": { - "type": "string" - } + "required": [ + "mountPath", + "name" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, - "vsphereVolume": { + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native\nhistogram with custom buckets.\n\nIt requires Prometheus >= v3.4.0.", + "type": "boolean" + }, + "disableCompaction": { + "description": "When true, the Prometheus compaction is disabled.\nWhen `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically\ndisables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).", + "type": "boolean" + }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", "properties": { - "fsType": { - "type": "string" - }, - "storagePolicyID": { - "type": "string" - }, - "storagePolicyName": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, "type": "string" }, - "volumePath": { + "value": { + "description": "Value is optional.", "type": "string" } }, "required": [ - "volumePath" + "name" ], "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, + "enableAdminAPI": { + "description": "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", + "type": "boolean" + }, + "enableFeatures": { + "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "enableOTLPReceiver": { + "description": "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0.", + "type": "boolean" + }, + "enableRemoteWriteReceiver": { + "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0.", + "type": "boolean" + }, + "enableServiceLinks": { + "description": "Indicates whether information about services should be injected into pod's environment variables", + "type": "boolean" + }, + "enforcedBodySizeLimit": { + "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "enforcedKeepDroppedTargets": { + "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", + "format": "int64", + "type": "integer" + }, + "enforcedLabelLimit": { + "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", + "format": "int64", + "type": "integer" + }, + "enforcedLabelNameLengthLimit": { + "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", + "format": "int64", + "type": "integer" + }, + "enforcedLabelValueLengthLimit": { + "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", + "format": "int64", + "type": "integer" + }, + "enforcedNamespaceLabel": { + "description": "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", + "type": "string" + }, + "enforcedSampleLimit": { + "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", + "format": "int64", + "type": "integer" + }, + "enforcedTargetLimit": { + "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", + "format": "int64", + "type": "integer" + }, + "evaluationInterval": { + "default": "30s", + "description": "Interval between rule evaluations.\nDefault: \"30s\"", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "excludedFromEnforcement": { + "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", + "items": { + "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", + "properties": { + "group": { + "default": "monitoring.coreos.com", + "description": "Group of the referent. When not specified, it defaults to `monitoring.coreos.com`", + "enum": [ + "monitoring.coreos.com" + ], + "type": "string" + }, + "name": { + "description": "Name of the referent. When not set, all resources in the namespace are matched.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "minLength": 1, + "type": "string" + }, + "resource": { + "description": "Resource of the referent.", + "enum": [ + "prometheusrules", + "servicemonitors", + "podmonitors", + "probes", + "scrapeconfigs" + ], + "type": "string" } }, "required": [ - "name" + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array" + }, + "exemplars": { + "description": "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective.", + "properties": { + "maxSize": { + "description": "Maximum number of exemplars stored in memory for all series.\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "externalLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "The labels to add to any time series or alerts when communicating with\nexternal systems (federation, remote storage, Alertmanager).\nLabels defined by `spec.replicaExternalLabelName` and\n`spec.prometheusExternalLabelName` take precedence over this list.", + "type": "object" + }, + "externalUrl": { + "description": "The external URL under which the Prometheus service is externally\navailable. This is necessary to generate correct URLs (for instance if\nPrometheus is accessible behind an Ingress resource).", + "type": "string" + }, + "hostAliases": { + "description": "Optional list of hosts and IPs that will be injected into the Pod's\nhosts file if specified.", + "items": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ip": { + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "required": [ + "hostnames", + "ip" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "managementState" - ], - "type": "object" - }, - "status": { - "properties": { + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "hostNetwork": { + "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/ ).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).", + "type": "boolean" + }, + "hostUsers": { + "description": "HostUsers supports the user space in Kubernetes.\n\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/\n\nThe feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled.\nStarting Kubernetes 1.33, the feature is enabled by default.", + "type": "boolean" + }, + "ignoreNamespaceSelectors": { + "description": "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject.", + "type": "boolean" + }, "image": { + "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", "type": "string" }, - "version": { + "imagePullPolicy": { + "description": "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", + "enum": [ + "", + "Always", + "Never", + "IfNotPresent" + ], "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "opentelemetry.io", - "kind": "TargetAllocator", - "version": "v1alpha1" - } - ] - }, - "opentelemetry.io/v1alpha1/TargetAllocatorList": { - "description": "TargetAllocatorList is a list of TargetAllocator", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of targetallocators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.opentelemetry.v1alpha1.TargetAllocator" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "opentelemetry.io", - "kind": "TargetAllocatorList", - "version": "v1alpha1" - } - ] - }, - "opentelemetry.io/v1beta1/OpenTelemetryCollector": { - "description": "", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "additionalContainers": { + }, + "imagePullSecrets": { + "description": "An optional list of references to Secrets in the same namespace\nto use for pulling images from registries.\nSee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "initContainers": { + "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { + "description": "A single application container that you want to run within a pod.", "properties": { "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, @@ -248741,6 +162633,7 @@ "x-kubernetes-list-type": "atomic" }, "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, @@ -248748,26 +162641,35 @@ "x-kubernetes-list-type": "atomic" }, "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -248778,11 +162680,14 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -248793,8 +162698,10 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { @@ -248806,10 +162713,12 @@ "type": "string" } ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -248820,15 +162729,19 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -248854,15 +162767,20 @@ "x-kubernetes-list-type": "map" }, "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, @@ -248870,15 +162788,19 @@ "x-kubernetes-map-type": "atomic" }, "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, @@ -248892,18 +162814,24 @@ "x-kubernetes-list-type": "atomic" }, "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, @@ -248914,17 +162842,23 @@ "type": "object" }, "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -248938,6 +162872,7 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { @@ -248949,9 +162884,11 @@ "type": "string" } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -248961,8 +162898,10 @@ "type": "object" }, "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { "seconds": { + "description": "Seconds is the number of seconds to sleep.", "format": "int64", "type": "integer" } @@ -248973,8 +162912,10 @@ "type": "object" }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { @@ -248986,6 +162927,7 @@ "type": "string" } ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -248998,10 +162940,13 @@ "type": "object" }, "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, @@ -249012,17 +162957,23 @@ "type": "object" }, "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -249036,6 +162987,7 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { @@ -249047,9 +162999,11 @@ "type": "string" } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -249059,8 +163013,10 @@ "type": "object" }, "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { "seconds": { + "description": "Seconds is the number of seconds to sleep.", "format": "int64", "type": "integer" } @@ -249071,8 +163027,10 @@ "type": "object" }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { @@ -249084,6 +163042,7 @@ "type": "string" } ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -249094,15 +163053,22 @@ } }, "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" } }, "type": "object" }, "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, @@ -249113,17 +163079,21 @@ "type": "object" }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "format": "int32", "type": "integer" }, "service": { "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -249133,17 +163103,23 @@ "type": "object" }, "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -249157,6 +163133,7 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { @@ -249168,9 +163145,11 @@ "type": "string" } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -249180,20 +163159,25 @@ "type": "object" }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { @@ -249205,6 +163189,7 @@ "type": "string" } ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -249214,10 +163199,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -249225,27 +163212,35 @@ "type": "object" }, "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", "items": { + "description": "ContainerPort represents a network port in a single container.", "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", "format": "int32", "type": "integer" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "format": "int32", "type": "integer" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, @@ -249262,10 +163257,13 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, @@ -249276,17 +163274,21 @@ "type": "object" }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "format": "int32", "type": "integer" }, "service": { "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -249296,17 +163298,23 @@ "type": "object" }, "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -249320,6 +163328,7 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { @@ -249331,9 +163340,11 @@ "type": "string" } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -249343,20 +163354,25 @@ "type": "object" }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { @@ -249368,6 +163384,7 @@ "type": "string" } ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -249377,10 +163394,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -249388,12 +163407,16 @@ "type": "object" }, "resizePolicy": { + "description": "Resources resize policy for the container.", "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", "properties": { "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", "type": "string" }, "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", "type": "string" } }, @@ -249407,14 +163430,19 @@ "x-kubernetes-list-type": "atomic" }, "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, @@ -249442,6 +163470,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -249457,25 +163486,32 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", "type": "string" } }, @@ -249485,16 +163521,21 @@ "type": "object" }, "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "add": { + "description": "Added capabilities", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "drop": { + "description": "Removed capabilities", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, "type": "array", @@ -249504,48 +163545,62 @@ "type": "object" }, "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "type": "object" }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -249555,17 +163610,22 @@ "type": "object" }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -249575,10 +163635,13 @@ "type": "object" }, "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, @@ -249589,17 +163652,21 @@ "type": "object" }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "format": "int32", "type": "integer" }, "service": { "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -249609,17 +163676,23 @@ "type": "object" }, "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -249633,6 +163706,7 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { @@ -249644,9 +163718,11 @@ "type": "string" } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -249656,20 +163732,25 @@ "type": "object" }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { @@ -249681,6 +163762,7 @@ "type": "string" } ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -249690,10 +163772,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -249701,27 +163785,36 @@ "type": "object" }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, @@ -249738,27 +163831,36 @@ "x-kubernetes-list-type": "map" }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -249775,6 +163877,7 @@ "x-kubernetes-list-type": "map" }, "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -249785,1057 +163888,466 @@ }, "type": "array" }, - "affinity": { + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", + "format": "int64", + "type": "integer" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", + "format": "int64", + "type": "integer" + }, + "listenLocal": { + "description": "When true, the Prometheus server listens on the loopback address\ninstead of the Pod IP's address.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for Log level for Prometheus and the config-reloader sidecar.", + "enum": [ + "", + "logfmt", + "json" + ], + "type": "string" + }, + "logLevel": { + "description": "Log level for Prometheus and the config-reloader sidecar.", + "enum": [ + "", + "debug", + "info", + "warn", + "error" + ], + "type": "string" + }, + "maximumStartupDurationSeconds": { + "description": "Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete.\nIf set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).", + "format": "int32", + "minimum": 60, + "type": "integer" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\n\nIf unset, pods will be considered available as soon as they are ready.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "nameEscapingScheme": { + "description": "Specifies the character escaping scheme that will be requested when scraping\nfor metric and label names that do not conform to the legacy Prometheus\ncharacter set.\n\nIt requires Prometheus >= v3.4.0.", + "enum": [ + "AllowUTF8", + "Underscores", + "Dots", + "Values" + ], + "type": "string" + }, + "nameValidationScheme": { + "description": "Specifies the validation scheme for metric and label names.\n\nIt requires Prometheus >= v2.55.0.", + "enum": [ + "UTF8", + "Legacy" + ], + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "Defines on which Nodes the Pods are scheduled.", + "type": "object" + }, + "otlp": { + "description": "Settings related to the OTLP receiver feature.\nIt requires Prometheus >= v2.55.0.", "properties": { - "nodeAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "preference": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "properties": { - "nodeSelectorTerms": { - "items": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" + "convertHistogramsToNHCB": { + "description": "Configures optional translation of OTLP explicit bucket histograms into native histograms with custom buckets.\nIt requires Prometheus >= v3.4.0.", + "type": "boolean" }, - "podAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "ignoreResourceAttributes": { + "description": "List of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true.\n\nIt requires `promoteAllResourceAttributes` to be true.\nIt requires Prometheus >= v3.5.0.", + "items": { + "minLength": 1, + "type": "string" }, - "type": "object" + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" }, - "podAntiAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "keepIdentifyingResourceAttributes": { + "description": "Enables adding `service.name`, `service.namespace` and `service.instance.id`\nresource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels.\n\nIt requires Prometheus >= v3.1.0.", + "type": "boolean" + }, + "promoteAllResourceAttributes": { + "description": "Promote all resource attributes to metric labels except the ones defined in `ignoreResourceAttributes`.\n\nCannot be true when `promoteResourceAttributes` is defined.\nIt requires Prometheus >= v3.5.0.", + "type": "boolean" + }, + "promoteResourceAttributes": { + "description": "List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.\nCannot be defined when `promoteAllResourceAttributes` is true.", + "items": { + "minLength": 1, + "type": "string" }, - "type": "object" + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "translationStrategy": { + "description": "Configures how the OTLP receiver endpoint translates the incoming metrics.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "NoUTF8EscapingWithSuffixes", + "UnderscoreEscapingWithSuffixes", + "NoTranslation" + ], + "type": "string" } }, "type": "object" }, - "args": { - "additionalProperties": { - "type": "string" + "overrideHonorLabels": { + "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to \u201cexported_\u201d for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects.", + "type": "boolean" + }, + "overrideHonorTimestamps": { + "description": "When true, Prometheus ignores the timestamps for all the targets created\nfrom service and pod monitors.\nOtherwise the HonorTimestamps field of the service or pod monitor applies.", + "type": "boolean" + }, + "paused": { + "description": "When a Prometheus deployment is paused, no actions except for deletion\nwill be performed on the underlying objects.", + "type": "boolean" + }, + "persistentVolumeClaimRetentionPolicy": { + "description": "The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.\nThe default behavior is all PVCs are retained.\nThis is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.\nIt requires enabling the StatefulSetAutoDeletePVC feature gate.", + "properties": { + "whenDeleted": { + "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is deleted. The default policy\nof `Retain` causes PVCs to not be affected by StatefulSet deletion. The\n`Delete` policy causes those PVCs to be deleted.", + "type": "string" + }, + "whenScaled": { + "description": "WhenScaled specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is scaled down. The default\npolicy of `Retain` causes PVCs to not be affected by a scaledown. The\n`Delete` policy causes the associated PVCs for any excess pods above\nthe replica count to be deleted.", + "type": "string" + } }, "type": "object" }, - "autoscaler": { + "podMetadata": { + "description": "PodMetadata configures labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".", "properties": { - "behavior": { - "properties": { - "scaleDown": { - "properties": { - "policies": { - "items": { - "properties": { - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "type": { - "type": "string" - }, - "value": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "periodSeconds", - "type", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "selectPolicy": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", + "type": "string" + } + }, + "type": "object" + }, + "podMonitorNamespaceSelector": { + "description": "Namespaces to match for PodMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "stabilizationWindowSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "scaleUp": { - "properties": { - "policies": { - "items": { - "properties": { - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "type": { - "type": "string" - }, - "value": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "periodSeconds", - "type", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "selectPolicy": { + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podMonitorSelector": { + "description": "PodMonitors to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "stabilizationWindowSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" - }, - "maxReplicas": { - "format": "int32", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "metrics": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podTargetLabels": { + "description": "PodTargetLabels are appended to the `spec.podTargetLabels` field of all\nPodMonitor and ServiceMonitor objects.", + "items": { + "type": "string" + }, + "type": "array" + }, + "portName": { + "default": "web", + "description": "Port name used for the pods and governing service.\nDefault: \"web\"", + "type": "string" + }, + "priorityClassName": { + "description": "Priority class assigned to the Pods.", + "type": "string" + }, + "probeNamespaceSelector": { + "description": "Namespaces to match for Probe discovery. An empty label\nselector matches all namespaces. A null label selector matches the\ncurrent namespace only.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "pods": { - "properties": { - "metric": { - "properties": { - "name": { - "type": "string" - }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "target": { - "properties": { - "averageUtilization": { - "format": "int32", - "type": "integer" - }, - "averageValue": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "type" - ], - "type": "object" - } - }, - "required": [ - "metric", - "target" - ], - "type": "object" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "type" + "key", + "operator" ], "type": "object" }, - "type": "array" - }, - "minReplicas": { - "format": "int32", - "type": "integer" - }, - "targetCPUUtilization": { - "format": "int32", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "targetMemoryUtilization": { - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "config": { + "probeSelector": { + "description": "Probes to be selected for target discovery. An empty label selector\nmatches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", "properties": { - "connectors": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "exporters": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "extensions": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "processors": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "receivers": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "service": { - "properties": { - "extensions": { - "items": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array" - }, - "pipelines": { - "additionalProperties": { - "properties": { - "exporters": { - "items": { - "type": "string" - }, - "type": "array" - }, - "processors": { - "items": { - "type": "string" - }, - "type": "array" - }, - "receivers": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "exporters", - "receivers" - ], - "type": "object" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "telemetry": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "pipelines" - ], + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "required": [ - "exporters", - "receivers", - "service" - ], "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-map-type": "atomic" }, - "configVersions": { - "default": 3, - "minimum": 1, - "type": "integer" + "prometheusExternalLabelName": { + "description": "Name of Prometheus external label used to denote the Prometheus instance\nname. The external label will _not_ be added when the field is set to\nthe empty string (`\"\"`).\n\nDefault: \"prometheus\"", + "type": "string" }, - "configmaps": { + "prometheusRulesExcludedFromEnforce": { + "description": "Defines the list of PrometheusRule objects to which the namespace label\nenforcement doesn't apply.\nThis is only relevant when `spec.enforcedNamespaceLabel` is set to true.\nDeprecated: use `spec.excludedFromEnforcement` instead.", "items": { + "description": "PrometheusRuleExcludeConfig enables users to configure excluded\nPrometheusRule names and their namespaces to be ignored while enforcing\nnamespace label for alerts and metrics.", "properties": { - "mountpath": { + "ruleName": { + "description": "Name of the excluded PrometheusRule object.", "type": "string" }, - "name": { + "ruleNamespace": { + "description": "Namespace of the excluded PrometheusRule object.", "type": "string" } }, "required": [ - "mountpath", - "name" + "ruleName", + "ruleNamespace" ], "type": "object" }, "type": "array" }, - "daemonSetUpdateStrategy": { + "query": { + "description": "QuerySpec defines the configuration of the Promethus query service.", "properties": { - "rollingUpdate": { - "properties": { - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "type": { + "lookbackDelta": { + "description": "The delta difference allowed for retrieving metrics during expression evaluations.", "type": "string" - } - }, - "type": "object" - }, - "deploymentUpdateStrategy": { - "properties": { - "rollingUpdate": { - "properties": { - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "type": "object" }, - "type": { + "maxConcurrency": { + "description": "Number of concurrent queries that can be run at once.", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "maxSamples": { + "description": "Maximum number of samples a single query can load into memory. Note that\nqueries will fail if they would load more samples than this into memory,\nso this also limits the number of samples a query can return.", + "format": "int32", + "type": "integer" + }, + "timeout": { + "description": "Maximum time a query may take before being aborted.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" } }, "type": "object" }, - "env": { + "queryLogFile": { + "description": "queryLogFile specifies where the file to which PromQL queries are logged.\n\nIf the filename has an empty path, e.g. 'query.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/query.log', you\nmust mount a volume in the specified directory and it must be writable.\nThis is because the prometheus container runs with a read-only root\nfilesystem for security reasons.\nAlternatively, the location can be set to a standard I/O stream, e.g.\n`/dev/stdout`, to log query information to the default Prometheus log\nstream.", + "type": "string" + }, + "reloadStrategy": { + "description": "Defines the strategy used to reload the Prometheus configuration.\nIf not specified, the configuration is reloaded using the /-/reload HTTP endpoint.", + "enum": [ + "HTTP", + "ProcessSignal" + ], + "type": "string" + }, + "remoteRead": { + "description": "Defines the list of remote read configurations.", "items": { + "description": "RemoteReadSpec defines the configuration for Prometheus to read back samples\nfrom a remote endpoint.", "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { + "authorization": { + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { - "configMapKeyRef": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -250845,58 +164357,169 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "fieldRef": { + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with `credentials`.", + "type": "string" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { - "apiVersion": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "fieldPath": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "fieldPath" + "key" ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "resourceFieldRef": { + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { - "containerName": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "resource" + "key" ], "type": "object", "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerToken": { + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File from which to read the bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "type": "string" + }, + "filterExternalLabels": { + "description": "Whether to use the external labels as selectors for the remote read endpoint.\n\nIt requires Prometheus >= v2.34.0.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0.", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Custom HTTP headers to be sent along with each remote read request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\nOnly valid in Prometheus versions 2.26.0 and newer.", + "type": "object" + }, + "name": { + "description": "The name of the remote read queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate read\nconfigurations.\n\nIt requires Prometheus >= v2.15.0.", + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "secretKeyRef": { + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -250905,1748 +164528,1490 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "items": { - "properties": { - "configMapRef": { - "properties": { - "name": { - "default": "", + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" }, - "optional": { + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "type": "string" - }, - "secretRef": { - "properties": { - "name": { - "default": "", + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "optional": { - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "hostNetwork": { - "type": "boolean" - }, - "image": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string" - }, - "ingress": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "hostname": { - "type": "string" - }, - "ingressClassName": { - "type": "string" - }, - "route": { - "properties": { - "termination": { - "enum": [ - "insecure", - "edge", - "passthrough", - "reencrypt" - ], - "type": "string" - } - }, - "type": "object" - }, - "ruleType": { - "enum": [ - "path", - "subdomain" - ], - "type": "string" - }, - "tls": { - "items": { - "properties": { - "hosts": { + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "secretName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "type": { - "enum": [ - "ingress", - "route" - ], - "type": "string" - } - }, - "type": "object" - }, - "initContainers": { - "items": { - "properties": { - "args": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { - "properties": { - "configMapKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "optional": { - "type": "boolean" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "properties": { - "apiVersion": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "fieldPath": { - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "resourceFieldRef": { - "properties": { - "containerName": { - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "resource": { - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "properties": { - "key": { - "type": "string" - }, - "name": { - "default": "", - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "optional": { - "type": "boolean" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - } + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" }, - "required": [ - "name" - ], - "type": "object" + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "clientId", + "clientSecret", + "tokenUrl" ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "envFrom": { - "items": { - "properties": { - "configMapRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "type": "string" - }, - "secretRef": { - "properties": { - "name": { - "default": "", - "type": "string" - }, - "optional": { - "type": "boolean" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" + "type": "array" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "image": { + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "imagePullPolicy": { + "readRecent": { + "description": "Whether reads should be made for queries for time ranges that\nthe local storage should have complete data for.", + "type": "boolean" + }, + "remoteTimeout": { + "description": "Timeout for requests to the remote read endpoint.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "lifecycle": { + "requiredMatchers": { + "additionalProperties": { + "type": "string" + }, + "description": "An optional list of equality matchers which have to be present\nin a selector to query the remote read endpoint.", + "type": "object" + }, + "tlsConfig": { + "description": "TLS Config to use for the URL.", "properties": { - "postStart": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "host": { + "key": { + "description": "The key to select.", "type": "string" }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "seconds" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tcpSocket": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "host": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "port" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "preStop": { + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "host": { + "key": { + "description": "The key to select.", "type": "string" }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "seconds" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tcpSocket": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "host": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "port" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, "type": "object" }, - "livenessProbe": { + "url": { + "description": "The URL of the endpoint to query from.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "type": "array" + }, + "remoteWrite": { + "description": "Defines the list of remote write configurations.", + "items": { + "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", + "properties": { + "authorization": { + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", "properties": { - "exec": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "failureThreshold": { - "format": "int32", - "type": "integer" + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with `credentials`.", + "type": "string" }, - "grpc": { + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "azureAd": { + "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0 or Thanos >= v0.31.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", + "properties": { + "cloud": { + "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", + "enum": [ + "AzureChina", + "AzureGovernment", + "AzurePublic" + ], + "type": "string" + }, + "managedIdentity": { + "description": "ManagedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.", "properties": { - "port": { - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", + "clientId": { + "description": "The client id", "type": "string" } }, "required": [ - "port" + "clientId" ], "type": "object" }, - "httpGet": { + "oauth": { + "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { + "clientId": { + "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", + "minLength": 1, "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "scheme": { + "tenantId": { + "description": "`tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.", + "minLength": 1, + "pattern": "^[0-9a-zA-Z-.]+$", "type": "string" } }, "required": [ - "port" + "clientId", + "clientSecret", + "tenantId" ], "type": "object" }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "tcpSocket": { + "sdk": { + "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.", "properties": { - "host": { + "tenantId": { + "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", + "pattern": "^[0-9a-zA-Z-.]+$", "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], "type": "object" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" } }, "type": "object" }, - "name": { - "type": "string" - }, - "ports": { - "items": { - "properties": { - "containerPort": { - "format": "int32", - "type": "integer" - }, - "hostIP": { - "type": "string" - }, - "hostPort": { - "format": "int32", - "type": "integer" - }, - "name": { - "type": "string" - }, - "protocol": { - "default": "TCP", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { + "basicAuth": { + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", "properties": { - "exec": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "grpc": { + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { - "port": { - "format": "int32", - "type": "integer" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "service": { + "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "port" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerToken": { + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "type": "string" + }, + "enableHTTP2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0 or Thanos >= v0.24.0.", + "type": "object" + }, + "messageVersion": { + "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0 or Thanos >= v0.37.0.", + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, + "metadataConfig": { + "description": "MetadataConfig configures the sending of series metadata to the remote storage.", + "properties": { + "maxSamplesPerSend": { + "description": "MaxSamplesPerSend is the maximum number of metadata samples per send.\n\nIt requires Prometheus >= v2.29.0.", + "format": "int32", + "minimum": -1, + "type": "integer" }, - "httpGet": { + "send": { + "description": "Defines whether metric metadata is sent to the remote storage or not.", + "type": "boolean" + }, + "sendInterval": { + "description": "Defines how frequently metric metadata is sent to the remote storage.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0 or Thanos >= 0.24.0.", + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "port": { - "anyOf": [ - { - "type": "integer" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "scheme": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "port" + "key" ], - "type": "object" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "periodSeconds": { - "format": "int32", - "type": "integer" + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" }, - "successThreshold": { - "format": "int32", - "type": "integer" + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true - } + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" }, - "required": [ - "port" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "items": { - "properties": { - "resourceName": { + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { "type": "string" }, - "restartPolicy": { - "type": "string" - } + "type": "array" }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "properties": { - "claims": { - "items": { - "properties": { - "name": { - "type": "string" + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "request": { - "type": "string" - } + "type": "object" }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" } }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], "type": "object" }, - "restartPolicy": { - "type": "string" - }, - "securityContext": { - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "localhostProfile": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "capabilities": { - "properties": { - "add": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "queueConfig": { + "description": "QueueConfig allows tuning of the remote write queue parameters.", + "properties": { + "batchSendDeadline": { + "description": "BatchSendDeadline is the maximum time a sample will wait in buffer.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" }, - "privileged": { - "type": "boolean" + "capacity": { + "description": "Capacity is the number of samples to buffer per shard before we start\ndropping them.", + "type": "integer" }, - "procMount": { + "maxBackoff": { + "description": "MaxBackoff is the maximum retry delay.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "readOnlyRootFilesystem": { - "type": "boolean" + "maxRetries": { + "description": "MaxRetries is the maximum number of times to retry a batch on recoverable errors.", + "type": "integer" }, - "runAsGroup": { - "format": "int64", + "maxSamplesPerSend": { + "description": "MaxSamplesPerSend is the maximum number of samples per send.", "type": "integer" }, - "runAsNonRoot": { - "type": "boolean" + "maxShards": { + "description": "MaxShards is the maximum number of shards, i.e. amount of concurrency.", + "type": "integer" }, - "runAsUser": { - "format": "int64", + "minBackoff": { + "description": "MinBackoff is the initial retry delay. Gets doubled for every retry.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "minShards": { + "description": "MinShards is the minimum number of shards, i.e. amount of concurrency.", "type": "integer" }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" + "retryOnRateLimit": { + "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "type": "boolean" }, - "seccompProfile": { + "sampleAgeLimit": { + "description": "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0 or Thanos >= v0.32.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "type": "object" + }, + "remoteTimeout": { + "description": "Timeout for requests to the remote write endpoint.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "roundRobinDNS": { + "description": "When enabled:\n - The remote-write mechanism will resolve the hostname via DNS.\n - It will randomly select one of the resolved IP addresses and connect to it.\n\nWhen disabled (default behavior):\n - The Go standard library will handle hostname resolution.\n - It will attempt connections to each resolved IP address sequentially.\n\nNote: The connection timeout applies to the entire resolution and connection process.\n If disabled, the timeout is distributed across all connection attempts.\n\nIt requires Prometheus >= v3.1.0 or Thanos >= v0.38.0.", + "type": "boolean" + }, + "sendExemplars": { + "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.", + "type": "boolean" + }, + "sendNativeHistograms": { + "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0 or Thanos >= v0.30.0.", + "type": "boolean" + }, + "sigv4": { + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", "properties": { - "localhostProfile": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "windowsOptions": { + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", "properties": { - "gmsaCredentialSpec": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "gmsaCredentialSpecName": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "hostProcess": { + "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" - }, - "runAsUserName": { - "type": "string" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "startupProbe": { + "tlsConfig": { + "description": "TLS Config to use for the URL.", "properties": { - "exec": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "command": { - "items": { - "type": "string" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "grpc": { - "properties": { - "port": { - "format": "int32", - "type": "integer" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "service": { - "default": "", - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "port" - ], "type": "object" }, - "httpGet": { + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "port": { - "anyOf": [ - { - "type": "integer" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "port" - ], "type": "object" }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" }, - "periodSeconds": { - "format": "int32", - "type": "integer" + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" }, - "successThreshold": { - "format": "int32", - "type": "integer" + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" }, - "tcpSocket": { + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { - "host": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "port" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, "type": "object" }, - "stdin": { - "type": "boolean" - }, - "stdinOnce": { - "type": "boolean" - }, - "terminationMessagePath": { - "type": "string" - }, - "terminationMessagePolicy": { + "url": { + "description": "The URL of the endpoint to send samples to.", + "minLength": 1, "type": "string" }, - "tty": { - "type": "boolean" - }, - "volumeDevices": { - "items": { - "properties": { - "devicePath": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { + "writeRelabelConfigs": { + "description": "The list of remote write relabel configurations.", "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "mountPath": { - "type": "string" - }, - "mountPropagation": { - "type": "string" - }, - "name": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "recursiveReadOnly": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], "type": "string" }, - "subPath": { - "type": "string" + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" }, - "subPathExpr": { - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ipFamilyPolicy": { - "default": "SingleStack", - "type": "string" - }, - "lifecycle": { - "properties": { - "postStart": { - "properties": { - "exec": { - "properties": { - "command": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { + "regex": { + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "properties": { - "exec": { - "properties": { - "command": { + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "properties": { - "seconds": { - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "properties": { - "host": { - "type": "string" + "type": "array" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "livenessProbe": { - "properties": { - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "managementState": { - "default": "managed", - "enum": [ - "managed", - "unmanaged" - ], - "type": "string" - }, - "mode": { - "enum": [ - "daemonset", - "deployment", - "sidecar", - "statefulset" - ], - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "observability": { - "properties": { - "metrics": { - "properties": { - "disablePrometheusAnnotations": { - "type": "boolean" - }, - "enableMetrics": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "persistentVolumeClaimRetentionPolicy": { - "properties": { - "whenDeleted": { - "type": "string" - }, - "whenScaled": { - "type": "string" - } - }, - "type": "object" - }, - "podAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "podDisruptionBudget": { - "properties": { - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "minAvailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "podDnsConfig": { - "properties": { - "nameservers": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podSecurityContext": { - "properties": { - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "type": "string" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "type": "string" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "type": "string" - }, - "sysctls": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "ports": { - "items": { - "properties": { - "appProtocol": { - "type": "string" - }, - "hostPort": { - "format": "int32", - "type": "integer" - }, - "name": { - "type": "string" - }, - "nodePort": { - "format": "int32", - "type": "integer" - }, - "port": { - "format": "int32", - "type": "integer" - }, - "protocol": { - "default": "TCP", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "required": [ - "port" + "url" ], "type": "object" }, + "type": "array" + }, + "remoteWriteReceiverMessageVersions": { + "description": "List of the protobuf message versions to accept when receiving the\nremote writes.\n\nIt requires Prometheus >= v2.54.0.", + "items": { + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, + "minItems": 1, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" }, - "priorityClassName": { + "replicaExternalLabelName": { + "description": "Name of Prometheus external label used to denote the replica name.\nThe external label will _not_ be added when the field is set to the\nempty string (`\"\"`).\n\nDefault: \"prometheus_replica\"", "type": "string" }, - "readinessProbe": { - "properties": { - "failureThreshold": { - "format": "int32", - "type": "integer" - }, - "initialDelaySeconds": { - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "format": "int32", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, "replicas": { - "default": 1, + "description": "Number of replicas of each shard to deploy for a Prometheus deployment.\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\ncreated.\n\nDefault: 1", "format": "int32", "type": "integer" }, "resources": { + "description": "Defines the resources requests and limits of the 'prometheus' container.", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, @@ -252674,6 +166039,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -252689,112 +166055,137 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, - "securityContext": { + "retention": { + "description": "How long to retain the Prometheus data.\n\nDefault: \"24h\" if `spec.retention` and `spec.retentionSize` are empty.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "retentionSize": { + "description": "Maximum number of bytes used by the Prometheus data.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`.", + "type": "string" + }, + "ruleNamespaceSelector": { + "description": "Namespaces to match for PrometheusRule discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.", "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": { - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "type" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "capabilities": { - "properties": { - "add": { - "items": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "ruleQueryOffset": { + "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\nIt requires Prometheus >= v2.53.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "ruleSelector": { + "description": "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "type": "boolean" - }, - "procMount": { - "type": "string" - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "user": { - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "type" - ], + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "windowsOptions": { + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "rules": { + "description": "Defines the configuration of the Prometheus rules' engine.", + "properties": { + "alert": { + "description": "Defines the parameters of the Prometheus rules' engine.\n\nAny update to these parameters trigger a restart of the pods.", "properties": { - "gmsaCredentialSpec": { + "forGracePeriod": { + "description": "Minimum duration between alert and restored 'for' state.\n\nThis is maintained only for alerts with a configured 'for' time greater\nthan the grace period.", "type": "string" }, - "gmsaCredentialSpecName": { + "forOutageTolerance": { + "description": "Max time to tolerate prometheus outage for restoring 'for' state of\nalert.", "type": "string" }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { + "resendDelay": { + "description": "Minimum amount of time to wait before resending an alert to\nAlertmanager.", "type": "string" } }, @@ -252803,692 +166194,252 @@ }, "type": "object" }, - "serviceAccount": { - "type": "string" + "runtime": { + "description": "RuntimeConfig configures the values for the Prometheus process behavior", + "properties": { + "goGC": { + "description": "The Go garbage collection target percentage. Lowering this number may increase the CPU usage.\nSee: https://tip.golang.org/doc/gc-guide#GOGC", + "format": "int32", + "minimum": -1, + "type": "integer" + } + }, + "type": "object" }, - "shareProcessNamespace": { - "type": "boolean" + "sampleLimit": { + "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.", + "format": "int64", + "type": "integer" }, - "targetAllocator": { - "properties": { - "affinity": { - "properties": { - "nodeAffinity": { - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "preference": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "scrapeClasses": { + "description": "List of scrape classes to expose to scraping objects such as\nPodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "items": { + "properties": { + "attachMetadata": { + "description": "AttachMetadata configures additional metadata to the discovered targets.\nWhen the scrape object defines its own configuration, it takes\nprecedence over the scrape class configuration.", + "properties": { + "node": { + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", + "type": "boolean" + } + }, + "type": "object" + }, + "authorization": { + "description": "Authorization section for the ScrapeClass.\nIt will only apply if the scrape resource doesn't specify any Authorization.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "properties": { - "nodeSelectorTerms": { - "items": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with `credentials`.", + "type": "string" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } }, - "podAffinity": { + "type": "object" + }, + "default": { + "description": "Default indicates that the scrape applies to all scrape objects that\ndon't configure an explicit scrape class name.\n\nOnly one scrape class can be set as the default.", + "type": "boolean" + }, + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\nIt will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "metricRelabelings": { + "description": "MetricRelabelings configures the relabeling rules to apply to all samples before ingestion.\n\nThe Operator adds the scrape class metric relabelings defined here.\nThen the Operator adds the target-specific metric relabelings defined in ServiceMonitors, PodMonitors, Probes and ScrapeConfigs.\nThen the Operator adds namespace enforcement relabeling rule, specified in '.spec.enforcedNamespaceLabel'.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" }, - "requiredDuringSchedulingIgnoredDuringExecution": { + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" } }, "type": "object" }, - "podAntiAffinity": { + "type": "array" + }, + "name": { + "description": "Name of the scrape class.", + "minLength": 1, + "type": "string" + }, + "relabelings": { + "description": "Relabelings configures the relabeling rules to apply to all scrape targets.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields\nlike `__meta_kubernetes_namespace` and `__meta_kubernetes_service_name`.\nThen the Operator adds the scrape class relabelings defined here.\nThen the Operator adds the target-specific relabelings defined in the scrape object.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "podAffinityTerm": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" } }, "type": "object" - } + }, + "type": "array" }, - "type": "object" - }, - "allocationStrategy": { - "default": "consistent-hashing", - "enum": [ - "least-weighted", - "consistent-hashing", - "per-node" - ], - "type": "string" - }, - "collectorNotReadyGracePeriod": { - "default": "30s", - "format": "duration", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "env": { - "items": { + "tlsConfig": { + "description": "TLSConfig defines the TLS settings to use for the scrape. When the\nscrape objects define their own CA, certificate and/or key, they take\nprecedence over the corresponding scrape class fields.\n\nFor now only the `caFile`, `certFile` and `keyFile` fields are supported.", "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - }, - "valueFrom": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "configMapKeyRef": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -253498,58 +166449,76 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "fieldRef": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "apiVersion": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "fieldPath": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "fieldPath" + "key" ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { + } + }, + "type": "object" + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "containerName": { + "key": { + "description": "The key to select.", "type": "string" }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "resource" + "key" ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "secretKeyRef": { + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -253561,62 +166530,521 @@ } }, "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.\n\nIt requires Prometheus >= v3.5.0.", + "type": "boolean" + }, + "scrapeConfigNamespaceSelector": { + "description": "Namespaces to match for ScrapeConfig discovery. An empty label selector\nmatches all namespaces. A null label selector matches the current\nnamespace only.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "filterStrategy": { - "default": "relabel-config", - "enum": [ - "", - "relabel-config" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "scrapeConfigSelector": { + "description": "ScrapeConfigs to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.\n\nNote that the ScrapeConfig custom resource definition is currently at Alpha level.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "scrapeFailureLogFile": { + "description": "File to which scrape failures are logged.\nReloading the configuration will reopen the file.\n\nIf the filename has an empty path, e.g. 'file.log', The Prometheus Pods\nwill mount the file into an emptyDir volume at `/var/log/prometheus`.\nIf a full path is provided, e.g. '/var/log/prometheus/file.log', you\nmust mount a volume in the specified directory and it must be writable.\nIt requires Prometheus >= v2.55.0.", + "minLength": 1, + "type": "string" + }, + "scrapeInterval": { + "default": "30s", + "description": "Interval between consecutive scrapes.\n\nDefault: \"30s\"", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "scrapeProtocols": { + "description": "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "scrapeTimeout": { + "description": "Number of seconds to wait until a scrape request times out.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "secrets": { + "description": "Secrets is a list of Secrets in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", + "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" ], + "type": "object" + }, + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "image": { + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } }, "type": "object" }, - "observability": { + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { - "metrics": { - "properties": { - "disablePrometheusAnnotations": { - "type": "boolean" - }, - "enableMetrics": { - "type": "boolean" - } - }, - "type": "object" + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" } }, + "required": [ + "type" + ], "type": "object" }, - "podDisruptionBudget": { + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", + "type": "string" + }, + "serviceDiscoveryRole": { + "description": "Defines the service discovery role used to discover targets from\n`ServiceMonitor` objects and Alertmanager endpoints.\n\nIf set, the value should be either \"Endpoints\" or \"EndpointSlice\".\nIf unset, the operator assumes the \"Endpoints\" role.", + "enum": [ + "Endpoints", + "EndpointSlice" + ], + "type": "string" + }, + "serviceMonitorNamespaceSelector": { + "description": "Namespaces to match for ServicedMonitors discovery. An empty label selector\nmatches all namespaces. A null label selector (default value) matches the current\nnamespace only.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - { + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceMonitorSelector": { + "description": "ServiceMonitors to be selected for target discovery. An empty label\nselector matches all objects. A null label selector matches no objects.\n\nIf `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`\nand `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.\nThe Prometheus operator will ensure that the Prometheus configuration's\nSecret exists, but it is the responsibility of the user to provide the raw\ngzipped Prometheus configuration under the `prometheus.yaml.gz` key.\nThis behavior is *deprecated* and will be removed in the next major version\nof the custom resource definition. It is recommended to use\n`spec.additionalScrapeConfigs` instead.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" - } - ], - "x-kubernetes-int-or-string": true + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceName": { + "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources,\nor `prometheus-agent-operated` for PrometheusAgent resources.\nWhen deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", + "minLength": 1, + "type": "string" + }, + "sha": { + "description": "Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name.", + "type": "string" + }, + "shardRetentionPolicy": { + "description": "ShardRetentionPolicy defines the retention policy for the Prometheus shards.\n(Alpha) Using this field requires the 'PrometheusShardRetentionPolicy' feature gate to be enabled.\n\nThe final goals for this feature can be seen at https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/proposals/202310-shard-autoscaling.md#graceful-scale-down-of-prometheus-servers,\nhowever, the feature is not yet fully implemented in this PR. The limitation being:\n* Retention duration is not settable, for now, shards are retained forever.", + "properties": { + "retain": { + "description": "Defines the config for retention when the retention policy is set to `Retain`.\nThis field is ineffective as of now.", + "properties": { + "retentionPeriod": { + "description": "Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function.\nSupported units: y, w, d, h, m, s, ms\nExamples: `30s`, `1m`, `1h20m15s`, `15d`", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "required": [ + "retentionPeriod" + ], + "type": "object" + }, + "whenScaled": { + "description": "Defines the retention policy when the Prometheus shards are scaled down.\n* `Delete`, the operator will delete the pods from the scaled-down shard(s).\n* `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried.\n\nIf not defined, the operator assumes the `Delete` value.", + "enum": [ + "Retain", + "Delete" + ], + "type": "string" + } + }, + "type": "object" + }, + "shards": { + "description": "Number of shards to distribute the scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use either\n* Thanos sidecar + querier for query federation and Thanos Ruler for rules.\n* Remote-write to send metrics to a central location.\n\nBy default, the sharding of targets is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class).\n\nYou can also disable sharding on a specific target by setting the\n`__tmp_disable_sharding` label with relabeling configuration. When\nthe label value isn't empty, all Prometheus shards will scrape the target.", + "format": "int32", + "type": "integer" + }, + "storage": { + "description": "Storage defines the storage used by Prometheus.", + "properties": { + "disableMountSubPath": { + "description": "Deprecated: subPath usage will be removed in a future release.", + "type": "boolean" + }, + "emptyDir": { + "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" }, - "minAvailable": { + "sizeLimit": { "anyOf": [ { "type": "integer" @@ -253625,319 +167053,840 @@ "type": "string" } ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "type": "object" }, - "podSecurityContext": { + "ephemeral": { + "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { - "appArmorProfile": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { - "localhostProfile": { - "type": "string" + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" }, - "type": { - "type": "string" + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" } }, "required": [ - "type" + "spec" ], "type": "object" - }, - "fsGroup": { - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { + } + }, + "type": "object" + }, + "volumeClaimTemplate": { + "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "seLinuxOptions": { + "metadata": { + "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "type": "object" }, - "type": { - "type": "string" + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "object" }, - "user": { + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", "type": "string" } }, "type": "object" }, - "seccompProfile": { + "spec": { + "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "type": "string" - }, - "sysctls": { - "items": { - "properties": { - "name": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { "type": "string" }, - "value": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "gmsaCredentialSpecName": { + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "hostProcess": { - "type": "boolean" + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" }, - "runAsUserName": { + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "type": "object" - } - }, - "type": "object" - }, - "prometheusCR": { - "properties": { - "allowNamespaces": { - "items": { - "type": "string" - }, - "type": "array" }, - "denyNamespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "enabled": { - "type": "boolean" - }, - "podMonitorSelector": { + "status": { + "description": "Deprecated: this field is never set.", "properties": { - "matchExpressions": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { - "properties": { - "key": { - "type": "string" + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "operator": { + { "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } - }, - "required": [ - "key", - "operator" ], - "type": "object" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" }, - "matchLabels": { + "capacity": { "additionalProperties": { - "type": "string" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, + "description": "capacity represents the actual resources of the underlying volume.", "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "probeSelector": { - "properties": { - "matchExpressions": { + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "key": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "operator": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" } }, "required": [ - "key", - "operator" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } }, + "required": [ + "status" + ], "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "tag": { + "description": "Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name.", + "type": "string" + }, + "targetLimit": { + "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedTargetLimit.", + "format": "int64", + "type": "integer" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 600 seconds.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "thanos": { + "description": "Defines the configuration of the optional Thanos sidecar.", + "properties": { + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the Thanos container.\nThe arguments are passed as-is to the Thanos container which may cause issues\nif they are invalid or not supported the given Thanos version.\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", + "items": { + "description": "Argument as part of the AdditionalArgs list.", + "properties": { + "name": { + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", + "type": "string" + } }, - "scrapeConfigSelector": { + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "baseImage": { + "description": "Deprecated: use 'image' instead.", + "type": "string" + }, + "blockSize": { + "default": "2h", + "description": "BlockDuration controls the size of TSDB blocks produced by Prometheus.\nThe default value is 2h to match the upstream Prometheus defaults.\n\nWARNING: Changing the block duration can impact the performance and\nefficiency of the entire Prometheus/Thanos stack due to how it interacts\nwith memory and Thanos compactors. It is recommended to keep this value\nset to a multiple of 120 times your longest scrape or rule interval. For\nexample, 30s * 120 = 1h.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "getConfigInterval": { + "description": "How often to retrieve the Prometheus configuration.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "getConfigTimeout": { + "description": "Maximum time to wait when retrieving the Prometheus configuration.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "grpcListenLocal": { + "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the gRPC endpoints.\n\nIt has no effect if `listenLocal` is true.", + "type": "boolean" + }, + "grpcServerTlsConfig": { + "description": "Configures the TLS parameters for the gRPC server providing the StoreAPI.\n\nNote: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "scrapeInterval": { - "default": "30s", - "format": "duration", + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", "type": "string" }, - "serviceMonitorSelector": { + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, "type": "object" }, - "replicas": { - "format": "int32", - "type": "integer" + "httpListenLocal": { + "description": "When true, the Thanos sidecar listens on the loopback interface instead\nof the Pod IP's address for the HTTP endpoints.\n\nIt has no effect if `listenLocal` is true.", + "type": "boolean" + }, + "image": { + "description": "Container image name for Thanos. If specified, it takes precedence over\nthe `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha`\nfields.\n\nSpecifying `spec.thanos.version` is still necessary to ensure the\nPrometheus Operator knows which version of Thanos is being configured.\n\nIf neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined,\nthe operator will use the latest upstream version of Thanos available at\nthe time when the operator was released.", + "type": "string" + }, + "listenLocal": { + "description": "Deprecated: use `grpcListenLocal` and `httpListenLocal` instead.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for the Thanos sidecar.", + "enum": [ + "", + "logfmt", + "json" + ], + "type": "string" + }, + "logLevel": { + "description": "Log level for the Thanos sidecar.", + "enum": [ + "", + "debug", + "info", + "warn", + "error" + ], + "type": "string" + }, + "minTime": { + "description": "Defines the start of time range limit served by the Thanos sidecar's StoreAPI.\nThe field's value should be a constant time in RFC3339 format or a time\nduration relative to current time, such as -1d or 2h45m. Valid duration\nunits are ms, s, m, h, d, w, y.", + "type": "string" + }, + "objectStorageConfig": { + "description": "Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nobjectStorageConfigFile takes precedence over this field.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "objectStorageConfigFile": { + "description": "Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage.\n\nMore info: https://thanos.io/tip/thanos/storage.md/\n\nThis field takes precedence over objectStorageConfig.", + "type": "string" + }, + "readyTimeout": { + "description": "ReadyTimeout is the maximum time that the Thanos sidecar will wait for\nPrometheus to start.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" }, "resources": { + "description": "Defines the resources requests and limits of the Thanos sidecar.", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, @@ -253965,6 +167914,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -253980,649 +167930,505 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, - "securityContext": { - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "appArmorProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "properties": { - "add": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "type": "boolean" - }, - "procMount": { - "type": "string" - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "type": "boolean" - }, - "runAsUser": { - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "properties": { - "level": { - "type": "string" - }, - "role": { - "type": "string" - }, - "type": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "properties": { - "localhostProfile": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "properties": { - "gmsaCredentialSpec": { - "type": "string" - }, - "gmsaCredentialSpecName": { - "type": "string" - }, - "hostProcess": { - "type": "boolean" - }, - "runAsUserName": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serviceAccount": { + "sha": { + "description": "Deprecated: use 'image' instead. The image digest can be specified as part of the image name.", "type": "string" }, - "tolerations": { - "items": { - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "tolerationSeconds": { - "format": "int64", - "type": "integer" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "format": "int32", - "type": "integer" - }, - "minDomains": { - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "type": "string" - }, - "nodeTaintsPolicy": { - "type": "string" - }, - "topologyKey": { - "type": "string" - }, - "whenUnsatisfiable": { - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" - }, - "tolerations": { - "items": { - "properties": { - "effect": { - "type": "string" - }, - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "tolerationSeconds": { - "format": "int64", - "type": "integer" - }, - "value": { - "type": "string" - } + "tag": { + "description": "Deprecated: use 'image' instead. The image's tag can be specified as as part of the image name.", + "type": "string" }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "items": { - "properties": { - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "items": { + "tracingConfig": { + "description": "Defines the tracing configuration for the Thanos sidecar.\n\n`tracingConfigFile` takes precedence over this field.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "format": "int32", - "type": "integer" - }, - "minDomains": { - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "type": "string" - }, - "nodeTaintsPolicy": { - "type": "string" - }, - "topologyKey": { - "type": "string" - }, - "whenUnsatisfiable": { - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" - }, - "upgradeStrategy": { - "enum": [ - "automatic", - "none" - ], - "type": "string" - }, - "volumeClaimTemplates": { - "items": { - "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "spec": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "properties": { - "apiGroup": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tracingConfigFile": { + "description": "Defines the tracing configuration file for the Thanos sidecar.\n\nThis field takes precedence over `tracingConfig`.\n\nMore info: https://thanos.io/tip/thanos/tracing.md/\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "type": "string" + }, + "version": { + "description": "Version of Thanos being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream release of\nThanos available at the time when the version of the operator was\nreleased.", + "type": "string" + }, + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts for Thanos.\nVolumeMounts specified will be appended to other VolumeMounts in the\n'thanos-sidecar' container.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" }, - "storageClassName": { + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, - "volumeAttributesClassName": { + "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, - "volumeMode": { + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, - "volumeName": { + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, + "required": [ + "mountPath", + "name" + ], "type": "object" }, - "status": { + "type": "array" + } + }, + "type": "object" + }, + "tolerations": { + "description": "Defines the Pods' tolerations if specified.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "Defines the pod's topology spread constraints if specified.", + "items": { + "properties": { + "additionalLabelSelectors": { + "description": "Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint.", + "enum": [ + "OnResource", + "OnShard" + ], + "type": "string" + }, + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", "properties": { - "accessModes": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "type": "string" + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "allocatedResourceStatuses": { + "matchLabels": { "additionalProperties": { "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array" + }, + "tracingConfig": { + "description": "TracingConfig configures tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "properties": { + "clientType": { + "description": "Client used to export the traces. Supported values are `http` or `grpc`.", + "enum": [ + "http", + "grpc" + ], + "type": "string" + }, + "compression": { + "description": "Compression key for supported compression types. The only supported value is `gzip`.", + "enum": [ + "gzip" + ], + "type": "string" + }, + "endpoint": { + "description": "Endpoint to send the traces to. Should be provided in format :.", + "minLength": 1, + "type": "string" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs to be used as headers associated with gRPC or HTTP requests.", + "type": "object" + }, + "insecure": { + "description": "If disabled, the client will use a secure connection.", + "type": "boolean" + }, + "samplingFraction": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Sets the probability a given trace will be sampled. Must be a float from 0 through 1.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "timeout": { + "description": "Maximum time the exporter will wait for each batch export.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS Config to use when sending traces.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } + }, + "required": [ + "key" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "conditions": { - "items": { + "type": "object" + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "lastProbeTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", + "key": { + "description": "The key to select.", "type": "string" }, - "message": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "reason": { + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "status": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "type": { - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "status", - "type" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentVolumeAttributesClassName": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "modifyVolumeStatus": { - "properties": { - "status": { - "type": "string" - }, - "targetVolumeAttributesClassName": { - "type": "string" - } + "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "status" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "phase": { - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - } - }, - "type": "object" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "endpoint" + ], + "type": "object" + }, + "tsdb": { + "description": "Defines the runtime reloadable configuration of the timeseries database(TSDB).\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", + "properties": { + "outOfOrderTimeWindow": { + "description": "Configures how old an out-of-order/out-of-bounds sample can be with\nrespect to the TSDB max time.\n\nAn out-of-order/out-of-bounds sample is ingested into the TSDB as long as\nthe timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow).\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nIt requires Prometheus >= v2.39.0 or PrometheusAgent >= v2.54.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "type": "object" + }, + "version": { + "description": "Version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.", + "type": "string" }, "volumeMounts": { + "description": "VolumeMounts allows the configuration of additional VolumeMounts.\n\nVolumeMounts will be appended to other VolumeMounts in the 'prometheus'\ncontainer, that are generated as a result of StorageSpec objects.", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -254632,25 +168438,31 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, "volumes": { + "description": "Volumes allows the configuration of additional volumes on the output\nStatefulSet definition. Volumes specified will be appended to other\nvolumes that are generated as a result of StorageSpec objects.", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "format": "int32", "type": "integer" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, @@ -254660,25 +168472,32 @@ "type": "object" }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } }, @@ -254689,14 +168508,18 @@ "type": "object" }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, @@ -254707,8 +168530,10 @@ "type": "object" }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "items": { "type": "string" }, @@ -254716,18 +168541,23 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -254735,6 +168565,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, @@ -254744,17 +168575,22 @@ "type": "object" }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -254762,6 +168598,7 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, @@ -254771,22 +168608,29 @@ "type": "object" }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { + "description": "Maps a string key to a path within a volume.", "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -254801,9 +168645,11 @@ }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -254811,17 +168657,22 @@ "x-kubernetes-map-type": "atomic" }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -254829,12 +168680,14 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { "additionalProperties": { "type": "string" }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object" } }, @@ -254844,20 +168697,27 @@ "type": "object" }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { + "description": "Items is a list of downward API volume file", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -254868,15 +168728,19 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { @@ -254888,10 +168752,12 @@ "type": "string" } ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -254914,8 +168780,10 @@ "type": "object" }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { @@ -254927,6 +168795,7 @@ "type": "string" } ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } @@ -254934,41 +168803,20 @@ "type": "object" }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, @@ -254976,14 +168824,18 @@ "x-kubernetes-list-type": "atomic" }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -254995,17 +168847,22 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, @@ -255016,6 +168873,7 @@ "type": "object" }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { "limits": { "additionalProperties": { @@ -255030,6 +168888,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -255045,23 +168904,30 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -255082,6 +168948,7 @@ "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -255089,15 +168956,19 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -255113,18 +168984,23 @@ "type": "object" }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "format": "int32", "type": "integer" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "items": { "type": "string" }, @@ -255132,6 +169008,7 @@ "x-kubernetes-list-type": "atomic" }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "items": { "type": "string" }, @@ -255142,26 +169019,33 @@ "type": "object" }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { "additionalProperties": { "type": "string" }, + "description": "options is Optional: this field holds extra command options if any.", "type": "object" }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -255175,29 +169059,37 @@ "type": "object" }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "type": "object" }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "format": "int32", "type": "integer" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, @@ -255207,14 +169099,18 @@ "type": "object" }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "properties": { "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, @@ -255224,14 +169120,18 @@ "type": "object" }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, @@ -255242,11 +169142,14 @@ "type": "object" }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, @@ -255256,42 +169159,54 @@ "type": "object" }, "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", "properties": { "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", "type": "string" }, "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" } }, "type": "object" }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "format": "int32", "type": "integer" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "items": { "type": "string" }, @@ -255299,12 +169214,15 @@ "x-kubernetes-list-type": "atomic" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -255312,6 +169230,7 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, @@ -255323,17 +169242,22 @@ "type": "object" }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "properties": { "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, @@ -255344,11 +169268,14 @@ "type": "object" }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, @@ -255358,11 +169285,14 @@ "type": "object" }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, @@ -255372,14 +169302,18 @@ "type": "object" }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, @@ -255389,28 +169323,39 @@ "type": "object" }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "properties": { "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -255431,6 +169376,7 @@ "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -255438,15 +169384,19 @@ "x-kubernetes-map-type": "atomic" }, "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", "type": "string" }, "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", "type": "boolean" }, "path": { + "description": "Relative path from the volume root to write the bundle.", "type": "string" }, "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", "type": "string" } }, @@ -255456,18 +169406,24 @@ "type": "object" }, "configMap": { + "description": "configMap information about the configMap data to project", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { + "description": "Maps a string key to a path within a volume.", "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -255482,9 +169438,11 @@ }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -255492,16 +169450,22 @@ "x-kubernetes-map-type": "atomic" }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -255512,15 +169476,19 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { @@ -255532,10 +169500,12 @@ "type": "string" } ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -255558,18 +169528,24 @@ "type": "object" }, "secret": { + "description": "secret information about the secret data to project", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { + "description": "Maps a string key to a path within a volume.", "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -255584,9 +169560,11 @@ }, "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -255594,15 +169572,19 @@ "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "format": "int64", "type": "integer" }, "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -255621,23 +169603,30 @@ "type": "object" }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", "properties": { "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, @@ -255648,18 +169637,23 @@ "type": "object" }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "items": { "type": "string" }, @@ -255668,15 +169662,19 @@ }, "pool": { "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -255685,6 +169683,7 @@ }, "user": { "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, @@ -255695,24 +169694,31 @@ "type": "object" }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", "properties": { "fsType": { "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -255720,19 +169726,24 @@ "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, @@ -255744,22 +169755,29 @@ "type": "object" }, "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { + "description": "Maps a string key to a path within a volume.", "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -255773,26 +169791,33 @@ "x-kubernetes-list-type": "atomic" }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "type": "object" }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "properties": { "name": { "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -255800,26 +169825,33 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "type": "object" }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", "properties": { "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -255830,77 +169862,407 @@ } }, "required": [ - "name" + "name" + ], + "type": "object" + }, + "type": "array" + }, + "walCompression": { + "description": "Configures compression of the write-ahead log (WAL) using Snappy.\n\nWAL compression is enabled by default for Prometheus >= 2.20.0\n\nRequires Prometheus v2.11.0 and above.", + "type": "boolean" + }, + "web": { + "description": "Defines the configuration of the Prometheus web server.", + "properties": { + "httpConfig": { + "description": "Defines HTTP parameters for web server.", + "properties": { + "headers": { + "description": "List of headers that can be added to HTTP responses.", + "properties": { + "contentSecurityPolicy": { + "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", + "type": "string" + }, + "strictTransportSecurity": { + "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "type": "string" + }, + "xContentTypeOptions": { + "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", + "enum": [ + "", + "NoSniff" + ], + "type": "string" + }, + "xFrameOptions": { + "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "enum": [ + "", + "Deny", + "SameOrigin" + ], + "type": "string" + }, + "xXSSProtection": { + "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", + "type": "string" + } + }, + "type": "object" + }, + "http2": { + "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", + "type": "boolean" + } + }, + "type": "object" + }, + "maxConnections": { + "description": "Defines the maximum number of simultaneous connections\nA zero value means that Prometheus doesn't accept any incoming connection.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "pageTitle": { + "description": "The prometheus web page title.", + "type": "string" + }, + "tlsConfig": { + "description": "Defines the TLS parameters for HTTPS.", + "properties": { + "cert": { + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", + "type": "string" + }, + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", + "type": "string" + }, + "client_ca": { + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "type": "string" + }, + "type": "array" + }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable.", + "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "Most recent observed status of the Prometheus cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "availableReplicas": { + "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Prometheus deployment.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "The current state of the Prometheus deployment.", + "items": { + "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details for the condition's last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", + "format": "int64", + "type": "integer" + }, + "reason": { + "description": "Reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition.", + "minLength": 1, + "type": "string" + }, + "type": { + "description": "Type of the condition being reported.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "config", - "managementState" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "the OpenTelemetry Collector mode is set to sidecar, which does not support the attribute 'tolerations'", - "rule": "!(self.mode == 'sidecar' && size(self.tolerations) > 0) || !has(self.tolerations)" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - { - "message": "the OpenTelemetry Collector mode is set to sidecar, which does not support the attribute 'priorityClassName'", - "rule": "!(self.mode == 'sidecar' && self.priorityClassName != '') || !has(self.priorityClassName)" + "paused": { + "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", + "type": "boolean" }, - { - "message": "the OpenTelemetry Collector mode is set to sidecar, which does not support the attribute 'affinity'", - "rule": "!(self.mode == 'sidecar' && self.affinity != null) || !has(self.affinity)" + "replicas": { + "description": "Total number of non-terminated pods targeted by this Prometheus deployment\n(their labels match the selector).", + "format": "int32", + "type": "integer" }, - { - "message": "the OpenTelemetry Collector mode is set to sidecar, which does not support the attribute 'additionalContainers'", - "rule": "!(self.mode == 'sidecar' && size(self.additionalContainers) > 0) || !has(self.additionalContainers)" - } - ] - }, - "status": { - "properties": { - "image": { + "selector": { + "description": "The selector used to match the pods targeted by this Prometheus resource.", "type": "string" }, - "scale": { - "properties": { - "replicas": { - "format": "int32", - "type": "integer" - }, - "selector": { - "type": "string" + "shardStatuses": { + "description": "The list has one entry per shard. Each entry provides a summary of the shard status.", + "items": { + "properties": { + "availableReplicas": { + "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this shard.", + "format": "int32", + "type": "integer" + }, + "replicas": { + "description": "Total number of pods targeted by this shard.", + "format": "int32", + "type": "integer" + }, + "shardID": { + "description": "Identifier of the shard.", + "type": "string" + }, + "unavailableReplicas": { + "description": "Total number of unavailable pods targeted by this shard.", + "format": "int32", + "type": "integer" + }, + "updatedReplicas": { + "description": "Total number of non-terminated pods targeted by this shard\nthat have the desired spec.", + "format": "int32", + "type": "integer" + } }, - "statusReplicas": { - "type": "string" - } + "required": [ + "availableReplicas", + "replicas", + "shardID", + "unavailableReplicas", + "updatedReplicas" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "shardID" + ], + "x-kubernetes-list-type": "map" }, - "version": { - "type": "string" + "shards": { + "description": "Shards is the most recently observed number of shards.", + "format": "int32", + "type": "integer" + }, + "unavailableReplicas": { + "description": "Total number of unavailable pods targeted by this Prometheus deployment.", + "format": "int32", + "type": "integer" + }, + "updatedReplicas": { + "description": "Total number of non-terminated pods targeted by this Prometheus deployment\nthat have the desired version spec.", + "format": "int32", + "type": "integer" } }, + "required": [ + "availableReplicas", + "paused", + "replicas", + "unavailableReplicas", + "updatedReplicas" + ], "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "opentelemetry.io", - "kind": "OpenTelemetryCollector", - "version": "v1beta1" + "group": "monitoring.coreos.com", + "kind": "Prometheus", + "version": "v1" } ] }, - "opentelemetry.io/v1beta1/OpenTelemetryCollectorList": { - "description": "OpenTelemetryCollectorList is a list of OpenTelemetryCollector", + "monitoring.coreos.com/v1/PrometheusList": { + "description": "PrometheusList is a list of Prometheus", "namespaced": true, "properties": { "apiVersion": { @@ -255908,9 +170270,9 @@ "type": "string" }, "items": { - "description": "List of opentelemetrycollectors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of prometheuses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.opentelemetry.v1beta1.OpenTelemetryCollector" + "$ref": "#/components/schemas/com.coreos.monitoring.v1.Prometheus" }, "type": "array" }, @@ -255933,15 +170295,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "opentelemetry.io", - "kind": "OpenTelemetryCollectorList", - "version": "v1beta1" + "group": "monitoring.coreos.com", + "kind": "PrometheusList", + "version": "v1" } ] }, - "operator.openshift.io/v1/Authentication": { - "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "monitoring.coreos.com/v1/PrometheusRule": { + "description": "The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects.\n\n`Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -255960,182 +170322,113 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { + "description": "Specification of desired alerting rule definitions for Prometheus.", "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "groups": { + "description": "Content of Prometheus rule file", "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "description": "RuleGroup is a list of sequentially evaluated recording and alerting rules.", "properties": { - "group": { - "description": "group is the group of the thing you're tracking", + "interval": { + "description": "Interval determines how often rules in the group are evaluated.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to add or overwrite before storing the result for its rules.\nThe labels defined at the rule level take precedence.\n\nIt requires Prometheus >= 3.0.0.\nThe field is ignored for Thanos Ruler.", + "type": "object" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", + "limit": { + "description": "Limit the number of alerts an alerting rule and series a recording\nrule can produce.\nLimit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.", "type": "integer" }, "name": { - "description": "name is the name of the thing you're tracking", + "description": "Name of the rule group.", + "minLength": 1, "type": "string" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "partial_response_strategy": { + "description": "PartialResponseStrategy is only used by ThanosRuler and will\nbe ignored by Prometheus instances.\nMore info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response", + "pattern": "^(?i)(abort|warn)?$", "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "query_offset": { + "description": "Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.\n\nIt requires Prometheus >= v2.53.0.\nIt is not supported for ThanosRuler.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" + }, + "rules": { + "description": "List of alerting and recording rules.", + "items": { + "description": "Rule describes an alerting or recording rule\nSee Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule", + "properties": { + "alert": { + "description": "Name of the alert. Must be a valid label value.\nOnly one of `record` and `alert` must be set.", + "type": "string" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations to add to each alert.\nOnly valid for alerting rules.", + "type": "object" + }, + "expr": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "PromQL expression to evaluate.", + "x-kubernetes-int-or-string": true + }, + "for": { + "description": "Alerts are considered firing once they have been returned for this long.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "keep_firing_for": { + "description": "KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared.", + "minLength": 1, + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to add or overwrite.", + "type": "object" + }, + "record": { + "description": "Name of the time series to output to. Must be a valid metric name.\nOnly one of `record` and `alert` must be set.", + "type": "string" + } + }, + "required": [ + "expr" + ], + "type": "object" + }, + "type": "array" } }, "required": [ - "group", - "name", - "namespace", - "resource" + "name" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", "name" ], "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "oauthAPIServer": { - "description": "oauthAPIServer holds status specific only to oauth-apiserver", - "properties": { - "latestAvailableRevision": { - "description": "latestAvailableRevision is the latest revision used as suffix of revisioned\nsecrets like encryption-config. A new revision causes a new deployment of pods.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } }, "type": "object" @@ -256147,14 +170440,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "Authentication", + "group": "monitoring.coreos.com", + "kind": "PrometheusRule", "version": "v1" } ] }, - "operator.openshift.io/v1/AuthenticationList": { - "description": "AuthenticationList is a list of Authentication", + "monitoring.coreos.com/v1/PrometheusRuleList": { + "description": "PrometheusRuleList is a list of PrometheusRule", "namespaced": true, "properties": { "apiVersion": { @@ -256162,9 +170455,9 @@ "type": "string" }, "items": { - "description": "List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of prometheusrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Authentication" + "$ref": "#/components/schemas/com.coreos.monitoring.v1.PrometheusRule" }, "type": "array" }, @@ -256187,15 +170480,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "AuthenticationList", + "group": "monitoring.coreos.com", + "kind": "PrometheusRuleList", "version": "v1" } ] }, - "operator.openshift.io/v1/CSISnapshotController": { - "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "monitoring.coreos.com/v1/ServiceMonitor": { + "description": "The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services.\nAmong other things, it allows to specify:\n* The services to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -256214,4877 +170507,6216 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Specification of desired Service selection for target discovery by\nPrometheus.", "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" + "attachMetadata": { + "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.37.0.", + "properties": { + "node": { + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", + "type": "boolean" + } + }, + "type": "object" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "bodySizeLimit": { + "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", + "type": "boolean" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "endpoints": { + "description": "List of endpoints part of this ServiceMonitor.\nDefines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects.\nIn most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", + "authorization": { + "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenFile": { + "description": "File to read bearer token for scraping the target.\n\nDeprecated: use `authorization` instead.", + "type": "string" + }, + "bearerTokenSecret": { + "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "enableHttp2": { + "description": "`enableHttp2` can be used to disable HTTP2 when scraping the target.", + "type": "boolean" + }, + "filterRunning": { + "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", + "type": "boolean" + }, + "followRedirects": { + "description": "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects.", + "type": "boolean" + }, + "honorLabels": { + "description": "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels.", + "type": "boolean" + }, + "honorTimestamps": { + "description": "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "metricRelabelings": { + "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "params": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "params define optional HTTP URL parameters.", + "type": "object" + }, + "path": { + "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", + "type": "string" + }, + "port": { + "description": "Name of the Service port which this endpoint refers to.\n\nIt takes precedence over `targetPort`.", "type": "string" }, - "message": { - "type": "string" + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "reason": { + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "relabelings": { + "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "scheme": { + "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", "enum": [ - "True", - "False", - "Unknown" + "http", + "https" ], "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "scrapeTimeout": { + "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" + "targetPort": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the target port of the `Pod` object behind the\nService. The port must be specified with the container's port property.", + "x-kubernetes-int-or-string": true }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "tlsConfig": { + "description": "TLS configuration to use when scraping the target.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" + "trackTimestampsStaleness": { + "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", + "type": "boolean" } }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" + "type": "array" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "CSISnapshotController", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/CSISnapshotControllerList": { - "description": "CSISnapshotControllerList is a list of CSISnapshotController", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of csisnapshotcontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.CSISnapshotController" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "CSISnapshotControllerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/CloudCredential": { - "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", - "properties": { - "credentialsMode": { - "description": "credentialsMode allows informing CCO that it should not attempt to dynamically\ndetermine the root cloud credentials capabilities, and it should just run in\nthe specified mode.\nIt also allows putting the operator into \"manual\" mode if desired.\nLeaving the field in default mode runs CCO so that the cluster's cloud credentials\nwill be dynamically probed for capabilities (on supported clouds/platforms).\nSupported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", "enum": [ - "", - "Manual", - "Mint", - "Passthrough" + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" ], "type": "string" }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], + "jobLabel": { + "description": "`jobLabel` selects the label from the associated Kubernetes `Service`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Service`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty or if the label doesn't exist for\nthe given Service, the `job` label of the metrics defaults to the name\nof the associated Kubernetes `Service`.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", + "format": "int64", + "type": "integer" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "namespaceSelector": { + "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the services.\nBy default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces.", + "properties": { + "any": { + "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", + "type": "boolean" + }, + "matchNames": { + "description": "List of namespace names to select from.", + "items": { "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" + "type": "array" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ { - "message": "must only increase", - "rule": "self >= oldSelf" + "type": "integer" + }, + { + "type": "string" } - ] + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" + "podTargetLabels": { + "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", + "items": { + "type": "string" + }, + "type": "array" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", + "sampleLimit": { + "description": "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted.", + "format": "int64", "type": "integer" }, - "version": { - "description": "version is the level this availability applies to", + "scrapeClass": { + "description": "The scrape class to apply.", + "minLength": 1, "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "CloudCredential", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/CloudCredentialList": { - "description": "CloudCredentialList is a list of CloudCredential", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of cloudcredentials. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.CloudCredential" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "CloudCredentialList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/ClusterCSIDriver": { - "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator\ninstalled by default in OpenShift. Name of the object must be name of the CSI driver\nit operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "driverConfig": { - "description": "driverConfig can be used to specify platform specific driver configuration.\nWhen omitted, this means no opinion and the platform is left to choose reasonable\ndefaults. These defaults are subject to change over time.", + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.", + "type": "boolean" + }, + "scrapeProtocols": { + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "selector": { + "description": "Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from.", "properties": { - "aws": { - "description": "aws is used to configure the AWS CSI driver.", - "properties": { - "efsVolumeMetrics": { - "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", - "properties": { - "recursiveWalk": { - "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver\nwhen the state is set to RecursiveWalk.", - "properties": { - "fsRateLimit": { - "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is 5.\nThe valid range is from 1 to 100 goroutines.", - "format": "int32", - "maximum": 100, - "minimum": 1, - "type": "integer" - }, - "refreshPeriodMinutes": { - "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is 240.\nThe valid range is from 1 to 43200 minutes (30 days).", - "format": "int32", - "maximum": 43200, - "minimum": 1, - "type": "integer" - } - }, - "type": "object" - }, - "state": { - "description": "state defines the state of metric collection in the AWS EFS CSI Driver.\nThis field is required and must be set to one of the following values: Disabled or RecursiveWalk.\nDisabled means no metrics collection will be performed. This is the default value.\nRecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics.\nThis process may result in high CPU and memory usage, depending on the volume size.", - "enum": [ - "RecursiveWalk", - "Disabled" - ], - "type": "string" - } + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "required": [ - "state" - ], - "type": "object" - }, - "kmsKeyARN": { - "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key,\nrather than the default KMS key used by AWS.\nThe value may be either the ARN or Alias ARN of a KMS key.", - "pattern": "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\\/.*$", - "type": "string" - } - }, - "type": "object" - }, - "azure": { - "description": "azure is used to configure the Azure CSI driver.", - "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a\ncustomer-managed encryption set, rather than the default platform-managed keys.", - "properties": { - "name": { - "description": "name is the name of the disk encryption set that will be set on the default storage class.\nThe value should consist of only alphanumberic characters,\nunderscores (_), hyphens, and be at most 80 characters in length.", - "maxLength": 80, - "pattern": "^[a-zA-Z0-9\\_-]+$", - "type": "string" - }, - "resourceGroup": { - "description": "resourceGroup defines the Azure resource group that contains the disk encryption set.\nThe value should consist of only alphanumberic characters,\nunderscores (_), parentheses, hyphens and periods.\nThe value should not end in a period and be at most 90 characters in\nlength.", - "maxLength": 90, - "pattern": "^[\\w\\.\\-\\(\\)]*[\\w\\-\\(\\)]$", - "type": "string" - }, - "subscriptionID": { - "description": "subscriptionID defines the Azure subscription that contains the disk encryption set.\nThe value should meet the following conditions:\n1. It should be a 128-bit number.\n2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long.\n3. It should be displayed in five groups separated by hyphens (-).\n4. The first group should be 8 characters long.\n5. The second, third, and fourth groups should be 4 characters long.\n6. The fifth group should be 12 characters long.\nAn Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", - "maxLength": 36, - "pattern": "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$", - "type": "string" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "required": [ - "name", - "resourceGroup", - "subscriptionID" - ], - "type": "object" - } - }, - "type": "object" - }, - "driverType": { - "description": "driverType indicates type of CSI driver for which the\ndriverConfig is being applied to.\nValid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.\nConsumers should treat unknown values as a NO-OP.", - "enum": [ - "", - "AWS", - "Azure", - "GCP", - "IBMCloud", - "vSphere" - ], - "type": "string" - }, - "gcp": { - "description": "gcp is used to configure the GCP CSI driver.", - "properties": { - "kmsKey": { - "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied\nencryption keys, rather than the default keys managed by GCP.", - "properties": { - "keyRing": { - "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.\nThe value should correspond to an existing KMS key ring and should\nconsist of only alphanumeric characters, hyphens (-) and underscores (_),\nand be at most 63 characters in length.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9\\_-]+$", - "type": "string" - }, - "location": { - "description": "location is the GCP location in which the Key Ring exists.\nThe value must match an existing GCP location, or \"global\".\nDefaults to global, if not set.", - "pattern": "^[a-zA-Z0-9\\_-]+$", - "type": "string" - }, - "name": { - "description": "name is the name of the customer-managed encryption key to be used for disk encryption.\nThe value should correspond to an existing KMS key and should\nconsist of only alphanumeric characters, hyphens (-) and underscores (_),\nand be at most 63 characters in length.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z0-9\\_-]+$", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "projectID": { - "description": "projectID is the ID of the Project in which the KMS Key Ring exists.\nIt must be 6 to 30 lowercase letters, digits, or hyphens.\nIt must start with a letter. Trailing hyphens are prohibited.", - "maxLength": 30, - "minLength": 6, - "pattern": "^[a-z][a-z0-9-]+[a-z0-9]$", - "type": "string" - } - }, - "required": [ - "keyRing", - "name", - "projectID" - ], - "type": "object" - } - }, - "type": "object" - }, - "ibmcloud": { - "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", - "properties": { - "encryptionKeyCRN": { - "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use\nfor disk encryption of volumes for the default storage classes.", - "maxLength": 154, - "minLength": 144, - "pattern": "^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "encryptionKeyCRN" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "vSphere": { - "description": "vSphere is used to configure the vsphere CSI driver.", - "properties": { - "globalMaxSnapshotsPerBlockVolume": { - "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of\ndatastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3.\nSnapshots can not be disabled using this parameter.\nIncreasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279\nVolume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", - "format": "int32", - "maximum": 32, - "minimum": 1, - "type": "integer" - }, - "granularMaxSnapshotsPerBlockVolumeInVSAN": { - "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It\noverrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.\nSnapshots for VSAN can not be disabled using this parameter.", - "format": "int32", - "maximum": 32, - "minimum": 1, - "type": "integer" - }, - "granularMaxSnapshotsPerBlockVolumeInVVOL": { - "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only.\nIt overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.\nSnapshots for VVOL can not be disabled using this parameter.", - "format": "int32", - "maximum": 32, - "minimum": 1, - "type": "integer" - }, - "topologyCategories": { - "description": "topologyCategories indicates tag categories with which\nvcenter resources such as hostcluster or datacenter were tagged with.\nIf cluster Infrastructure object has a topology, values specified in\nInfrastructure object will be used and modifications to topologyCategories\nwill be rejected.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "required": [ - "driverType" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise", - "rule": "has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)" - } - ] - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "storageClassState": { - "description": "storageClassState determines if CSI operator should create and manage storage classes.\nIf this field value is empty or Managed - CSI operator will continuously reconcile\nstorage class and create if necessary.\nIf this field value is Unmanaged - CSI operator will not reconcile any previously created\nstorage class.\nIf this field value is Removed - CSI operator will delete the storage class it created previously.\nWhen omitted, this means the user has no opinion and the platform chooses a reasonable default,\nwhich is subject to change over time.\nThe current default behaviour is Managed.", + "selectorMechanism": { + "description": "Mechanism used to select the endpoints to scrape.\nBy default, the selection process relies on relabel configurations to filter the discovered targets.\nAlternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.\nWhich strategy is best for your use case needs to be carefully evaluated.\n\nIt requires Prometheus >= v2.17.0.", "enum": [ - "", - "Managed", - "Unmanaged", - "Removed" + "RelabelConfig", + "RoleSelector" ], "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "targetLabels": { + "description": "`targetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Service` object onto the ingested metrics.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetLimit": { + "description": "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted.", + "format": "int64", + "type": "integer" } }, + "required": [ + "endpoints", + "selector" + ], "type": "object" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "This Status subresource is under active development and is updated only when the\n\"StatusForConfigurationResources\" feature gate is enabled.\n\nMost recent observed status of the ServiceMonitor. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "bindings": { + "description": "The list of workload resources (Prometheus or PrometheusAgent) which select the configuration resource.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "WorkloadBinding is a link between a configuration resource and a workload resource.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", + "conditions": { + "description": "The current state of the configuration resource when bound to the referenced Prometheus object.", + "items": { + "description": "ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager, or ThanosRuler.", + "properties": { + "lastTransitionTime": { + "description": "LastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details for the condition's last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the object.", + "format": "int64", + "type": "integer" + }, + "reason": { + "description": "Reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition.", + "minLength": 1, + "type": "string" + }, + "type": { + "description": "Type of the condition being reported.\nCurrently, only \"Accepted\" is supported.", + "enum": [ + "Accepted" + ], + "minLength": 1, + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "group": { + "description": "The group of the referenced resource.", + "enum": [ + "monitoring.coreos.com" + ], "type": "string" }, - "message": { + "name": { + "description": "The name of the referenced object.", + "minLength": 1, "type": "string" }, - "reason": { + "namespace": { + "description": "The namespace of the referenced object.", + "minLength": 1, "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "resource": { + "description": "The type of resource being referenced (e.g. Prometheus or PrometheusAgent).", "enum": [ - "True", - "False", - "Unknown" + "prometheuses", + "prometheusagents" ], "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "group", + "name", + "namespace", + "resource" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "ServiceMonitor", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/ServiceMonitorList": { + "description": "ServiceMonitorList is a list of ServiceMonitor", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of servicemonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.monitoring.v1.ServiceMonitor" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "ServiceMonitorList", + "version": "v1" + } + ] + }, + "monitoring.coreos.com/v1/ThanosRuler": { + "description": "The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster.\n\nA `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services).\n\nThe resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the ThanosRuler cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the ThanosRuler container.\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nThanosRuler container which may cause issues if they are invalid or not supported\nby the given ThanosRuler version.\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument the reconciliation will\nfail and an error will be logged.", "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "description": "Argument as part of the AdditionalArgs list.", "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "minLength": 1, "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", "type": "string" } }, "required": [ - "group", - "name", - "namespace", - "resource" + "name" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" + "affinity": { + "description": "If specified, the pod's scheduling constraints.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" + }, + "type": "object" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" + "alertDropLabels": { + "description": "Configures the label names which should be dropped in Thanos Ruler\nalerts.\n\nThe replica label `thanos_ruler_replica` will always be dropped from the alerts.", + "items": { + "type": "string" + }, + "type": "array" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ClusterCSIDriver", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/ClusterCSIDriverList": { - "description": "ClusterCSIDriverList is a list of ClusterCSIDriver", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clustercsidrivers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.ClusterCSIDriver" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ClusterCSIDriverList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/Config": { - "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components\non the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Config Operator.", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], + "alertQueryUrl": { + "description": "The external Query URL the Thanos Ruler will set in the 'Source' field\nof all alerts.\nMaps to the '--alert.query-url' CLI arg.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "alertRelabelConfigFile": { + "description": "Configures the path to the alert relabeling configuration file.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `alertRelabelConfig`.", "type": "string" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, + "alertRelabelConfigs": { + "description": "Configures alert relabeling in Thanos Ruler.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration.\n\n`alertRelabelConfigFile` takes precedence over this field.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-map-type": "atomic" }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" + "alertmanagersConfig": { + "description": "Configures the list of Alertmanager endpoints to send alerts to.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.\n\nIt requires Thanos >= v0.10.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `alertmanagersUrl`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status defines the observed status of the Config Operator.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "x-kubernetes-map-type": "atomic" + }, + "alertmanagersUrl": { + "description": "Configures the list of Alertmanager endpoints to send alerts to.\n\nFor Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead.\n\n`alertmanagersConfig` takes precedence over this field.", "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "containers": { + "description": "Containers allows injecting additional containers or modifying operator generated\ncontainers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or\nto change the behavior of an operator generated container. Containers described here modify\nan operator generated container if they share the same name and modifications are done via a\nstrategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`.\nOverriding containers is entirely outside the scope of what the maintainers will support and by doing\nso, you accept that this behaviour may break at any time without notice.", "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "description": "A single application container that you want to run within a pod.", "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "Config", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/ConfigList": { - "description": "ConfigList is a list of Config", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Config" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ConfigList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/Console": { - "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ConsoleSpec is the specification of the desired behavior of the Console.", - "properties": { - "customization": { - "description": "customization is used to optionally provide a small set of\ncustomization options to the web console.", - "properties": { - "addPage": { - "description": "addPage allows customizing actions on the Add page in developer perspective.", - "properties": { - "disabledActions": { - "description": "disabledActions is a list of actions that are not shown to users.\nEach action in the list is represented by its ID.", - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - } }, - "type": "object" - }, - "brand": { - "description": "brand is the default branding of the web console which can be overridden by\nproviding the brand field. There is a limited set of specific brand options.\nThis field controls elements of the console such as the logo.\nInvalid value will prevent a console rollout.", - "enum": [ - "openshift", - "okd", - "online", - "ocp", - "dedicated", - "azure", - "OpenShift", - "OKD", - "Online", - "OCP", - "Dedicated", - "Azure", - "ROSA" - ], - "type": "string" - }, - "capabilities": { - "description": "capabilities defines an array of capabilities that can be interacted with in the console UI.\nEach capability defines a visual state that can be interacted with the console to render in the UI.\nAvailable capabilities are LightspeedButton and GettingStartedBanner.\nEach of the available capabilities may appear only once in the list.", - "items": { - "description": "Capabilities contains set of UI capabilities and their state in the console UI.", + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { - "name": { - "description": "name is the unique name of a capability.\nAvailable capabilities are LightspeedButton and GettingStartedBanner.", - "enum": [ - "LightspeedButton", - "GettingStartedBanner" - ], - "type": "string" + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" }, - "visibility": { - "description": "visibility defines the visibility state of the capability.", + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "state": { - "description": "state defines if the capability is enabled or disabled in the console UI.\nEnabling the capability in the console UI is represented by the \"Enabled\" value.\nDisabling the capability in the console UI is represented by the \"Disabled\" value.", - "enum": [ - "Enabled", - "Disabled" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" ], - "type": "string" + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" } }, - "required": [ - "state" - ], "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" } }, - "required": [ - "name", - "visibility" - ], "type": "object" }, - "maxItems": 2, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "customLogoFile": { - "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a\nOnly one of customLogoFile or logos can be set at a time.\nConfigMap in the openshift-config namespace. This can be created with a command like\n'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'.\nImage size must be less than 1 MB due to constraints on the ConfigMap size.\nThe ConfigMap key should include a file extension so that the console serves the file\nwith the correct MIME type.\nThe recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser.\nDeprecated: Use logos instead.", - "properties": { - "key": { - "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", - "type": "string" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "customProductName": { - "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog\ninstead of the normal OpenShift product name.", - "type": "string" - }, - "developerCatalog": { - "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", - "properties": { - "categories": { - "description": "categories which are shown in the developer catalog.", - "items": { - "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console.\nID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", - "maxLength": 32, - "minLength": 1, - "pattern": "^[A-Za-z0-9-_]+$", - "type": "string" + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", - "maxLength": 64, - "minLength": 1, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "subcategories": { - "description": "subcategories defines a list of child categories.", + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console.\nID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", - "maxLength": 32, - "minLength": 1, - "pattern": "^[A-Za-z0-9-_]+$", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", - "maxLength": 64, - "minLength": 1, + "value": { + "description": "The header field value", "type": "string" - }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category\nshow all items which has at least one overlapping tag between category and item.", - "items": { - "type": "string" - }, - "type": "array" } }, "required": [ - "id", - "label" + "name", + "value" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category\nshow all items which has at least one overlapping tag between category and item.", - "items": { - "type": "string" - }, - "type": "array" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, "required": [ - "id", - "label" + "port" ], "type": "object" }, - "type": "array" + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "types": { - "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog.\nWhen omitted, all the sub-catalog types will be shown.", + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", "properties": { - "disabled": { - "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users.\nTypes (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available\nin the console on the cluster configuration page, or when editing the YAML in the console.\nExample: \"Devfile\", \"HelmChart\", \"BuilderImage\"\nIf the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" }, - "enabled": { - "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users.\nTypes (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available\nin the console on the cluster configuration page, or when editing the YAML in the console.\nExample: \"Devfile\", \"HelmChart\", \"BuilderImage\"\nIf the list is non-empty, a new type will not be shown to the user until it is added to list.\nIf the list is empty the complete developer catalog will be shown.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" }, - "state": { - "default": "Enabled", - "description": "state defines if a list of catalog types should be enabled or disabled.", - "enum": [ - "Enabled", - "Disabled" - ], + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, "required": [ - "state" + "containerPort" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "enabled is forbidden when state is not Enabled", - "rule": "self.state == 'Enabled' ? true : !has(self.enabled)" - }, - { - "message": "disabled is forbidden when state is not Disabled", - "rule": "self.state == 'Disabled' ? true : !has(self.disabled)" - } - ] - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" }, - "type": "object" - }, - "documentationBaseURL": { - "description": "documentationBaseURL links to external documentation are shown in various sections\nof the web console. Providing documentationBaseURL will override the default\ndocumentation URL.\nInvalid value will prevent a console rollout.", - "pattern": "^$|^((https):\\/\\/?)[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|\\/?))\\/$", - "type": "string" - }, - "logos": { - "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos.\nlogos is an optional field that allows a list of logos.\nOnly one of logos or customLogoFile can be set at a time.\nIf logos is set, customLogoFile must be unset.\nWhen specified, there must be at least one entry and no more than 2 entries.\nEach type must appear only once in the list.", - "items": { - "description": "Logo defines a configuration based on theme modes for the console UI logo.", + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "themes": { - "description": "themes specifies the themes for the console UI logo.\nthemes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field.\nEach mode determines whether the logo is for the dark or light mode of the console UI.\nIf a theme is not specified, the default OpenShift logo will be displayed for that theme.\nThere must be at least one entry and no more than 2 entries.", - "items": { - "description": "Theme defines a theme mode for the console UI.", - "properties": { - "mode": { - "description": "mode is used to specify what theme mode a logo will apply to in the console UI.\nmode is a required field that allows values of Dark and Light.\nWhen set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode.\nWhen set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.", - "enum": [ - "Dark", - "Light" - ], + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "source": { - "description": "source is used by the console to locate the specified file containing a custom logo.\nsource is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace.\nYou can create it with a command like:\n- 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file'\nThe ConfigMap key must include the file extension so that the console serves the file with the correct MIME type.\nThe recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser.\nThe logo image size must be less than 1 MB due to constraints on the ConfigMap size.\nFor more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", - "properties": { - "configMap": { - "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file.\nThe ConfigMap must exist in the openshift-config namespace.\nRequired when from is \"ConfigMap\", and forbidden otherwise.", - "properties": { - "key": { - "description": "key is the logo key inside the referenced ConfigMap.\nMust consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.).\nMust be at most 253 characters in length.\nMust end in a valid file extension.\nA valid file extension must consist of a period followed by 2 to 5 alpha characters.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "The ConfigMap key must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.).", - "rule": "self.matches('^[a-zA-Z0-9._-]+$')" - }, - { - "message": "The ConfigMap key must end with a valid file extension (2 to 5 letters).", - "rule": "self.matches('.*\\\\.[a-zA-Z]{2,5}$')" - } - ] - }, - "name": { - "description": "name is the name of the ConfigMap.\nname is a required field.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nMust be at most 253 characters in length.", - "maxLength": 253, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", - "rule": "!format.dns1123Subdomain().validate(self).hasValue()" - } - ] - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "from": { - "description": "from is a required field to specify the source type of the file reference.\nAllowed values are ConfigMap.\nWhen set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.", - "enum": [ - "ConfigMap" - ], - "type": "string" - } - }, - "required": [ - "from" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "configMap is required when from is 'ConfigMap', and forbidden otherwise.", - "rule": "has(self.from) && self.from == 'ConfigMap' ? has(self.configMap) : !has(self.configMap)" - } - ] - } - }, - "required": [ - "mode", - "source" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "maxItems": 2, - "minItems": 1, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mode" - ], - "x-kubernetes-list-type": "map" + "type": "object" }, - "type": { - "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon.\ntype is a required field that allows values of Masthead and Favicon.\nWhen set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI.\nWhen set to \"Favicon\", the logo will be used as the favicon of the console UI.", - "enum": [ - "Masthead", - "Favicon" - ], - "type": "string" - } - }, - "required": [ - "themes", - "type" - ], - "type": "object" - }, - "maxItems": 2, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "perspectives": { - "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", - "items": { - "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", - "properties": { - "id": { - "description": "id defines the id of the perspective.\nExample: \"dev\", \"admin\".\nThe available perspective ids can be found in the code snippet section next to the yaml editor.\nIncorrect or unknown ids will be ignored.", - "type": "string" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "pinnedResources": { - "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves.\nThe list of available Kubernetes resources could be read via `kubectl api-resources`.\nThe console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation.\nIncorrect or unknown resources will be ignored.", - "items": { - "description": "PinnedResourceReference includes the group, version and type of resource", - "properties": { - "group": { - "description": "group is the API Group of the Resource.\nEnter empty string for the core group.\nThis value should consist of only lowercase alphanumeric characters, hyphens and periods.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", - "type": "string" - }, - "resource": { - "description": "resource is the type that is being referenced.\nIt is normally the plural form of the resource kind in lowercase.\nThis value should consist of only lowercase alphanumeric characters and hyphens.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - }, - "version": { - "description": "version is the API Version of the Resource.\nThis value should consist of only lowercase alphanumeric characters.\nExample: \"v1\", \"v1beta1\", etc.", - "pattern": "^[a-z0-9]+$", - "type": "string" - } + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" }, - "required": [ - "group", - "resource", - "version" - ], - "type": "object" + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } }, - "maxItems": 100, - "type": "array" + "required": [ + "port" + ], + "type": "object" }, - "visibility": { - "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "accessReview": { - "description": "accessReview defines required and missing access review checks.", - "minProperties": 1, - "properties": { - "missing": { - "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", - "items": { - "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", - "properties": { - "fieldSelector": { - "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" - }, - "requirements": { - "description": "requirements is the parsed interpretation of a field selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", - "items": { - "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the field selector key that the requirement applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.\nThe list of operators may grow in the future.", - "type": "string" - }, - "values": { - "description": "values is an array of string values.\nIf the operator is In or NotIn, the values array must be non-empty.\nIf the operator is Exists or DoesNotExist, the values array must be empty.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "group": { - "description": "Group is the API Group of the Resource. \"*\" means all.", - "type": "string" - }, - "labelSelector": { - "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" - }, - "requirements": { - "description": "requirements is the parsed interpretation of a label selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces\n\"\" (empty) is defaulted for LocalSubjectAccessReviews\n\"\" (empty) is empty for cluster-scoped resources\n\"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", - "type": "string" - }, - "resource": { - "description": "Resource is one of the existing resource types. \"*\" means all.", - "type": "string" - }, - "subresource": { - "description": "Subresource is one of the existing resource types. \"\" means none.", - "type": "string" - }, - "verb": { - "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", - "type": "string" - }, - "version": { - "description": "Version is the API Version of the Resource. \"*\" means all.", - "type": "string" - } - }, - "type": "object" + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "type": "array" + "value": { + "description": "The header field value", + "type": "string" + } }, - "required": { - "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", - "items": { - "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", - "properties": { - "fieldSelector": { - "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" - }, - "requirements": { - "description": "requirements is the parsed interpretation of a field selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", - "items": { - "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the field selector key that the requirement applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.\nThe list of operators may grow in the future.", - "type": "string" - }, - "values": { - "description": "values is an array of string values.\nIf the operator is In or NotIn, the values array must be non-empty.\nIf the operator is Exists or DoesNotExist, the values array must be empty.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "group": { - "description": "Group is the API Group of the Resource. \"*\" means all.", - "type": "string" - }, - "labelSelector": { - "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" - }, - "requirements": { - "description": "requirements is the parsed interpretation of a label selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces\n\"\" (empty) is defaulted for LocalSubjectAccessReviews\n\"\" (empty) is empty for cluster-scoped resources\n\"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", - "type": "string" - }, - "resource": { - "description": "Resource is one of the existing resource types. \"*\" means all.", - "type": "string" - }, - "subresource": { - "description": "Subresource is one of the existing resource types. \"\" means none.", - "type": "string" - }, - "verb": { - "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", - "type": "string" - }, - "version": { - "description": "Version is the API Version of the Resource. \"*\" means all.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "state": { - "description": "state defines the perspective is enabled or disabled or access review check is required.", - "enum": [ - "Enabled", - "Disabled", - "AccessReview" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "state" + "port" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "accessReview configuration is required when state is AccessReview, and forbidden otherwise", - "rule": "self.state == 'AccessReview' ? has(self.accessReview) : !has(self.accessReview)" - } - ] - } - }, - "required": [ - "id", - "visibility" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "pinnedResources is allowed only for dev and forbidden for other perspectives", - "rule": "has(self.id) && self.id != 'dev'? !has(self.pinnedResources) : true" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "id" - ], - "x-kubernetes-list-type": "map" - }, - "projectAccess": { - "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective\nProject access page which can be used by a project admin to specify roles to other users and\nrestrict access within the project. If set, the list will replace the default ClusterRole options.", - "properties": { - "availableClusterRoles": { - "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users\nthrough the project access tab.", - "items": { - "type": "string" + "type": "object" }, - "type": "array" - } - }, - "type": "object" - }, - "quickStarts": { - "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", - "properties": { - "disabled": { - "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", - "items": { - "type": "string" + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Only one of logos or customLogoFile can be set.", - "rule": "!(has(self.logos) && has(self.customLogoFile))" - } - ] - }, - "ingress": { - "description": "ingress allows to configure the alternative ingress for the console.\nThis field is intended for clusters without ingress capability,\nwhere access to routes is not possible.", - "properties": { - "clientDownloadsURL": { - "description": "clientDownloadsURL is a URL to be used as the address to download client binaries.\nIf not specified, the downloads route hostname will be used.\nThis field is required for clusters without ingress capability,\nwhere access to routes is not possible.\nThe console operator will monitor the URL and may go degraded\nif it's unreachable for an extended period.\nMust use the HTTPS scheme.", - "maxLength": 1024, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "client downloads url must be a valid absolute URL", - "rule": "size(self) == 0 || isURL(self)" - }, - { - "message": "client downloads url scheme must be https", - "rule": "size(self) == 0 || url(self).getScheme() == 'https'" - } - ] - }, - "consoleURL": { - "description": "consoleURL is a URL to be used as the base console address.\nIf not specified, the console route hostname will be used.\nThis field is required for clusters without ingress capability,\nwhere access to routes is not possible.\nMake sure that appropriate ingress is set up at this URL.\nThe console operator will monitor the URL and may go degraded\nif it's unreachable for an extended period.\nMust use the HTTPS scheme.", - "maxLength": 1024, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "console url must be a valid absolute URL", - "rule": "size(self) == 0 || isURL(self)" - }, - { - "message": "console url scheme must be https", - "rule": "size(self) == 0 || url(self).getScheme() == 'https'" - } - ] - } - }, - "type": "object" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "plugins": { - "description": "plugins defines a list of enabled console plugin names.", - "items": { - "type": "string" - }, - "type": "array" - }, - "providers": { - "description": "providers contains configuration for using specific service providers.", - "properties": { - "statuspage": { - "description": "statuspage contains ID for statuspage.io page that provides status info about.", - "properties": { - "pageID": { - "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "route": { - "description": "route contains hostname and secret reference that contains the serving certificate.\nIf a custom route is specified, a new route will be created with the\nprovided hostname, under which console will be available.\nIn case of custom hostname uses the default routing suffix of the cluster,\nthe Secret specification for a serving certificate will not be needed.\nIn case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary.\nThe default console route will be maintained to reserve the default hostname\nfor console if the custom route is removed.\nIf not specified, default route will be used.\nDEPRECATED", - "properties": { - "hostname": { - "description": "hostname is the desired custom domain under which console will be available.", - "type": "string" - }, - "secret": { - "description": "secret points to secret in the openshift-config namespace that contains custom\ncertificate and key and needs to be created manually by the cluster admin.\nReferenced Secret is required to contain following key value pairs:\n- \"tls.crt\" - to specifies custom certificate\n- \"tls.key\" - to specifies private key of the custom certificate\nIf the custom hostname uses the default routing suffix of the cluster,\nthe Secret specification for a serving certificate will not be needed.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "ConsoleStatus defines the observed status of the Console.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "Console", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/ConsoleList": { - "description": "ConsoleList is a list of Console", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Console" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ConsoleList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/DNS": { - "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. \n This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNS.", - "properties": { - "cache": { - "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", - "properties": { - "negativeTTL": { - "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached. \n If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", - "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "positiveTTL": { - "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached. \n If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", - "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - } - }, - "type": "object" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses. Setting logLevel: Trace will produce extremely verbose logs. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", - "enum": [ - "Normal", - "Debug", - "Trace" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether the DNS operator should manage cluster DNS", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "nodePlacement": { - "description": "nodePlacement provides explicit control over the scheduling of DNS pods. \n Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. \n If unset, defaults are used. See nodePlacement for more details.", - "properties": { - "nodeSelector": { - "additionalProperties": { + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, - "description": "nodeSelector is the node selector applied to DNS pods. \n If empty, the default is used, which is currently the following: \n kubernetes.io/os: linux \n This default is subject to change. \n If set, the specified selector is used and replaces the default.", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to DNS pods. \n If empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable. \n Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" } }, "type": "object" }, - "type": "array" - } - }, - "type": "object" - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", - "enum": [ - "Normal", - "Debug", - "Trace" - ], - "type": "string" - }, - "servers": { - "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. \n For example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\". \n If this field is nil, no servers are created.", - "items": { - "description": "Server defines the schema for a server that runs per instance of CoreDNS.", - "properties": { - "forwardPlugin": { - "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "policy": { - "default": "Random", - "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: \n * \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. \n The default value is \"Random\"", - "enum": [ - "Random", - "RoundRobin", - "Sequential" - ], - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "enum": [ - "TCP", - "" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" ], - "type": "string" + "type": "object" }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. \n The default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "tls": { - "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", - "properties": { - "caBundle": { - "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. \n 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "value": { + "description": "The header field value", + "type": "string" + } }, - "serverName": { - "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", - "maxLength": 253, - "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" } - }, - "required": [ - "serverName" ], - "type": "object" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "transport": { - "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). \n Possible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", - "enum": [ - "TLS", - "Cleartext", - "" - ], + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, + "required": [ + "port" + ], "type": "object" }, - "upstreams": { - "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. \n A maximum of 15 upstreams is allowed per ForwardPlugin.", - "items": { - "type": "string" + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } }, - "maxItems": 15, - "type": "array" + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, "type": "object" }, - "name": { - "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, - "zones": { - "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "type": "array" - }, - "upstreamResolvers": { - "default": {}, - "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server \n If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", - "properties": { - "policy": { - "default": "Sequential", - "description": "Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: \n * \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. \n The default value is \"Sequential\"", - "enum": [ - "Random", - "RoundRobin", - "Sequential" - ], - "type": "string" - }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "enum": [ - "TCP", - "" - ], - "type": "string" - }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. \n The default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", - "properties": { - "tls": { - "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", + "description": "volumeDevice describes a mapping of a raw block device within a container.", "properties": { - "caBundle": { - "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. \n 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" }, - "serverName": { - "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", - "maxLength": 253, - "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, "required": [ - "serverName" + "devicePath", + "name" ], "type": "object" }, - "transport": { - "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). \n Possible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", - "enum": [ - "TLS", - "Cleartext", - "" - ], - "type": "string" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, - "type": "object" - }, - "upstreams": { - "default": [ - { - "type": "SystemResolvConf" - } - ], - "description": "Upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. \n A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", - "items": { - "anyOf": [ - { - "not": { - "required": [ - "address", - "port" - ] + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" }, - "properties": { - "type": { - "enum": [ - "", - "SystemResolvConf" - ] - } + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" } }, - { - "properties": { - "type": { - "enum": [ - "Network" - ] - } - }, - "required": [ - "address" - ] - } + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" ], - "description": "Upstream can either be of type SystemResolvConf, or of type Network. \n - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53.", + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", "properties": { - "address": { - "anyOf": [ - { - "format": "ipv4" - }, - { - "format": "ipv6" - } - ], - "description": "Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, "type": "string" }, - "port": { - "default": 53, - "description": "Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "type": { - "description": "Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. \n * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address", - "enum": [ - "SystemResolvConf", - "Network", - "" - ], + "value": { + "description": "Value is optional.", "type": "string" } }, "required": [ - "type" + "name" ], "type": "object" }, - "maxItems": 15, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" } }, "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the DNS.", - "properties": { - "clusterDomain": { - "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], "type": "string" }, - "clusterIP": { - "description": "clusterIP is the service IP through which this DNS is made available. \n In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. \n In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "enableFeatures": { + "description": "Enable access to Thanos Ruler feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://thanos.io/tip/components/rule.md/\n\nIt requires Thanos >= 0.39.0.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "enableServiceLinks": { + "description": "Indicates whether information about services should be injected into pod's environment variables", + "type": "boolean" + }, + "enforcedNamespaceLabel": { + "description": "EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert\nand metric that is user created. The label value will always be the namespace of the object that is\nbeing created.", "type": "string" }, - "conditions": { - "description": "conditions provide information about the state of the DNS on the cluster. \n These are the supported DNS conditions: \n * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied.", + "evaluationInterval": { + "default": "15s", + "description": "Interval between consecutive evaluations.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "excludedFromEnforcement": { + "description": "List of references to PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\nApplies only if enforcedNamespaceLabel set to true.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { + "group": { + "default": "monitoring.coreos.com", + "description": "Group of the referent. When not specified, it defaults to `monitoring.coreos.com`", + "enum": [ + "monitoring.coreos.com" + ], "type": "string" }, - "reason": { + "name": { + "description": "Name of the referent. When not set, all resources in the namespace are matched.", "type": "string" }, - "status": { + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "minLength": 1, "type": "string" }, - "type": { + "resource": { + "description": "Resource of the referent.", + "enum": [ + "prometheusrules", + "servicemonitors", + "podmonitors", + "probes", + "scrapeconfigs" + ], "type": "string" } }, "required": [ - "type" + "namespace", + "resource" ], "type": "object" }, "type": "array" - } - }, - "required": [ - "clusterDomain", - "clusterIP" - ], - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "DNS", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/DNSList": { - "description": "DNSList is a list of DNS", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.DNS" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "DNSList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/Etcd": { - "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "controlPlaneHardwareSpeed": { - "description": "HardwareSpeed allows user to change the etcd tuning profile which configures\nthe latency parameters for heartbeat interval and leader election timeouts\nallowing the cluster to tolerate longer round-trip-times between etcd members.\nValid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", - "enum": [ - "", - "Standard", - "Slower" - ], - "type": "string" - }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], + "externalPrefix": { + "description": "The external URL the Thanos Ruler instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Thanos Ruler is not\nserved from root of a DNS name.", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" + "grpcServerTlsConfig": { + "description": "GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads\nrecorded rule data.\nNote: Currently only the CAFile, CertFile, and KeyFile fields are supported.\nMaps to the '--grpc-server-tls-*' CLI args.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "hostAliases": { + "description": "Pods' hostAliases configuration", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "ip": { + "description": "IP address of the host file entry.", "type": "string" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "hostnames", + "ip" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ - "type" + "ip" ], "x-kubernetes-list-type": "map" }, - "controlPlaneHardwareSpeed": { - "description": "ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels", + "hostUsers": { + "description": "HostUsers supports the user space in Kubernetes.\n\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/user-namespaces/\n\nThe feature requires at least Kubernetes 1.28 with the `UserNamespacesSupport` feature gate enabled.\nStarting Kubernetes 1.33, the feature is enabled by default.", + "type": "boolean" + }, + "image": { + "description": "Thanos container image URL.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy for the 'thanos', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", "enum": [ "", - "Standard", - "Slower" + "Always", + "Never", + "IfNotPresent" ], "type": "string" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace\nto use for pulling thanos images from registries\nsee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" + "type": "array" }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "initContainers": { + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the ThanosRuler configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nUsing initContainers for any use case other then secret fetching is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that this behaviour may break\nat any time without notice.", "items": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "description": "A single application container that you want to run within a pod.", "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer" - }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", - "type": "string" - }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", - "format": "int32", - "type": "integer" + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "format": "date-time", - "type": "string" + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer" + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "nodeName": { - "description": "nodeName is the name of the node", + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "nodeName" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "fieldPath": ".currentRevision", - "message": "cannot be unset once set", - "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" - }, - { - "fieldPath": ".currentRevision", - "message": "currentRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.currentRevision)" - }, - { - "fieldPath": ".targetRevision", - "message": "targetRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.targetRevision)" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "no more than 1 node status may have a nonzero targetRevision", - "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "Etcd", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/EtcdList": { - "description": "EtcdList is a list of Etcd", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of etcds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Etcd" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "EtcdList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/IngressController": { - "description": "IngressController describes a managed ingress controller for the cluster. The\ncontroller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is\ncreated to allow external traffic to reach the services that expose Ingress\nor Route resources. Updating this resource may lead to disruption for public\nfacing network connections as a new ingress controller revision may be rolled\nout.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each\nfield for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the IngressController.", - "properties": { - "clientTLS": { - "description": "clientTLS specifies settings for requesting and verifying client\ncertificates, which can be used to enable mutual TLS for\nedge-terminated and reencrypt routes.", - "properties": { - "allowedSubjectPatterns": { - "description": "allowedSubjectPatterns specifies a list of regular expressions that\nshould be matched against the distinguished name on a valid client\ncertificate to filter requests. The regular expressions must use\nPCRE syntax. If this list is empty, no filtering is performed. If\nthe list is nonempty, then at least one pattern must match a client\ncertificate's distinguished name or else the ingress controller\nrejects the certificate and denies the connection.", - "items": { + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "clientCA": { - "description": "clientCA specifies a configmap containing the PEM-encoded CA\ncertificate bundle that should be used to verify a client's\ncertificate. The administrator must create this configmap in the\nopenshift-config namespace.", - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "clientCertificatePolicy": { - "description": "clientCertificatePolicy specifies whether the ingress controller\nrequires clients to provide certificates. This field accepts the\nvalues \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for\nedge-terminated and reencrypt TLS routes; it cannot check\ncertificates for cleartext HTTP or passthrough TLS routes.", - "enum": [ - "", - "Required", - "Optional" - ], - "type": "string" - } - }, - "required": [ - "clientCA", - "clientCertificatePolicy" - ], - "type": "object" - }, - "defaultCertificate": { - "description": "defaultCertificate is a reference to a secret containing the default\ncertificate served by the ingress controller. When Routes don't specify\ntheir own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The\ncertificate is valid for the ingress controller domain (and subdomains) and\nthe generated certificate's CA will be automatically integrated with the\ncluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple\nHTTP/2 enabled routes (which implies ALPN) then clients\n(i.e., notably browsers) are at liberty to reuse open\nconnections. This means a client can reuse a connection to\nanother route and that is likely to fail. This behaviour is\ngenerally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be\nautomatically integrated with OpenShift's built-in OAuth server.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "domain": { - "description": "domain is a DNS name serviced by the ingress controller and is used to\nconfigure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be\nupdated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", - "type": "string" - }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is used to publish the ingress controller\nendpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on\ninfrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", - "properties": { - "hostNetwork": { - "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing\nstrategy. Present only if type is HostNetwork.", - "properties": { - "httpPort": { - "default": 80, - "description": "httpPort is the port on the host which should be used to listen for\nHTTP requests. This field should be set when port 80 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 80.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" - }, - "httpsPort": { - "default": 443, - "description": "httpsPort is the port on the host which should be used to listen for\nHTTPS requests. This field should be set when port 443 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 443.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } }, - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "statsPort": { - "default": 1936, - "description": "statsPort is the port on the host where the stats from the router are\npublished. The value should not coincide with the NodePort range of the\ncluster. If an external load balancer is configured to forward connections\nto this IngressController, the load balancer should use this port for\nhealth checks. The load balancer can send HTTP probes on this port on a\ngiven node, with the path /healthz/ready to determine if the ingress\ncontroller is ready to receive traffic on the node. For proper operation\nthe load balancer must not forward traffic to a node until the health\ncheck reports ready. The load balancer should also stop forwarding requests\nwithin a maximum of 45 seconds after /healthz/ready starts reporting\nnot-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with\na threshold of two successful or failed requests to become healthy or\nunhealthy respectively, are well-tested values. When the value is 0 or\nis not specified it defaults to 1936.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" - } + "type": "object" }, - "type": "object" - }, - "loadBalancer": { - "description": "loadBalancer holds parameters for the load balancer. Present only if\ntype is LoadBalancerService.", - "properties": { - "allowedSourceRanges": { - "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which\naccess to the load balancer should be restricted. Each range must be\nspecified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is\nspecified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default,\nwhich allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did\nnot have the allowedSourceRanges field, you may set the\nservice.beta.kubernetes.io/load-balancer-source-ranges annotation on\nthe \"router-\" service in the\n\"openshift-ingress\" namespace, and this annotation will take\neffect if allowedSourceRanges is empty on OpenShift 4.12.", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\"\nor \"fd00::/8\").", - "pattern": "(^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)", - "type": "string" + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dnsManagementPolicy": { - "default": "Managed", - "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record\nassociated with the load balancer service will be managed by\nthe ingress operator. It defaults to Managed.\nValid values are: Managed and Unmanaged.", - "enum": [ - "Managed", - "Unmanaged" + "required": [ + "containerPort" ], - "type": "string" + "type": "object" }, - "providerParameters": { - "description": "providerParameters holds desired load balancer information specific to\nthe underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters\nfields for details about their defaults.", - "properties": { - "aws": { - "description": "aws provides configuration settings that are specific to AWS\nload balancers.\n\nIf empty, defaults will be applied. See specific aws fields for\ndetails about their defaults.", - "properties": { - "classicLoadBalancer": { - "description": "classicLoadBalancerParameters holds configuration parameters for an AWS\nclassic load balancer. Present only if type is Classic.", + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "connectionIdleTimeout": { - "description": "connectionIdleTimeout specifies the maximum time period that a\nconnection may be idle before the load balancer closes the\nconnection. The value must be parseable as a time duration value;\nsee . A nil or zero value\nmeans no opinion, in which case a default value is used. The default\nvalue for this field is 60s. This default is subject to change.", - "format": "duration", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", - "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", - "items": { - "description": "AWSSubnetID is a reference to an AWS subnet ID.", - "maxLength": 24, - "minLength": 24, - "pattern": "^subnet-[0-9A-Za-z]+$", - "type": "string" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet ids cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", - "items": { - "description": "AWSSubnetName is a reference to an AWS subnet name.", - "maxLength": 256, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "subnet name cannot contain a comma", - "rule": "!self.contains(',')" - }, - { - "message": "subnet name cannot start with 'subnet-'", - "rule": "!self.startsWith('subnet-')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet names cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "the total number of subnets cannot exceed 10", - "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" - }, - { - "message": "must specify at least 1 subnet name or id", - "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" - } - ] + "value": { + "description": "The header field value", + "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "networkLoadBalancer": { - "description": "networkLoadBalancerParameters holds configuration parameters for an AWS\nnetwork load balancer. Present only if type is NLB.", - "properties": { - "eipAllocations": { - "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that\nare assigned to the Network Load Balancer.\nThe following restrictions apply:\n\neipAllocations can only be used with external scope, not internal.\nAn EIP can be allocated to only a single IngressController.\nThe number of EIP allocations must match the number of subnets that are used for the load balancer.\nEach EIP allocation must be unique.\nA maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general\ninformation about configuration, characteristics, and limitations of Elastic IP addresses.", - "items": { - "description": "EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.\nValues must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.", - "maxLength": 26, - "minLength": 26, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "eipAllocations should start with 'eipalloc-'", - "rule": "self.startsWith('eipalloc-')" - }, - { - "message": "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)", - "rule": "self.split(\"-\", 2)[1].matches('[0-9a-fA-F]{17}$')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "eipAllocations cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", - "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", - "items": { - "description": "AWSSubnetID is a reference to an AWS subnet ID.", - "maxLength": 24, - "minLength": 24, - "pattern": "^subnet-[0-9A-Za-z]+$", - "type": "string" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet ids cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", - "items": { - "description": "AWSSubnetName is a reference to an AWS subnet name.", - "maxLength": 256, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "subnet name cannot contain a comma", - "rule": "!self.contains(',')" - }, - { - "message": "subnet name cannot start with 'subnet-'", - "rule": "!self.startsWith('subnet-')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet names cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "the total number of subnets cannot exceed 10", - "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" - }, - { - "message": "must specify at least 1 subnet name or id", - "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" - } - ] - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.ids) && has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids + self.subnets.names) == size(self.eipAllocations) : true" - }, - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.ids) && !has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids) == size(self.eipAllocations) : true" - }, - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.names) && !has(self.subnets.ids) && has(self.eipAllocations) ? size(self.subnets.names) == size(self.eipAllocations) : true" - } - ] + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" }, - "type": { - "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", - "enum": [ - "Classic", - "NLB" - ], + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, "required": [ - "type" + "name" ], "type": "object" }, - "gcp": { - "description": "gcp provides configuration settings that are specific to GCP\nload balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for\ndetails about their defaults.", - "properties": { - "clientAccess": { - "description": "clientAccess describes how client access is restricted for internal\nload balancers.\n\nValid values are:\n* \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", - "enum": [ - "Global", - "Local" - ], + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" } - }, - "type": "object" + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "ibm": { - "description": "ibm provides configuration settings that are specific to IBM Cloud\nload balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for\ndetails about their defaults.", - "properties": { - "protocol": { - "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to\nthe IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:\n\"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is TCP, without the proxy protocol enabled.", - "enum": [ - "", - "TCP", - "PROXY" - ], + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" }, - "type": "object" + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } }, - "openstack": { - "description": "openstack provides configuration settings that are specific to OpenStack\nload balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for\ndetails about their defaults.", - "properties": { - "floatingIP": { - "description": "floatingIP specifies the IP address that the load balancer will use.\nWhen not specified, an IP address will be assigned randomly by the OpenStack cloud provider.\nWhen specified, the floating IP has to be pre-created. If the\nspecified value is not a floating IP or is already claimed, the\nOpenStack cloud provider won't be able to provision the load\nbalancer.\nThis field may only be used if the IngressController has External scope.\nThis value must be a valid IPv4 or IPv6 address.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "floatingIP must be a valid IPv4 or IPv6 address", - "rule": "isIP(self)" + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" } - ] - } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "type": { - "description": "type is the underlying infrastructure provider for the load balancer.\nAllowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\",\n\"OpenStack\", and \"VSphere\".", - "enum": [ - "AWS", - "Azure", - "BareMetal", - "GCP", - "Nutanix", - "OpenStack", - "VSphere", - "IBM" - ], + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, "required": [ - "type" + "devicePath", + "name" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "openstack is not permitted when type is not OpenStack", - "rule": "has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)" - } - ] + "type": "object" }, - "scope": { - "description": "scope indicates the scope at which the load balancer is exposed.\nPossible values are \"External\" and \"Internal\".", - "enum": [ - "Internal", - "External" - ], - "type": "string" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "dnsManagementPolicy", - "scope" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "eipAllocations are forbidden when the scope is Internal.", - "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)" - }, - { - "message": "cannot specify a floating ip when scope is internal", - "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == \"\"" - } - ] - }, - "nodePort": { - "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy.\nPresent only if type is NodePortService.", - "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" ], - "type": "string" - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, - "type": "object" + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } }, - "private": { - "description": "private holds parameters for the Private endpoint publishing\nstrategy. Present only if type is Private.", - "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" - } - }, - "type": "object" + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Configures the external label pairs of the ThanosRuler resource.\n\nA default replica label `thanos_ruler_replica` will be always added as a\nlabel with the value of the pod's name.", + "type": "object" + }, + "listenLocal": { + "description": "ListenLocal makes the Thanos ruler listen on loopback, so that it\ndoes not bind against the Pod IP.", + "type": "boolean" + }, + "logFormat": { + "description": "Log format for ThanosRuler to be configured with.", + "enum": [ + "", + "logfmt", + "json" + ], + "type": "string" + }, + "logLevel": { + "description": "Log level for ThanosRuler to be configured with.", + "enum": [ + "", + "debug", + "info", + "warn", + "error" + ], + "type": "string" + }, + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\n\nIf unset, pods will be considered available as soon as they are ready.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "Define which Nodes the Pods are scheduled on.", + "type": "object" + }, + "objectStorageConfig": { + "description": "Configures object storage.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration.\n\n`objectStorageConfigFile` takes precedence over this field.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": { - "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the\nLoadBalancer Service's external name. DNS records are managed only in DNS\nzones defined by dns.config.openshift.io/cluster .spec.publicZone and\n.spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure,\nand GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller\nis deployed.\n\nIn this configuration, the ingress controller deployment uses host\nnetworking, bound to node ports 80 and 443. The user is responsible for\nconfiguring an external load balancer to publish the ingress controller via\nthe node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking, and is not explicitly published. The user must manually publish\nthe ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A NodePort Service is created to publish the deployment. The\nspecific node ports are dynamically allocated by OpenShift; however, to\nsupport static port allocations, user changes to the node port\nfield of the managed NodePort Service will preserved.", - "enum": [ - "LoadBalancerService", - "HostNetwork", - "Private", - "NodePortService" - ], + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "httpCompression": { - "description": "httpCompression defines a policy for HTTP traffic compression.\nBy default, there is no HTTP compression.", + "objectStorageConfigFile": { + "description": "Configures the path of the object storage configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `objectStorageConfig`.", + "type": "string" + }, + "paused": { + "description": "When a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects.", + "type": "boolean" + }, + "podMetadata": { + "description": "PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods.\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\".", "properties": { - "mimeTypes": { - "description": "mimeTypes is a list of MIME types that should have compression applied.\nThis list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources\nto try to compress if instructed to. Generally speaking, text (html, css, js, etc.)\nformats benefit from compression, but formats that are already compressed (image,\naudio, video, etc.) benefit little in exchange for the time and cpu spent on compressing\nagain. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", - "items": { - "description": "CompressionMIMEType defines the format of a single MIME type.\nE.g. \"text/css; charset=utf-8\", \"text/html\", \"text/*\", \"image/svg+xml\",\n\"application/octet-stream\", \"X-custom/customsub\", etc.\n\nThe format should follow the Content-Type definition in RFC 1341:\nContent-Type := type \"/\" subtype *[\";\" parameter]\n - The type in Content-Type can be one of:\n application, audio, image, message, multipart, text, video, or a custom\n type preceded by \"X-\" and followed by a token as defined below.\n - The token is a string of at least one character, and not containing white\n space, control characters, or any of the characters in the tspecials set.\n - The tspecials set contains the characters ()<>@,;:\\\"/[]?.=\n - The subtype in Content-Type is also a token.\n - The optional parameter/s following the subtype are defined as:\n token \"=\" (token / quoted-string)\n - The quoted-string, as defined in RFC 822, is surrounded by double quotes\n and can contain white space plus any character EXCEPT \\, \", and CR.\n It can also contain any single ASCII character as long as it is escaped by \\.", - "pattern": "^(?i)(x-[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+(; *[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+=([^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+|\"(\\\\[\\x00-\\x7F]|[^\\x0D\"\\\\])*\"))*$", + "annotations": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "set" + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", + "type": "string" } }, "type": "object" }, - "httpEmptyRequestsPolicy": { - "default": "Respond", - "description": "httpEmptyRequestsPolicy describes how HTTP connections should be\nhandled if the connection times out before a request is received.\nAllowed values for this field are \"Respond\" and \"Ignore\". If the\nfield is set to \"Respond\", the ingress controller sends an HTTP 400\nor 408 response, logs the connection (if access logging is enabled),\nand counts the connection in the appropriate metrics. If the field\nis set to \"Ignore\", the ingress controller closes the connection\nwithout sending a response, logging the connection, or incrementing\nmetrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes\nor Web browsers' speculative connections (\"preconnect\") and can be\nsafely ignored. However, these requests may also be caused by\nnetwork errors, and so setting this field to \"Ignore\" may impede\ndetection and diagnosis of problems. In addition, these requests may\nbe caused by port scans, in which case logging empty requests may aid\nin detecting intrusion attempts.", - "enum": [ - "Respond", - "Ignore" - ], + "portName": { + "default": "web", + "description": "Port name used for the pods and governing service.\nDefaults to `web`.", "type": "string" }, - "httpErrorCodePages": { - "description": "httpErrorCodePages specifies a configmap with custom error pages.\nThe administrator must create this configmap in the openshift-config namespace.\nThis configmap should have keys in the format \"error-page-.http\",\nwhere is an HTTP error code.\nFor example, \"error-page-503.http\" defines an error page for HTTP 503 responses.\nCurrently only error pages for 503 and 404 responses can be customized.\nEach value in the configmap should be the full response, including HTTP headers.\nEg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http\nIf this field is empty, the ingress controller uses the default error pages.", + "priorityClassName": { + "description": "Priority class assigned to the Pods", + "type": "string" + }, + "prometheusRulesExcludedFromEnforce": { + "description": "PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing\nof adding namespace labels. Works only if enforcedNamespaceLabel set to true.\nMake sure both ruleNamespace and ruleName are set for each pair\nDeprecated: use excludedFromEnforcement instead.", + "items": { + "description": "PrometheusRuleExcludeConfig enables users to configure excluded\nPrometheusRule names and their namespaces to be ignored while enforcing\nnamespace label for alerts and metrics.", + "properties": { + "ruleName": { + "description": "Name of the excluded PrometheusRule object.", + "type": "string" + }, + "ruleNamespace": { + "description": "Namespace of the excluded PrometheusRule object.", + "type": "string" + } + }, + "required": [ + "ruleName", + "ruleNamespace" + ], + "type": "object" + }, + "type": "array" + }, + "queryConfig": { + "description": "Configures the list of Thanos Query endpoints from which to query metrics.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api\n\nIt requires Thanos >= v0.11.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `queryEndpoints`.", "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, "name": { - "description": "name is the metadata.name of the referenced config map", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", - "properties": { - "actions": { - "description": "actions specifies options for modifying headers and their values.\nNote that this option only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). Headers cannot be modified for TLS passthrough\nconnections.\nSetting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security`\nmay only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in\naccordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.\nAny actions defined here are applied after any actions related to the following other fields:\ncache-control, spec.clientTLS,\nspec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,\nand spec.httpHeaders.headerNameCaseAdjustments.\nIn case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after\nthe actions specified in the IngressController's spec.httpHeaders.actions field.\nIn case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be\nexecuted after the actions specified in the Route's spec.httpHeaders.actions field.\nHeaders set using this API cannot be captured for use in access logs.\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController. Please refer to the documentation\nfor that API field for more details.", - "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify.\nActions defined here will modify the request headers of all requests passing through an ingress controller.\nThese actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.\nIngressController actions for request headers will be executed before Route actions.\nCurrently, actions may define to either `Set` or `Delete` headers values.\nActions are applied in sequence as defined in this list.\nA maximum of 20 request header actions may be configured.\nSample fetchers allowed are \"req.hdr\" and \"ssl_c_der\".\nConverters allowed are \"lower\" and \"base64\".\nExample header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "items": { - "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "queryEndpoints": { + "description": "Configures the list of Thanos Query endpoints from which to query metrics.\n\nFor Thanos >= v0.11.0, it is recommended to use `queryConfig` instead.\n\n`queryConfig` takes precedence over this field.", + "items": { + "type": "string" + }, + "type": "array" + }, + "remoteWrite": { + "description": "Defines the list of remote write configurations.\n\nWhen the list isn't empty, the ruler is configured with stateless mode.\n\nIt requires Thanos >= 0.24.0.", + "items": { + "description": "RemoteWriteSpec defines the configuration to write samples from Prometheus\nto a remote endpoint.", + "properties": { + "authorization": { + "description": "Authorization section for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "credentialsFile": { + "description": "File to read a secret from, mutually exclusive with `credentials`.", + "type": "string" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "azureAd": { + "description": "AzureAD for the URL.\n\nIt requires Prometheus >= v2.45.0 or Thanos >= v0.31.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.", + "properties": { + "cloud": { + "description": "The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.", + "enum": [ + "AzureChina", + "AzureGovernment", + "AzurePublic" + ], + "type": "string" + }, + "managedIdentity": { + "description": "ManagedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.", + "properties": { + "clientId": { + "description": "The client id", + "type": "string" + } + }, + "required": [ + "clientId" + ], + "type": "object" + }, + "oauth": { + "description": "OAuth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.", + "properties": { + "clientId": { + "description": "`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.", + "minLength": 1, + "type": "string" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.", "properties": { - "set": { - "description": "set specifies how the HTTP header should be set.\nThis field is required when type is Set and forbidden otherwise.", - "properties": { - "value": { - "description": "value specifies a header value.\nDynamic values can be added. The value will be interpreted as an HAProxy format string as defined in\nhttp://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and\notherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.\nThe value of this field must be no more than 16384 characters in length.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController.", - "maxLength": 16384, - "minLength": 1, - "type": "string" - } - }, - "required": [ - "value" - ], - "type": "object" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": { - "description": "type defines the type of the action to be applied on the header.\nPossible values are Set or Delete.\nSet allows you to set HTTP request and response headers.\nDelete allows you to delete HTTP request and response headers.", - "enum": [ - "Set", - "Delete" - ], + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "set is required when type is Set, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)" - } - ] + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.\nThe name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\".\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nIt must be no more than 255 characters in length.\nHeader name must be unique.", - "maxLength": 255, + "tenantId": { + "description": "`tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.", "minLength": 1, - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "strict-transport-security header may not be modified via header actions", - "rule": "self.lowerAscii() != 'strict-transport-security'" + "pattern": "^[0-9a-zA-Z-.]+$", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tenantId" + ], + "type": "object" + }, + "sdk": { + "description": "SDK defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.", + "properties": { + "tenantId": { + "description": "`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.", + "pattern": "^[0-9a-zA-Z-.]+$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth configuration for the URL.\n\nCannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerToken": { + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", + "type": "string" + }, + "bearerTokenFile": { + "description": "File from which to read bearer token for the URL.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", + "type": "string" + }, + "enableHTTP2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, + "followRedirects": { + "description": "Configure whether HTTP requests follow HTTP 3xx redirects.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Custom HTTP headers to be sent along with each remote write request.\nBe aware that headers that are set by Prometheus itself can't be overwritten.\n\nIt requires Prometheus >= v2.25.0 or Thanos >= v0.24.0.", + "type": "object" + }, + "messageVersion": { + "description": "The Remote Write message's version to use when writing to the endpoint.\n\n`Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0.\n`Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0.\n\nWhen `Version2.0` is selected, Prometheus will automatically be\nconfigured to append the metadata of scraped metrics to the WAL.\n\nBefore setting this field, consult with your remote storage provider\nwhat message version it supports.\n\nIt requires Prometheus >= v2.54.0 or Thanos >= v0.37.0.", + "enum": [ + "V1.0", + "V2.0" + ], + "type": "string" + }, + "metadataConfig": { + "description": "MetadataConfig configures the sending of series metadata to the remote storage.", + "properties": { + "maxSamplesPerSend": { + "description": "MaxSamplesPerSend is the maximum number of metadata samples per send.\n\nIt requires Prometheus >= v2.29.0.", + "format": "int32", + "minimum": -1, + "type": "integer" + }, + "send": { + "description": "Defines whether metric metadata is sent to the remote storage or not.", + "type": "boolean" + }, + "sendInterval": { + "description": "Defines how frequently metric metadata is sent to the remote storage.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "The name of the remote write queue, it must be unique if specified. The\nname is used in metrics and logging in order to differentiate queues.\n\nIt requires Prometheus >= v2.15.0 or Thanos >= 0.24.0.", + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 configuration for the URL.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - { - "message": "proxy header may not be modified via header actions", - "rule": "self.lowerAscii() != 'proxy'" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - { - "message": "host header may not be modified via header actions", - "rule": "self.lowerAscii() != 'host'" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "cookie header may not be modified via header actions", - "rule": "self.lowerAscii() != 'cookie'" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - { - "message": "set-cookie header may not be modified via header actions", - "rule": "self.lowerAscii() != 'set-cookie'" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "action", - "name" + "key" ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, - "maxItems": 20, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64.", - "rule": "self.all(key, key.action.type == \"Delete\" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\\\{[-+]?[QXE](?:,[-+]?[QXE])*\\\\})?\\\\[(?:req\\\\.hdr\\\\([0-9A-Za-z-]+\\\\)|ssl_c_der)(?:,(?:lower|base64))*\\\\])|[^%[:cntrl:]])+$')))" - } - ] - }, - "response": { - "description": "response is a list of HTTP response headers to modify.\nActions defined here will modify the response headers of all requests passing through an ingress controller.\nThese actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.\nIngressController actions for response headers will be executed after Route actions.\nCurrently, actions may define to either `Set` or `Delete` headers values.\nActions are applied in sequence as defined in this list.\nA maximum of 20 response header actions may be configured.\nSample fetchers allowed are \"res.hdr\" and \"ssl_c_der\".\nConverters allowed are \"lower\" and \"base64\".\nExample header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "items": { - "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "set": { - "description": "set specifies how the HTTP header should be set.\nThis field is required when type is Set and forbidden otherwise.", + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "value": { - "description": "value specifies a header value.\nDynamic values can be added. The value will be interpreted as an HAProxy format string as defined in\nhttp://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and\notherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.\nThe value of this field must be no more than 16384 characters in length.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController.", - "maxLength": 16384, - "minLength": 1, + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "value" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": { - "description": "type defines the type of the action to be applied on the header.\nPossible values are Set or Delete.\nSet allows you to set HTTP request and response headers.\nDelete allows you to delete HTTP request and response headers.", - "enum": [ - "Set", - "Delete" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "set is required when type is Set, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)" - } - ] + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.\nThe name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\".\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nIt must be no more than 255 characters in length.\nHeader name must be unique.", - "maxLength": 255, - "minLength": 1, - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "strict-transport-security header may not be modified via header actions", - "rule": "self.lowerAscii() != 'strict-transport-security'" - }, - { - "message": "proxy header may not be modified via header actions", - "rule": "self.lowerAscii() != 'proxy'" - }, - { - "message": "host header may not be modified via header actions", - "rule": "self.lowerAscii() != 'host'" - }, - { - "message": "cookie header may not be modified via header actions", - "rule": "self.lowerAscii() != 'cookie'" - }, - { - "message": "set-cookie header may not be modified via header actions", - "rule": "self.lowerAscii() != 'set-cookie'" - } - ] + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "action", - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "maxItems": 20, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64.", - "rule": "self.all(key, key.action.type == \"Delete\" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\\\{[-+]?[QXE](?:,[-+]?[QXE])*\\\\})?\\\\[(?:res\\\\.hdr\\\\([0-9A-Za-z-]+\\\\)|ssl_c_der)(?:,(?:lower|base64))*\\\\])|[^%[:cntrl:]])+$')))" - } - ] - } + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "forwardedHeaderPolicy": { - "description": "forwardedHeaderPolicy specifies when and how the IngressController\nsets the Forwarded, X-Forwarded-For, X-Forwarded-Host,\nX-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version\nHTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", - "enum": [ - "Append", - "Replace", - "IfNone", - "Never" - ], - "type": "string" - }, - "headerNameCaseAdjustments": { - "description": "headerNameCaseAdjustments specifies case adjustments that can be\napplied to HTTP header names. Each adjustment is specified as an\nHTTP header name with the desired capitalization. For example,\nspecifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\"\nHTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and\nre-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes\nthat have the haproxy.router.openshift.io/h1-adjust-case=true\nannotation. For response headers, these adjustments are applied to\nall HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", - "items": { - "description": "IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header\n(for example, \"X-Forwarded-For\") in the desired capitalization. The value\nmust be a valid HTTP header name as defined in RFC 2616 section 4.2.", - "maxLength": 1024, - "minLength": 0, - "pattern": "^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "uniqueId": { - "description": "uniqueId describes configuration for a custom HTTP header that the\ningress controller should inject into incoming HTTP requests.\nTypically, this header is configured to have a value that is unique\nto the HTTP request. The header can be used by applications or\nincluded in access logs to facilitate tracing individual HTTP\nrequests.\n\nIf this field is empty, no such header is injected into requests.", - "properties": { - "format": { - "description": "format specifies the format for the injected HTTP header's value.\nThis field has no effect unless name is specified. For the\nHAProxy-based ingress controller implementation, this format uses the\nsame syntax as the HTTP log format. If the field is empty, the\ndefault value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the\ncorresponding HAProxy documentation:\nhttp://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", - "maxLength": 1024, - "minLength": 0, - "pattern": "^(%(%|(\\{[-+]?[QXE](,[-+]?[QXE])*\\})?([A-Za-z]+|\\[[.0-9A-Z_a-z]+(\\([^)]+\\))?(,[.0-9A-Z_a-z]+(\\([^)]+\\))?)*\\]))|[^%[:cntrl:]])*$", - "type": "string" + "queueConfig": { + "description": "QueueConfig allows tuning of the remote write queue parameters.", + "properties": { + "batchSendDeadline": { + "description": "BatchSendDeadline is the maximum time a sample will wait in buffer.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "capacity": { + "description": "Capacity is the number of samples to buffer per shard before we start\ndropping them.", + "type": "integer" + }, + "maxBackoff": { + "description": "MaxBackoff is the maximum retry delay.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "maxRetries": { + "description": "MaxRetries is the maximum number of times to retry a batch on recoverable errors.", + "type": "integer" + }, + "maxSamplesPerSend": { + "description": "MaxSamplesPerSend is the maximum number of samples per send.", + "type": "integer" + }, + "maxShards": { + "description": "MaxShards is the maximum number of shards, i.e. amount of concurrency.", + "type": "integer" + }, + "minBackoff": { + "description": "MinBackoff is the initial retry delay. Gets doubled for every retry.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "minShards": { + "description": "MinShards is the minimum number of shards, i.e. amount of concurrency.", + "type": "integer" + }, + "retryOnRateLimit": { + "description": "Retry upon receiving a 429 status code from the remote-write storage.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", + "type": "boolean" + }, + "sampleAgeLimit": { + "description": "SampleAgeLimit drops samples older than the limit.\nIt requires Prometheus >= v2.50.0 or Thanos >= v0.32.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + } }, - "name": { - "description": "name specifies the name of the HTTP header (for example, \"unique-id\")\nthat the ingress controller should inject into HTTP requests. The\nfield's value must be a valid HTTP header name as defined in RFC 2616\nsection 4.2. If the field is empty, no header is injected.", - "maxLength": 1024, - "minLength": 0, - "pattern": "^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", - "type": "string" - } + "type": "object" }, - "type": "object" - } - }, - "type": "object" - }, - "idleConnectionTerminationPolicy": { - "default": "Immediate", - "description": "idleConnectionTerminationPolicy maps directly to HAProxy's\nidle-close-on-response option and controls whether HAProxy\nkeeps idle frontend connections open during a soft stop\n(router reload).\n\nAllowed values for this field are \"Immediate\" and\n\"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed\nimmediately during router reloads. This ensures immediate\npropagation of route changes but may impact clients\nsensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle\nconnections during a soft reload instead of closing them\nimmediately. These connections remain open until any of the\nfollowing occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires\n (300 seconds in OpenShift's configuration, not\n configurable).\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load\nbalancers that do not properly handle connection resets.\nAdditionally, this option allows you to retain the pre-2.4\nHAProxy behaviour: in HAProxy version 2.2 (OpenShift\nversions < 4.14), maintaining idle connections during a\nsoft reload was the default behaviour, but starting with\nHAProxy 2.4, the default changed to closing idle\nconnections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", - "enum": [ - "Immediate", - "Deferred" - ], - "type": "string" - }, - "logging": { - "description": "logging defines parameters for what should be logged where. If this\nfield is empty, operational logs are enabled but access logs are\ndisabled.", - "properties": { - "access": { - "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", - "properties": { - "destination": { - "description": "destination is where access logs go.", - "properties": { - "container": { - "description": "container holds parameters for the Container logging destination.\nPresent only if type is Container.", - "properties": { - "maxLength": { - "default": 1024, - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", - "format": "int32", - "maximum": 8192, - "minimum": 480, - "type": "integer" - } + "remoteTimeout": { + "description": "Timeout for requests to the remote write endpoint.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "roundRobinDNS": { + "description": "When enabled:\n - The remote-write mechanism will resolve the hostname via DNS.\n - It will randomly select one of the resolved IP addresses and connect to it.\n\nWhen disabled (default behavior):\n - The Go standard library will handle hostname resolution.\n - It will attempt connections to each resolved IP address sequentially.\n\nNote: The connection timeout applies to the entire resolution and connection process.\n If disabled, the timeout is distributed across all connection attempts.\n\nIt requires Prometheus >= v3.1.0 or Thanos >= v0.38.0.", + "type": "boolean" + }, + "sendExemplars": { + "description": "Enables sending of exemplars over remote write. Note that\nexemplar-storage itself must be enabled using the `spec.enableFeatures`\noption for exemplars to be scraped in the first place.\n\nIt requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.", + "type": "boolean" + }, + "sendNativeHistograms": { + "description": "Enables sending of native histograms, also known as sparse histograms\nover remote write.\n\nIt requires Prometheus >= v2.40.0 or Thanos >= v0.30.0.", + "type": "boolean" + }, + "sigv4": { + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.\n\nCannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "object" - }, - "syslog": { - "description": "syslog holds parameters for a syslog endpoint. Present only if\ntype is Syslog.", - "oneOf": [ - { - "properties": { - "address": { - "format": "ipv4" - } - } - }, - { - "properties": { - "address": { - "format": "ipv6" - } - } - } - ], - "properties": { - "address": { - "description": "address is the IP address of the syslog endpoint that receives log\nmessages.", - "type": "string" - }, - "facility": { - "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", - "enum": [ - "kern", - "user", - "mail", - "daemon", - "auth", - "syslog", - "lpr", - "news", - "uucp", - "cron", - "auth2", - "ftp", - "ntp", - "audit", - "alert", - "cron2", - "local0", - "local1", - "local2", - "local3", - "local4", - "local5", - "local6", - "local7" - ], - "type": "string" - }, - "maxLength": { - "default": 1024, - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", - "format": "int32", - "maximum": 4096, - "minimum": 480, - "type": "integer" - }, - "port": { - "description": "port is the UDP port number of the syslog endpoint that receives log\nmessages.", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "address", - "port" - ], - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": { - "description": "type is the type of destination for logs. It must be one of the\nfollowing:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on\nthe ingress controller pod and configures the ingress controller to\nwrite logs to the sidecar. The logs are then available as container\nlogs. The expectation is that the administrator configures a custom\nlogging solution that reads logs from this sidecar. Note that using\ncontainer logs means that logs may be dropped if the rate of logs\nexceeds the container runtime's or the custom logging solution's\ncapacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify\nan endpoint that can receive syslog messages. The expectation is\nthat the administrator has configured a custom syslog instance.", - "enum": [ - "Container", - "Syslog" - ], - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "type" - ], - "type": "object" - }, - "httpCaptureCookies": { - "description": "httpCaptureCookies specifies HTTP cookies that should be captured in\naccess logs. If this field is empty, no cookies are captured.", - "items": { - "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be\ncaptured.", + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", "properties": { - "matchType": { - "description": "matchType specifies the type of match to be performed on the cookie\nname. Allowed values are \"Exact\" for an exact string match and\n\"Prefix\" for a string prefix match. If \"Exact\" is specified, a name\nmust be specified in the name field. If \"Prefix\" is provided, a\nprefix must be specified in the namePrefix field. For example,\nspecifying matchType \"Prefix\" and namePrefix \"foo\" will capture a\ncookie named \"foo\" or \"foobar\" but not one named \"bar\". The first\nmatching cookie is captured.", - "enum": [ - "Exact", - "Prefix" - ], + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "maxLength": { - "description": "maxLength specifies a maximum length of the string that will be\nlogged, which includes the cookie name, cookie value, and\none-character delimiter. If the log entry exceeds this length, the\nvalue will be truncated in the log message. Note that the ingress\ncontroller may impose a separate bound on the total length of HTTP\nheaders in a request.", - "maximum": 1024, - "minimum": 1, - "type": "integer" - }, "name": { - "description": "name specifies a cookie name. Its value must be a valid HTTP cookie\nname as defined in RFC 6265 section 4.1.", - "maxLength": 1024, - "minLength": 0, - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "namePrefix": { - "description": "namePrefix specifies a cookie name prefix. Its value must be a valid\nHTTP cookie name as defined in RFC 6265 section 4.1.", - "maxLength": 1024, - "minLength": 0, - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$", - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "matchType", - "maxLength" + "key" ], - "type": "object" - }, - "maxItems": 1, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "httpCaptureHeaders": { - "description": "httpCaptureHeaders defines HTTP headers that should be captured in\naccess logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). Headers cannot be captured for TLS passthrough\nconnections.", - "properties": { - "request": { - "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", - "items": { - "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be\ncaptured.", + "type": "object" + }, + "tlsConfig": { + "description": "TLS Config to use for the URL.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "maxLength": { - "description": "maxLength specifies a maximum length for the header value. If a\nheader value exceeds this length, the value will be truncated in the\nlog message. Note that the ingress controller may impose a separate\nbound on the total length of HTTP headers in a request.", - "minimum": 1, - "type": "integer" + "key": { + "description": "The key to select.", + "type": "string" }, "name": { - "description": "name specifies a header name. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.", - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "maxLength", - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "response": { - "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", - "items": { - "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be\ncaptured.", + "type": "object" + }, + "caFile": { + "description": "Path to the CA cert in the Prometheus container to use for the targets.", + "type": "string" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "maxLength": { - "description": "maxLength specifies a maximum length for the header value. If a\nheader value exceeds this length, the value will be truncated in the\nlog message. Note that the ingress controller may impose a separate\nbound on the total length of HTTP headers in a request.", - "minimum": 1, - "type": "integer" + "key": { + "description": "The key to select.", + "type": "string" }, "name": { - "description": "name specifies a header name. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.", - "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "maxLength", - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "type": "object" - }, - "httpLogFormat": { - "description": "httpLogFormat specifies the format of the log message for an HTTP\nrequest.\n\nIf this field is empty, log messages use the implementation's default\nHTTP log format. For HAProxy's default HTTP log format, see the\nHAProxy documentation:\nhttp://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). It does not affect the log format for TLS passthrough\nconnections.", - "type": "string" - }, - "logEmptyRequests": { - "default": "Log", - "description": "logEmptyRequests specifies how connections on which no request is\nreceived should be logged. Typically, these empty requests come from\nload balancers' health probes or Web browsers' speculative\nconnections (\"preconnect\"), in which case logging these requests may\nbe undesirable. However, these requests may also be caused by\nnetwork errors, in which case logging empty requests may be useful\nfor diagnosing the errors. In addition, these requests may be caused\nby port scans, in which case logging empty requests may aid in\ndetecting intrusion attempts. Allowed values for this field are\n\"Log\" and \"Ignore\". The default value is \"Log\".", - "enum": [ - "Log", - "Ignore" - ], - "type": "string" - } - }, - "required": [ - "destination" - ], - "type": "object" - } - }, - "type": "object" - }, - "namespaceSelector": { - "description": "namespaceSelector is used to filter the set of namespaces serviced by the\ningress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "certFile": { + "description": "Path to the client cert file in the Prometheus container for the targets.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keyFile": { + "description": "Path to the client key file in the Prometheus container for the targets.", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "nodePlacement": { - "description": "nodePlacement enables explicit control over the scheduling of the ingress\ncontroller.\n\nIf unset, defaults are used. See NodePlacement for more details.", - "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to ingress controller\ndeployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement\nfield in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only\nnodeSelector.matchLabels may be used. This is a limitation of the\nKubernetes API: the pod spec does not allow complex expressions for\nnode selectors.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to ingress controller\ndeployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "replicas": { - "description": "replicas is the desired number of ingress controller replicas. If unset,\nthe default depends on the value of the defaultPlacement field in the\ncluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the\nInfrastructure CR. If defaultPlacement is set to ControlPlane, the\nchosen field will be controlPlaneTopology. If it is set to Workers the\nchosen field will be infrastructureTopology. Replicas will then be set to 1\nor 2 based whether the chosen field's value is SingleReplica or\nHighlyAvailable, respectively.\n\nThese defaults are subject to change.", - "format": "int32", - "type": "integer" - }, - "routeAdmission": { - "description": "routeAdmission defines a policy for handling new route claims (for example,\nto allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields\nfor details about their defaults.", - "properties": { - "namespaceOwnership": { - "description": "namespaceOwnership describes how host name claims across namespaces should\nbe handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", - "enum": [ - "InterNamespaceAllowed", - "Strict" - ], - "type": "string" - }, - "wildcardPolicy": { - "description": "wildcardPolicy describes how routes with wildcard policies should\nbe handled for the ingress controller. WildcardPolicy controls use\nof routes [1] exposed by the ingress controller based on the route's\nwildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed\nwill cause admitted routes with a wildcard policy of Subdomain to stop\nworking. These routes must be updated to a wildcard policy of None to be\nreadmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", - "enum": [ - "WildcardsAllowed", - "WildcardsDisallowed" - ], - "type": "string" - } - }, - "type": "object" - }, - "routeSelector": { - "description": "routeSelector is used to filter the set of Routes serviced by the ingress\ncontroller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "serverName": { + "description": "Used to verify the hostname for the targets.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective\nprofile configuration is subject to change between releases. For example, given\na specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade\nto release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress\ncontroller, resulting in a rollout.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - }, - "tuningOptions": { - "anyOf": [ - { - "properties": { - "maxConnections": { - "enum": [ - -1, - 0 - ] - } - } - }, - { - "properties": { - "maxConnections": { - "format": "int32", - "maximum": 2000000, - "minimum": 2000 - } - } - } - ], - "description": "tuningOptions defines parameters for adjusting the performance of\ningress controller pods. All fields are optional and will use their\nrespective defaults if not set. See specific tuningOptions fields for\nmore details.\n\nSetting fields within tuningOptions is generally not recommended. The\ndefault values are suitable for most configurations.", - "properties": { - "clientFinTimeout": { - "description": "clientFinTimeout defines how long a connection will be held open while\nwaiting for the client response to the server/backend closing the\nconnection.\n\nIf unset, the default timeout is 1s", - "format": "duration", - "type": "string" - }, - "clientTimeout": { - "description": "clientTimeout defines how long a connection will be held open while\nwaiting for a client response.\n\nIf unset, the default timeout is 30s", - "format": "duration", - "type": "string" - }, - "connectTimeout": { - "description": "connectTimeout defines the maximum time to wait for\na connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left\nto choose a reasonable default. This default is subject to change over time.\nThe current default is 5s.", - "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "headerBufferBytes": { - "description": "headerBufferBytes describes how much memory should be reserved\n(in bytes) for IngressController connection sessions.\nNote that this value must be at least 16384 if HTTP/2 is\nenabled for the IngressController (https://tools.ietf.org/html/rfc7540).\nIf this field is empty, the IngressController will use a default value\nof 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes\nvalues that are too small may break the IngressController and\nheaderBufferBytes values that are too large could cause the\nIngressController to use significantly more memory than necessary.", - "format": "int32", - "minimum": 16384, - "type": "integer" - }, - "headerBufferMaxRewriteBytes": { - "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved\n(in bytes) from headerBufferBytes for HTTP header rewriting\nand appending for IngressController connection sessions.\nNote that incoming HTTP requests will be limited to\n(headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning\nheaderBufferBytes must be greater than headerBufferMaxRewriteBytes.\nIf this field is empty, the IngressController will use a default value\nof 8192 bytes.\n\nSetting this field is generally not recommended as\nheaderBufferMaxRewriteBytes values that are too small may break the\nIngressController and headerBufferMaxRewriteBytes values that are too\nlarge could cause the IngressController to use significantly more memory\nthan necessary.", - "format": "int32", - "minimum": 4096, - "type": "integer" - }, - "healthCheckInterval": { - "description": "healthCheckInterval defines how long the router waits between two consecutive\nhealth checks on its configured backends. This value is applied globally as\na default for all routes, but may be overridden per-route by the route annotation\n\"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent\nTCP health checks and accompanying SYN packet storms. Alternatively, setting\nthis too high can result in increased latency, due to backend servers that are no\nlonger available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses\na default, which is subject to change over time.\nCurrently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is\n2147483647ms (24.85 days). Both are subject to change over time.", - "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "maxConnections": { - "description": "maxConnections defines the maximum number of simultaneous\nconnections that can be established per HAProxy process.\nIncreasing this value allows each ingress controller pod to\nhandle more connections but at the cost of additional\nsystem resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range\n2000-2000000.\n\nIf this field is empty or 0, the IngressController will use\nthe default value of 50000, but the default is subject to\nchange in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a\nmaximum value based on the available ulimits in the running\ncontainer. Selecting -1 (i.e., auto) will result in a large\nvalue being computed (~520000 on OpenShift >=4.10 clusters)\nand therefore each HAProxy process will incur significant\nmemory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating\nsystem limit will prevent the HAProxy process from\nstarting.\n\nIf you choose a discrete value (e.g., 750000) and the\nrouter pod is migrated to a new node, there's no guarantee\nthat that new node has identical ulimits configured. In\nsuch a scenario the pod would fail to start. If you have\nnodes with different ulimits configured (e.g., different\ntuned profiles) and you choose a discrete value then the\nguidance is to use -1 and let the value be computed\ndynamically at runtime.\n\nYou can monitor memory usage for router containers with the\nfollowing metric:\n'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy\nprocesses in router containers with the following metric:\n'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", - "format": "int32", - "type": "integer" - }, - "reloadInterval": { - "description": "reloadInterval defines the minimum interval at which the router is allowed to reload\nto accept new changes. Increasing this value can prevent the accumulation of\nHAProxy processes, depending on the scenario. Increasing this interval can\nalso lessen load imbalance on a backend's servers when using the roundrobin\nbalancing algorithm. Alternatively, decreasing this value may decrease latency\nsince updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see .\nCurrently, the minimum value allowed is 1s, and the maximum allowed value is\n120s. Minimum and maximum allowed values may change in future versions of OpenShift.\nNote that if a duration outside of these bounds is provided, the value of reloadInterval\nwill be capped/floored and not rejected (e.g. a duration of over 120s will be capped to\n120s; the IngressController will not reject and replace this disallowed value with\nthe default).\n\nA zero value for reloadInterval tells the IngressController to choose the default,\nwhich is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency\nin observing updates to routes and their endpoints. HAProxy's configuration will\nbe reloaded less frequently, and newly created routes will not be served until the\nsubsequent reload.", - "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "serverFinTimeout": { - "description": "serverFinTimeout defines how long a connection will be held open while\nwaiting for the server/backend response to the client closing the\nconnection.\n\nIf unset, the default timeout is 1s", - "format": "duration", - "type": "string" - }, - "serverTimeout": { - "description": "serverTimeout defines how long a connection will be held open while\nwaiting for a server/backend response.\n\nIf unset, the default timeout is 30s", - "format": "duration", - "type": "string" - }, - "threadCount": { - "description": "threadCount defines the number of threads created per HAProxy process.\nCreating more threads allows each ingress controller pod to handle more\nconnections, at the cost of more system resources being used. HAProxy\ncurrently supports up to 64 threads. If this field is empty, the\nIngressController will use the default value. The current default is 4\nthreads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number\nof HAProxy threads allows ingress controller pods to utilize more CPU\ntime under load, potentially starving other pods if set too high.\nReducing the number of threads may cause the ingress controller to\nperform poorly.", - "format": "int32", - "maximum": 64, - "minimum": 1, - "type": "integer" - }, - "tlsInspectDelay": { - "description": "tlsInspectDelay defines how long the router can hold data to find a\nmatching route.\n\nSetting this too short can cause the router to fall back to the default\ncertificate for edge-terminated or reencrypt routes even when a better\nmatching certificate could be used.\n\nIf unset, the default inspect delay is 5s", - "format": "duration", - "type": "string" - }, - "tunnelTimeout": { - "description": "tunnelTimeout defines how long a tunnel connection (including\nwebsockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", - "format": "duration", - "type": "string" - } - }, - "type": "object" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides allows specifying unsupported\nconfiguration options. Its use is unsupported.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the IngressController.", - "properties": { - "availableReplicas": { - "description": "availableReplicas is number of observed available replicas according to the\ningress controller deployment.", - "format": "int32", - "type": "integer" - }, - "conditions": { - "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and\nservicing route and ingress resources (i.e, .status.availableReplicas\nequals .spec.replicas)\n\nThere are additional conditions which indicate the status of other\ningress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "url": { + "description": "The URL of the endpoint to send samples to.", + "minLength": 1, "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "domain": { - "description": "domain is the actual domain in use.", - "type": "string" - }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is the actual strategy in use.", - "properties": { - "hostNetwork": { - "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing\nstrategy. Present only if type is HostNetwork.", - "properties": { - "httpPort": { - "default": 80, - "description": "httpPort is the port on the host which should be used to listen for\nHTTP requests. This field should be set when port 80 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 80.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" - }, - "httpsPort": { - "default": 443, - "description": "httpsPort is the port on the host which should be used to listen for\nHTTPS requests. This field should be set when port 443 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 443.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" - }, - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" - }, - "statsPort": { - "default": 1936, - "description": "statsPort is the port on the host where the stats from the router are\npublished. The value should not coincide with the NodePort range of the\ncluster. If an external load balancer is configured to forward connections\nto this IngressController, the load balancer should use this port for\nhealth checks. The load balancer can send HTTP probes on this port on a\ngiven node, with the path /healthz/ready to determine if the ingress\ncontroller is ready to receive traffic on the node. For proper operation\nthe load balancer must not forward traffic to a node until the health\ncheck reports ready. The load balancer should also stop forwarding requests\nwithin a maximum of 45 seconds after /healthz/ready starts reporting\nnot-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with\na threshold of two successful or failed requests to become healthy or\nunhealthy respectively, are well-tested values. When the value is 0 or\nis not specified it defaults to 1936.", - "format": "int32", - "maximum": 65535, - "minimum": 0, - "type": "integer" - } }, - "type": "object" - }, - "loadBalancer": { - "description": "loadBalancer holds parameters for the load balancer. Present only if\ntype is LoadBalancerService.", - "properties": { - "allowedSourceRanges": { - "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which\naccess to the load balancer should be restricted. Each range must be\nspecified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is\nspecified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default,\nwhich allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did\nnot have the allowedSourceRanges field, you may set the\nservice.beta.kubernetes.io/load-balancer-source-ranges annotation on\nthe \"router-\" service in the\n\"openshift-ingress\" namespace, and this annotation will take\neffect if allowedSourceRanges is empty on OpenShift 4.12.", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\"\nor \"fd00::/8\").", - "pattern": "(^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)", - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dnsManagementPolicy": { - "default": "Managed", - "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record\nassociated with the load balancer service will be managed by\nthe ingress operator. It defaults to Managed.\nValid values are: Managed and Unmanaged.", - "enum": [ - "Managed", - "Unmanaged" - ], - "type": "string" - }, - "providerParameters": { - "description": "providerParameters holds desired load balancer information specific to\nthe underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters\nfields for details about their defaults.", + "writeRelabelConfigs": { + "description": "The list of remote write relabel configurations.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { - "aws": { - "description": "aws provides configuration settings that are specific to AWS\nload balancers.\n\nIf empty, defaults will be applied. See specific aws fields for\ndetails about their defaults.", - "properties": { - "classicLoadBalancer": { - "description": "classicLoadBalancerParameters holds configuration parameters for an AWS\nclassic load balancer. Present only if type is Classic.", - "properties": { - "connectionIdleTimeout": { - "description": "connectionIdleTimeout specifies the maximum time period that a\nconnection may be idle before the load balancer closes the\nconnection. The value must be parseable as a time duration value;\nsee . A nil or zero value\nmeans no opinion, in which case a default value is used. The default\nvalue for this field is 60s. This default is subject to change.", - "format": "duration", - "type": "string" - }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", - "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", - "items": { - "description": "AWSSubnetID is a reference to an AWS subnet ID.", - "maxLength": 24, - "minLength": 24, - "pattern": "^subnet-[0-9A-Za-z]+$", - "type": "string" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet ids cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", - "items": { - "description": "AWSSubnetName is a reference to an AWS subnet name.", - "maxLength": 256, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "subnet name cannot contain a comma", - "rule": "!self.contains(',')" - }, - { - "message": "subnet name cannot start with 'subnet-'", - "rule": "!self.startsWith('subnet-')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet names cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "the total number of subnets cannot exceed 10", - "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" - }, - { - "message": "must specify at least 1 subnet name or id", - "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" - } - ] - } - }, - "type": "object" - }, - "networkLoadBalancer": { - "description": "networkLoadBalancerParameters holds configuration parameters for an AWS\nnetwork load balancer. Present only if type is NLB.", - "properties": { - "eipAllocations": { - "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that\nare assigned to the Network Load Balancer.\nThe following restrictions apply:\n\neipAllocations can only be used with external scope, not internal.\nAn EIP can be allocated to only a single IngressController.\nThe number of EIP allocations must match the number of subnets that are used for the load balancer.\nEach EIP allocation must be unique.\nA maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general\ninformation about configuration, characteristics, and limitations of Elastic IP addresses.", - "items": { - "description": "EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.\nValues must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.", - "maxLength": 26, - "minLength": 26, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "eipAllocations should start with 'eipalloc-'", - "rule": "self.startsWith('eipalloc-')" - }, - { - "message": "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)", - "rule": "self.split(\"-\", 2)[1].matches('[0-9a-fA-F]{17}$')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "eipAllocations cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", - "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", - "items": { - "description": "AWSSubnetID is a reference to an AWS subnet ID.", - "maxLength": 24, - "minLength": 24, - "pattern": "^subnet-[0-9A-Za-z]+$", - "type": "string" - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet ids cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", - "items": { - "description": "AWSSubnetName is a reference to an AWS subnet name.", - "maxLength": 256, - "minLength": 1, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "subnet name cannot contain a comma", - "rule": "!self.contains(',')" - }, - { - "message": "subnet name cannot start with 'subnet-'", - "rule": "!self.startsWith('subnet-')" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "subnet names cannot contain duplicates", - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "the total number of subnets cannot exceed 10", - "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" - }, - { - "message": "must specify at least 1 subnet name or id", - "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.ids) && has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids + self.subnets.names) == size(self.eipAllocations) : true" - }, - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.ids) && !has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids) == size(self.eipAllocations) : true" - }, - { - "message": "number of subnets must be equal to number of eipAllocations", - "rule": "has(self.subnets) && has(self.subnets.names) && !has(self.subnets.ids) && has(self.eipAllocations) ? size(self.subnets.names) == size(self.eipAllocations) : true" - } - ] - }, - "type": { - "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", - "enum": [ - "Classic", - "NLB" - ], - "type": "string" - } - }, - "required": [ - "type" + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], - "type": "object" + "type": "string" }, - "gcp": { - "description": "gcp provides configuration settings that are specific to GCP\nload balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for\ndetails about their defaults.", - "properties": { - "clientAccess": { - "description": "clientAccess describes how client access is restricted for internal\nload balancers.\n\nValid values are:\n* \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", - "enum": [ - "Global", - "Local" - ], - "type": "string" - } - }, - "type": "object" + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" }, - "ibm": { - "description": "ibm provides configuration settings that are specific to IBM Cloud\nload balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for\ndetails about their defaults.", - "properties": { - "protocol": { - "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to\nthe IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:\n\"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is TCP, without the proxy protocol enabled.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" - } - }, - "type": "object" + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" }, - "openstack": { - "description": "openstack provides configuration settings that are specific to OpenStack\nload balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for\ndetails about their defaults.", - "properties": { - "floatingIP": { - "description": "floatingIP specifies the IP address that the load balancer will use.\nWhen not specified, an IP address will be assigned randomly by the OpenStack cloud provider.\nWhen specified, the floating IP has to be pre-created. If the\nspecified value is not a floating IP or is already claimed, the\nOpenStack cloud provider won't be able to provision the load\nbalancer.\nThis field may only be used if the IngressController has External scope.\nThis value must be a valid IPv4 or IPv6 address.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "floatingIP must be a valid IPv4 or IPv6 address", - "rule": "isIP(self)" - } - ] - } + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" }, - "type": "object" + "type": "array" }, - "type": { - "description": "type is the underlying infrastructure provider for the load balancer.\nAllowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\",\n\"OpenStack\", and \"VSphere\".", - "enum": [ - "AWS", - "Azure", - "BareMetal", - "GCP", - "Nutanix", - "OpenStack", - "VSphere", - "IBM" - ], + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "openstack is not permitted when type is not OpenStack", - "rule": "has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)" - } - ] + "type": "object" }, - "scope": { - "description": "scope indicates the scope at which the load balancer is exposed.\nPossible values are \"External\" and \"Internal\".", - "enum": [ - "Internal", - "External" - ], - "type": "string" - } + "type": "array" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Number of thanos ruler instances to deploy.", + "format": "int32", + "type": "integer" + }, + "resendDelay": { + "description": "Minimum amount of time to wait before resending an alert to Alertmanager.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "resources": { + "description": "Resources defines the resource requirements for single Pods.\nIf not provided, no requests/limits will be set", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "required": [ - "dnsManagementPolicy", - "scope" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "eipAllocations are forbidden when the scope is Internal.", - "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)" - }, - { - "message": "cannot specify a floating ip when scope is internal", - "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == \"\"" - } - ] + "x-kubernetes-list-type": "map" }, - "nodePort": { - "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy.\nPresent only if type is NodePortService.", - "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" - } + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "private": { - "description": "private holds parameters for the Private endpoint publishing\nstrategy. Present only if type is Private.", - "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", - "enum": [ - "", - "TCP", - "PROXY" - ], - "type": "string" - } + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" - }, - "type": { - "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the\nLoadBalancer Service's external name. DNS records are managed only in DNS\nzones defined by dns.config.openshift.io/cluster .spec.publicZone and\n.spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure,\nand GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller\nis deployed.\n\nIn this configuration, the ingress controller deployment uses host\nnetworking, bound to node ports 80 and 443. The user is responsible for\nconfiguring an external load balancer to publish the ingress controller via\nthe node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking, and is not explicitly published. The user must manually publish\nthe ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A NodePort Service is created to publish the deployment. The\nspecific node ports are dynamically allocated by OpenShift; however, to\nsupport static port allocations, user changes to the node port\nfield of the managed NodePort Service will preserved.", - "enum": [ - "LoadBalancerService", - "HostNetwork", - "Private", - "NodePortService" - ], - "type": "string" } }, - "required": [ - "type" - ], "type": "object" }, - "namespaceSelector": { - "description": "namespaceSelector is the actual namespaceSelector in use.", + "retention": { + "default": "24h", + "description": "Time duration ThanosRuler shall retain data for. Default is '24h', and\nmust match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds\nseconds minutes hours days weeks years).\n\nThe field has no effect when remote-write is configured since the Ruler\noperates in stateless mode.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "routePrefix": { + "description": "The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path.", + "type": "string" + }, + "ruleConcurrentEval": { + "description": "How many rules can be evaluated concurrently.\nIt requires Thanos >= v0.37.0.", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "ruleGracePeriod": { + "description": "Minimum duration between alert and restored \"for\" state.\nThis is maintained only for alerts with configured \"for\" time greater than grace period.\nIt requires Thanos >= v0.30.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "ruleNamespaceSelector": { + "description": "Namespaces to be selected for Rules discovery. If unspecified, only\nthe same namespace as the ThanosRuler object is in is used.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -261128,13 +176760,18 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed.", - "format": "int64", - "type": "integer" + "ruleOutageTolerance": { + "description": "Max time to tolerate prometheus outage for restoring \"for\" state of alert.\nIt requires Thanos >= v0.30.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" }, - "routeSelector": { - "description": "routeSelector is the actual routeSelector in use.", + "ruleQueryOffset": { + "description": "The default rule group's query offset duration to use.\nIt requires Thanos >= v0.38.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "ruleSelector": { + "description": "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -261175,1628 +176812,2603 @@ "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "selector": { - "description": "selector is a label selector, in string format, for ingress controller pods\ncorresponding to the IngressController. The number of matching pods should\nequal the value of availableReplicas.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", + "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nThanos Ruler Pods.", + "type": "string" + }, + "serviceName": { + "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the ThanosRuler resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `thanos-ruler-operated` for ThanosRuler resources.\nWhen deploying multiple ThanosRuler resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", + "minLength": 1, + "type": "string" + }, + "storage": { + "description": "Storage spec to specify how storage shall be used.", + "properties": { + "disableMountSubPath": { + "description": "Deprecated: subPath usage will be removed in a future release.", + "type": "boolean" + }, + "emptyDir": { + "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "properties": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "volumeClaimTemplate": { + "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "EmbeddedMetadata contains metadata relevant to an EmbeddedResource.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "object" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/", + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "Deprecated: this field is never set.", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 120 seconds.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "If specified, the pod's topology spread constraints.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array" }, - "tlsProfile": { - "description": "tlsProfile is the TLS connection configuration that is in effect.", + "tracingConfig": { + "description": "Configures tracing.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration.\n\n`tracingConfigFile` takes precedence over this field.", "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "IngressController", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/IngressControllerList": { - "description": "IngressControllerList is a list of IngressController", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ingresscontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.IngressController" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "IngressControllerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/InsightsOperator": { - "description": "InsightsOperator holds cluster-wide information about the Insights Operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Insights.", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" + "required": [ + "key" ], - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "tracingConfigFile": { + "description": "Configures the path of the tracing configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `tracingConfig`.", "type": "string" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], + "version": { + "description": "Version of Thanos to be deployed.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the Insights operator.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "volumeMounts": { + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the ruler container,\nthat are generated as a result of StorageSpec objects.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { - "lastTransitionTime": { - "format": "date-time", + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, - "message": { + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, - "reason": { + "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, - "status": { + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, - "type": { + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, + "required": [ + "mountPath", + "name" + ], "type": "object" }, "type": "array" }, - "gatherStatus": { - "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", - "properties": { - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", - "items": { - "description": "gathererStatus represents information about a particular data gatherer.", + "volumes": { + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will\nbe appended to other volumes that are generated as a result of StorageSpec objects.", + "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.", + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", + "key": { + "description": "key is the key to project.", "type": "string" }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", - "maxLength": 32768, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "format": "int64", - "minimum": 0, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", "type": "integer" }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "path" ], "type": "object" }, - "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "pattern": "^(([0-9]+(?:\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "properties": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "name": { - "description": "name is the name of the gatherer.", - "maxLength": 256, - "minLength": 5, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ - "conditions", - "lastGatherDuration", - "name" + "driver" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "lastGatherDuration": { - "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", - "pattern": "^(0|([0-9]+(?:\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", - "type": "string" - }, - "lastGatherTime": { - "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "properties": { + "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", - "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "format": "date-time", - "type": "string" - }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "items": { - "description": "healthCheck represents an Insights health check attributes.", + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", "properties": { - "advisorURI": { - "description": "advisorURI provides the URL link to the Insights Advisor.", - "pattern": "^https:\\/\\/\\S+", + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, - "description": { - "description": "description provides basic description of the healtcheck.", - "maxLength": 2048, - "minLength": 10, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", "type": "string" }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", - "enum": [ - "Enabled", - "Disabled" - ], + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", "format": "int32", - "maximum": 4, - "minimum": 1, "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "type": "string" } }, "required": [ - "advisorURI", - "description", - "state", - "totalRisk" + "iqn", + "lun", + "targetPortal" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "InsightsOperator", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/InsightsOperatorList": { - "description": "InsightsOperatorList is a list of InsightsOperator", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of insightsoperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.InsightsOperator" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "InsightsOperatorList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeAPIServer": { - "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes API Server", - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Force)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the Kubernetes API Server", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "items": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", - "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "properties": { + "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" } - ] - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer" - }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", - "type": "string" - }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", - "format": "int32", - "type": "integer" - }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", - "items": { - "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "format": "date-time", - "type": "string" - }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer" - }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string" - }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "nodeName" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "fieldPath": ".currentRevision", - "message": "cannot be unset once set", - "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" - }, - { - "fieldPath": ".currentRevision", - "message": "currentRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.currentRevision)" - }, - { - "fieldPath": ".targetRevision", - "message": "targetRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.targetRevision)" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "no more than 1 node status may have a nonzero targetRevision", - "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "serviceAccountIssuers": { - "description": "serviceAccountIssuers tracks history of used service account issuers.\nThe item without expiration time represents the currently used service account issuer.\nThe other items represents service account issuers that were used previously and are still being trusted.\nThe default expiration for the items is set by the platform and it defaults to 24h.\nsee: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", - "items": { - "properties": { - "expirationTime": { - "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list\nof service account issuers.", - "format": "date-time", - "type": "string" - }, - "name": { - "description": "name is the name of the service account issuer", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeAPIServer", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeAPIServerList": { - "description": "KubeAPIServerList is a list of KubeAPIServer", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of kubeapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.KubeAPIServer" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeAPIServerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeControllerManager": { - "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Force)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "useMoreSecureServiceCA": { - "default": false, - "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only\nenough certificates to validate service serving certificates.\nOnce set to true, it cannot be set to false.\nEven if someone finds a way to set it back to false, the service-ca.crt files that previously existed will\nonly have the more secure content.", - "type": "boolean" - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Controller Manager", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "required": [ + "path", + "server" ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" + "type": "object" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "items": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", - "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "description": "secret information about the secret data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } - ] - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer" - }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", - "type": "string" - }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", - "format": "int32", - "type": "integer" - }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", - "items": { - "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "format": "date-time", - "type": "string" - }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer" - }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string" + "type": "object" }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "nodeName" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "fieldPath": ".currentRevision", - "message": "cannot be unset once set", - "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "properties": { + "group": { + "description": "group to map volume access to\nDefault is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" }, - { - "fieldPath": ".currentRevision", - "message": "currentRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.currentRevision)" + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" }, - { - "fieldPath": ".targetRevision", - "message": "targetRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.targetRevision)" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "no more than 1 node status may have a nonzero targetRevision", - "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeControllerManager", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeControllerManagerList": { - "description": "KubeControllerManagerList is a list of KubeControllerManager", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of kubecontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.KubeControllerManager" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeControllerManagerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeScheduler": { - "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Force)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Scheduler", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" }, - "message": { - "type": "string" + "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" }, - "reason": { - "type": "string" + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "type": "object" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "name" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "web": { + "description": "Defines the configuration of the ThanosRuler web server.", + "properties": { + "httpConfig": { + "description": "Defines HTTP parameters for web server.", + "properties": { + "headers": { + "description": "List of headers that can be added to HTTP responses.", + "properties": { + "contentSecurityPolicy": { + "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", + "type": "string" + }, + "strictTransportSecurity": { + "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "type": "string" + }, + "xContentTypeOptions": { + "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", + "enum": [ + "", + "NoSniff" + ], + "type": "string" + }, + "xFrameOptions": { + "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "enum": [ + "", + "Deny", + "SameOrigin" + ], + "type": "string" + }, + "xXSSProtection": { + "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", + "type": "string" + } + }, + "type": "object" + }, + "http2": { + "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", + "type": "boolean" + } }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } + "type": "object" }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "items": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", - "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer" - }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", - "type": "string" - }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", - "format": "int32", - "type": "integer" - }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", - "items": { + "tlsConfig": { + "description": "Defines the TLS parameters for HTTPS.", + "properties": { + "cert": { + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "format": "date-time", - "type": "string" - }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer" - }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string" - }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "nodeName" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "fieldPath": ".currentRevision", - "message": "cannot be unset once set", - "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" - }, - { - "fieldPath": ".currentRevision", - "message": "currentRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.currentRevision)" - }, - { - "fieldPath": ".targetRevision", - "message": "targetRevision can not be set on creation of a nodeStatus", - "optionalOldSelf": true, - "rule": "oldSelf.hasValue() || !has(self.targetRevision)" - } - ] - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-validations": [ - { - "message": "no more than 1 node status may have a nonzero targetRevision", - "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeScheduler", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeSchedulerList": { - "description": "KubeSchedulerList is a list of KubeScheduler", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of kubeschedulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.KubeScheduler" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "KubeSchedulerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/KubeStorageVersionMigrator": { - "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { + "type": "string" + }, + "type": "array" + }, + "clientAuthType": { + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", + "type": "string" + }, + "client_ca": { + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "type": "string" + }, + "type": "array" + }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable.", + "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" } }, "type": "object" }, "status": { + "description": "Most recent observed status of the ThanosRuler cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { + "availableReplicas": { + "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this ThanosRuler deployment.", + "format": "int32", + "type": "integer" + }, "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "The current state of the ThanosRuler object.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the time of the last update to the current status property.", "format": "date-time", "type": "string" }, "message": { + "description": "Human-readable message indicating details for the condition's last transition.", "type": "string" }, + "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", + "format": "int64", + "type": "integer" + }, "reason": { + "description": "Reason for the condition's last transition.", "type": "string" }, "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], + "description": "Status of the condition.", + "minLength": 1, "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "description": "Type of the condition being reported.", + "minLength": 1, "type": "string" } }, @@ -262813,80 +179425,33 @@ ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "paused": { + "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", + "type": "boolean" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "replicas": { + "description": "Total number of non-terminated pods targeted by this ThanosRuler deployment\n(their labels match the selector).", "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", "type": "integer" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "unavailableReplicas": { + "description": "Total number of unavailable pods targeted by this ThanosRuler deployment.", "format": "int32", "type": "integer" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "updatedReplicas": { + "description": "Total number of non-terminated pods targeted by this ThanosRuler deployment\nthat have the desired version spec.", + "format": "int32", + "type": "integer" } }, + "required": [ + "availableReplicas", + "paused", + "replicas", + "unavailableReplicas", + "updatedReplicas" + ], "type": "object" } }, @@ -262896,14 +179461,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "KubeStorageVersionMigrator", + "group": "monitoring.coreos.com", + "kind": "ThanosRuler", "version": "v1" } ] }, - "operator.openshift.io/v1/KubeStorageVersionMigratorList": { - "description": "KubeStorageVersionMigratorList is a list of KubeStorageVersionMigrator", + "monitoring.coreos.com/v1/ThanosRulerList": { + "description": "ThanosRulerList is a list of ThanosRuler", "namespaced": true, "properties": { "apiVersion": { @@ -262911,9 +179476,9 @@ "type": "string" }, "items": { - "description": "List of kubestorageversionmigrators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of thanosrulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.KubeStorageVersionMigrator" + "$ref": "#/components/schemas/com.coreos.monitoring.v1.ThanosRuler" }, "type": "array" }, @@ -262936,15 +179501,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "KubeStorageVersionMigratorList", + "group": "monitoring.coreos.com", + "kind": "ThanosRulerList", "version": "v1" } ] }, - "operator.openshift.io/v1/LeaderWorkerSetOperator": { - "description": "LeaderWorkerSetOperator is the Schema for the LeaderWorkerSetOperator API", - "namespaced": false, + "monitoring.coreos.com/v1alpha1/AlertmanagerConfig": { + "description": "AlertmanagerConfig configures the Prometheus Alertmanager,\nspecifying how alerts should be grouped, inhibited and notified to external systems.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -262963,3271 +179528,10825 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the\nAlertmanager configuration.\nBy default, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig\nresource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the\nAlertmanager CRD).", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "inhibitRules": { + "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", "items": { - "description": "OperatorCondition is just the standard condition fields.", + "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other\nalerts are already firing.\nSee https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" + "equal": { + "description": "Labels that must have an equal value in the source and target alert for\nthe inhibition to take effect.", + "items": { + "type": "string" + }, + "type": "array" }, - "message": { - "type": "string" + "sourceMatch": { + "description": "Matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the\nresource's namespace.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "regex": { + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", + "type": "boolean" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" }, - "reason": { + "targetMatch": { + "description": "Matchers that have to be fulfilled in the alerts to be muted. The\noperator enforces that the alert matches the resource's namespace.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "regex": { + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", + "type": "boolean" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "muteTimeIntervals": { + "description": "List of MuteTimeInterval specifying when the routes should be muted.", + "items": { + "description": "MuteTimeInterval specifies the periods in time when notifications will be muted", + "properties": { + "name": { + "description": "Name of the time interval", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "timeIntervals": { + "description": "TimeIntervals is a list of TimeInterval", + "items": { + "description": "TimeInterval describes intervals of time", + "properties": { + "daysOfMonth": { + "description": "DaysOfMonth is a list of DayOfMonthRange", + "items": { + "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", + "properties": { + "end": { + "description": "End of the inclusive range", + "maximum": 31, + "minimum": -31, + "type": "integer" + }, + "start": { + "description": "Start of the inclusive range", + "maximum": 31, + "minimum": -31, + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + "months": { + "description": "Months is a list of MonthRange", + "items": { + "description": "MonthRange is an inclusive range of months of the year beginning in January\nMonths can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", + "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)", + "type": "string" + }, + "type": "array" + }, + "times": { + "description": "Times is a list of TimeRange", + "items": { + "description": "TimeRange defines a start and end time in 24hr format", + "properties": { + "endTime": { + "description": "EndTime is the end time in 24hr format.", + "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", + "type": "string" + }, + "startTime": { + "description": "StartTime is the start time in 24hr format.", + "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "weekdays": { + "description": "Weekdays is a list of WeekdayRange", + "items": { + "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday\nDays can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", + "pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)", + "type": "string" + }, + "type": "array" + }, + "years": { + "description": "Years is a list of YearRange", + "items": { + "description": "YearRange is an inclusive range of years", + "pattern": "^2\\d{3}(?::2\\d{3}|$)", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "receivers": { + "description": "List of receivers.", + "items": { + "description": "Receiver defines one or more notification integrations.", + "properties": { + "discordConfigs": { + "description": "List of Discord configurations.", + "items": { + "description": "DiscordConfig configures notifications via Discord.\nSee https://prometheus.io/docs/alerting/latest/configuration/#discord_config", + "properties": { + "apiURL": { + "description": "The secret's key that contains the Discord webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "avatarURL": { + "description": "The avatar url of the message sender.", + "pattern": "^https?://.+$", + "type": "string" + }, + "content": { + "description": "The template of the content's body.", + "minLength": 1, + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "The template of the message's body.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "title": { + "description": "The template of the message's title.", + "type": "string" + }, + "username": { + "description": "The username of the message sender.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "apiURL" + ], + "type": "object" + }, + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" + "emailConfigs": { + "description": "List of Email configurations.", + "items": { + "description": "EmailConfig configures notifications via Email.", + "properties": { + "authIdentity": { + "description": "The identity to use for authentication.", + "type": "string" + }, + "authPassword": { + "description": "The secret's key that contains the password to use for authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authSecret": { + "description": "The secret's key that contains the CRAM-MD5 secret.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authUsername": { + "description": "The username to use for authentication.", + "type": "string" + }, + "from": { + "description": "The sender address.", + "type": "string" + }, + "headers": { + "description": "Further headers email header key/value pairs. Overrides any headers\npreviously set by the notification implementation.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hello": { + "description": "The hostname to identify to the SMTP server.", + "type": "string" + }, + "html": { + "description": "The HTML body of the email notification.", + "type": "string" + }, + "requireTLS": { + "description": "The SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "smarthost": { + "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", + "type": "string" + }, + "text": { + "description": "The text body of the email notification.", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "to": { + "description": "The email address to send notifications to.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" + "msteamsConfigs": { + "description": "List of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.", + "items": { + "description": "MSTeamsConfig configures notifications via Microsoft Teams.\nIt requires Alertmanager >= 0.26.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "summary": { + "description": "Message summary template.\nIt requires Alertmanager >= 0.27.0.", + "type": "string" + }, + "text": { + "description": "Message body template.", + "type": "string" + }, + "title": { + "description": "Message title template.", + "type": "string" + }, + "webhookUrl": { + "description": "MSTeams webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "webhookUrl" + ], + "type": "object" + }, + "type": "array" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" + "msteamsv2Configs": { + "description": "List of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.", + "items": { + "description": "MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows\nSee https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config\nIt requires Alertmanager >= 0.28.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "text": { + "description": "Message body template.", + "minLength": 1, + "type": "string" + }, + "title": { + "description": "Message title template.", + "minLength": 1, + "type": "string" + }, + "webhookURL": { + "description": "MSTeams incoming webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" }, "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "description": "Name of the receiver. Must be unique across all items from the list.", + "minLength": 1, "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "LeaderWorkerSetOperator", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/LeaderWorkerSetOperatorList": { - "description": "LeaderWorkerSetOperatorList is a list of LeaderWorkerSetOperator", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of leaderworkersetoperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.LeaderWorkerSetOperator" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "LeaderWorkerSetOperatorList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/MachineConfiguration": { - "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Machine Config Operator", - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", - "type": "string" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managedBootImages": { - "description": "managedBootImages allows configuration for the management of boot images for machine\nresources within the cluster. This configuration allows users to select resources that should\nbe updated to the latest boot images during cluster upgrades, ensuring that new machines\nalways boot with the current cluster version's boot image. When omitted, this means no opinion\nand the platform is left to choose a reasonable default, which is subject to change over time.\nThe default for each machine manager mode is All for GCP and AWS platforms, and None for all\nother platforms.", - "properties": { - "machineManagers": { - "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator\nwill watch for changes to this list. Only one entry is permitted per type of machine management resource.", - "items": { - "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information\nsuch as the resource type and the API Group of the resource. It also provides granular control via the selection field.", - "properties": { - "apiGroup": { - "description": "apiGroup is name of the APIGroup that the machine management resource belongs to.\nThe only current valid value is machine.openshift.io.\nmachine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", - "enum": [ - "machine.openshift.io" - ], - "type": "string" - }, - "resource": { - "description": "resource is the machine management resource's type.\nThe only current valid value is machinesets.\nmachinesets means that the machine manager will only register resources of the kind MachineSet.", - "enum": [ - "machinesets" - ], - "type": "string" + "opsgenieConfigs": { + "description": "List of OpsGenie configurations.", + "items": { + "description": "OpsGenieConfig configures notifications via OpsGenie.\nSee https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "properties": { + "actions": { + "description": "Comma separated list of actions that will be available for the alert.", + "type": "string" + }, + "apiKey": { + "description": "The secret's key that contains the OpsGenie API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiURL": { + "description": "The URL to send OpsGenie API requests to.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entity": { + "description": "Optional field that can be used to specify which domain alert is related to.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Alert text limited to 130 characters.", + "type": "string" + }, + "note": { + "description": "Additional alert note.", + "type": "string" + }, + "priority": { + "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", + "type": "string" + }, + "responders": { + "description": "List of responders responsible for notifications.", + "items": { + "description": "OpsGenieConfigResponder defines a responder to an incident.\nOne of `id`, `name` or `username` has to be defined.", + "properties": { + "id": { + "description": "ID of the responder.", + "type": "string" + }, + "name": { + "description": "Name of the responder.", + "type": "string" + }, + "type": { + "description": "Type of responder.", + "minLength": 1, + "type": "string" + }, + "username": { + "description": "Username of the responder.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "type": "array" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "source": { + "description": "Backlink to the sender of the notification.", + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications.", + "type": "string" + }, + "updateAlerts": { + "description": "Whether to update message and description of the alert in OpsGenie if it already exists\nBy default, the alert is never updated in OpsGenie, the new message only appears in activity log.", + "type": "boolean" + } }, - "selection": { - "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", - "properties": { - "mode": { - "description": "mode determines how machine managers will be selected for updates.\nValid values are All and Partial.\nAll means that every resource matched by the machine manager will be updated.\nPartial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.\nNone means that every resource matched by the machine manager will not be updated.", - "enum": [ - "All", - "Partial", - "None" + "type": "object" + }, + "type": "array" + }, + "pagerdutyConfigs": { + "description": "List of PagerDuty configurations.", + "items": { + "description": "PagerDutyConfig configures notifications via PagerDuty.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", + "properties": { + "class": { + "description": "The class/type of the event.", + "type": "string" + }, + "client": { + "description": "Client identification.", + "type": "string" + }, + "clientURL": { + "description": "Backlink to the sender of notification.", + "type": "string" + }, + "component": { + "description": "The part or component of the affected system that is broken.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "Arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" ], - "type": "string" + "type": "object" + }, + "type": "array" + }, + "group": { + "description": "A cluster or grouping of sources.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } }, - "partial": { - "description": "partial provides label selector(s) that can be used to match machine management resources.\nOnly permitted when mode is set to \"Partial\".", + "type": "object" + }, + "pagerDutyImageConfigs": { + "description": "A list of image details to attach that provide further detail about an incident.", + "items": { + "description": "PagerDutyImageConfig attaches images to an incident", "properties": { - "machineResourceSelector": { - "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "alt": { + "description": "Alt is the optional alternative text for the image.", + "type": "string" + }, + "href": { + "description": "Optional URL; makes the image a clickable link.", + "type": "string" + }, + "src": { + "description": "Src of the image being attached to the incident", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "description": "A list of link details to attach that provide further detail about an incident.", + "items": { + "description": "PagerDutyLinkConfig attaches text links to an incident", + "properties": { + "alt": { + "description": "Text that describes the purpose of the link, and can be used as the link's text.", + "type": "string" + }, + "href": { + "description": "Href is the URL of the link to be attached", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "routingKey": { + "description": "The secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "serviceKey": { + "description": "The secret's key that contains the PagerDuty service key (when using\nintegration type \"Prometheus\"). Either this field or `routingKey` needs to\nbe defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "severity": { + "description": "Severity of the incident.", + "type": "string" + }, + "source": { + "description": "Unique location of the affected system.", + "type": "string" + }, + "url": { + "description": "The URL to send requests to.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "pushoverConfigs": { + "description": "List of Pushover configurations.", + "items": { + "description": "PushoverConfig configures notifications via Pushover.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", + "properties": { + "device": { + "description": "The name of a device to send the notification to", + "type": "string" + }, + "expire": { + "description": "How long your notification will continue to be retried for, unless the user\nacknowledges the notification.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "type": "string" + }, + "html": { + "description": "Whether notification message is HTML or plain text.", + "type": "boolean" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "machineResourceSelector" - ], - "type": "object" - } - }, - "required": [ - "mode" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Partial is required when type is partial, and forbidden otherwise", - "rule": "has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)" - } - ] - } - }, - "required": [ - "apiGroup", - "resource", - "selection" - ], - "type": "object" - }, - "maxItems": 5, - "type": "array", - "x-kubernetes-list-map-keys": [ - "resource", - "apiGroup" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "nodeDisruptionPolicy": { - "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for\nMachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow\nfor less downtime when doing small configuration updates to the cluster. This configuration\nhas no effect on cluster upgrades which will still incur node disruption where required.", - "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths\nThis list supports a maximum of 50 entries.", - "items": { - "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] - } - }, - "required": [ - "serviceName" - ], - "type": "object" - }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "serviceName" - ], "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Notification message.", + "type": "string" + }, + "priority": { + "description": "Priority, see https://pushover.net/api#priority", + "type": "string" + }, + "retry": { + "description": "How often the Pushover servers will send the same notification to the user.\nMust be at least 30 seconds.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sound": { + "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", + "type": "string" + }, + "title": { + "description": "Notification title.", + "type": "string" + }, + "token": { + "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `token` or `tokenFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None" - ], + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "type" + "key" ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + "x-kubernetes-map-type": "atomic" + }, + "tokenFile": { + "description": "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + }, + "ttl": { + "description": "The time to live definition for the alert notification", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "url": { + "description": "A supplementary URL shown alongside the message.", + "type": "string" + }, + "urlTitle": { + "description": "A title for supplementary URL, otherwise just the URL is shown", + "type": "string" + }, + "userKey": { + "description": "The secret's key that contains the recipient user's user key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `userKey` or `userKeyFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userKeyFile": { + "description": "The user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + } }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig.\nThe Actions in the policy will apply to changes to the file at this path.", - "type": "string" - } + "type": "object" }, - "required": [ - "actions", - "path" - ], - "type": "object" + "type": "array" }, - "maxItems": 50, - "type": "array", - "x-kubernetes-list-map-keys": [ - "path" - ], - "x-kubernetes-list-type": "map" - }, - "sshkey": { - "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this\nwill apply to all sshkey changes in the cluster", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", + "rocketchatConfigs": { + "description": "List of RocketChat configurations.\nIt requires Alertmanager >= 0.28.0.", + "items": { + "description": "RocketChatConfig configures notifications via RocketChat.\nIt requires Alertmanager >= 0.28.0.", + "properties": { + "actions": { + "description": "Actions to include in the message.", + "items": { + "description": "RocketChatActionConfig defines actions for RocketChat messages.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] + "msg": { + "description": "The message to send when the button is clicked.", + "minLength": 1, + "type": "string" + }, + "text": { + "description": "The button text.", + "minLength": 1, + "type": "string" + }, + "url": { + "description": "The URL the button links to.", + "pattern": "^https?://.+$", + "type": "string" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", + "minItems": 1, + "type": "array" + }, + "apiURL": { + "description": "The API URL for RocketChat.\nDefaults to https://open.rocket.chat/ if not specified.", + "pattern": "^https?://.+$", + "type": "string" + }, + "channel": { + "description": "The channel to send alerts to.", + "minLength": 1, + "type": "string" + }, + "color": { + "description": "The message color.", + "minLength": 1, + "type": "string" + }, + "emoji": { + "description": "If provided, the avatar will be displayed as an emoji.", + "minLength": 1, + "type": "string" + }, + "fields": { + "description": "Additional fields for the message.", + "items": { + "description": "RocketChatFieldConfig defines additional fields for RocketChat messages.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] + "short": { + "description": "Whether this field should be a short field.", + "type": "boolean" + }, + "title": { + "description": "The title of this field.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "The value of this field, displayed underneath the title value.", + "minLength": 1, + "type": "string" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" - }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + "minItems": 1, + "type": "array" }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] - } - }, - "required": [ - "actions" - ], - "type": "object" - }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services\nThis list supports a maximum of 50 entries.", - "items": { - "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { + "httpConfig": { + "description": "HTTP client configuration.", "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None" + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" - }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] - }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig\nActions specified will be applied for changes to the named service.\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] - } - }, - "required": [ - "actions", - "name" - ], - "type": "object" - }, - "maxItems": 50, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", - "format": "int32", - "type": "integer" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status is the most recently observed status of the Machine Config Operator", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "managedBootImagesStatus": { - "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is\nand will be used by Machine Config Controller while performing boot image updates.", - "properties": { - "machineManagers": { - "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator\nwill watch for changes to this list. Only one entry is permitted per type of machine management resource.", - "items": { - "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information\nsuch as the resource type and the API Group of the resource. It also provides granular control via the selection field.", - "properties": { - "apiGroup": { - "description": "apiGroup is name of the APIGroup that the machine management resource belongs to.\nThe only current valid value is machine.openshift.io.\nmachine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", - "enum": [ - "machine.openshift.io" - ], - "type": "string" - }, - "resource": { - "description": "resource is the machine management resource's type.\nThe only current valid value is machinesets.\nmachinesets means that the machine manager will only register resources of the kind MachineSet.", - "enum": [ - "machinesets" - ], - "type": "string" - }, - "selection": { - "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", - "properties": { - "mode": { - "description": "mode determines how machine managers will be selected for updates.\nValid values are All and Partial.\nAll means that every resource matched by the machine manager will be updated.\nPartial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.\nNone means that every resource matched by the machine manager will not be updated.", - "enum": [ - "All", - "Partial", - "None" - ], - "type": "string" - }, - "partial": { - "description": "partial provides label selector(s) that can be used to match machine management resources.\nOnly permitted when mode is set to \"Partial\".", - "properties": { - "machineResourceSelector": { - "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "machineResourceSelector" - ], - "type": "object" - } - }, - "required": [ - "mode" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Partial is required when type is partial, and forbidden otherwise", - "rule": "has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)" - } - ] - } - }, - "required": [ - "apiGroup", - "resource", - "selection" - ], - "type": "object" - }, - "maxItems": 5, - "type": "array", - "x-kubernetes-list-map-keys": [ - "resource", - "apiGroup" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "nodeDisruptionPolicyStatus": { - "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are,\nand will be used by the Machine Config Daemon during future node updates.", - "properties": { - "clusterPolicies": { - "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", - "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", - "items": { - "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "serviceName" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None", - "Special" - ], - "type": "string" - } + "type": "array" }, - "required": [ - "type" - ], + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" - }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" - } - ] + "x-kubernetes-map-type": "atomic" }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" - }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] - }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig.\nThe Actions in the policy will apply to changes to the file at this path.", - "type": "string" - } - }, - "required": [ - "actions", - "path" - ], - "type": "object" - }, - "maxItems": 100, - "type": "array", - "x-kubernetes-list-map-keys": [ - "path" - ], - "x-kubernetes-list-type": "map" - }, - "sshkey": { - "description": "sshkey is the overall sshkey MachineConfig definition", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] - } - }, - "required": [ - "serviceName" - ], - "type": "object" - }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] - } - }, - "required": [ - "serviceName" - ], - "type": "object" - }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None", - "Special" - ], - "type": "string" - } + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" - }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] - } - }, - "required": [ - "actions" - ], - "type": "object" - }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", - "items": { - "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", - "items": { + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } - ] - } - }, - "required": [ - "serviceName" - ], - "type": "object" - }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "serviceName" - ], "type": "object" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", - "enum": [ - "Reboot", - "Drain", - "Reload", - "Restart", - "DaemonReload", - "None", - "Special" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "reload is required when type is Reload, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" - }, - { - "message": "restart is required when type is Restart, and forbidden otherwise", - "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" - } - ] - }, - "maxItems": 10, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Reboot action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" - }, - { - "message": "None action can only be specified standalone, as it will override any other actions", - "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" - } - ] - }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig\nActions specified will be applied for changes to the named service.\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "maxLength": 255, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", - "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" - }, - { - "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", - "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" - } - ] - } - }, - "required": [ - "actions", - "name" - ], - "type": "object" - }, - "maxItems": 100, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "MachineConfiguration", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/MachineConfigurationList": { - "description": "MachineConfigurationList is a list of MachineConfiguration", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of machineconfigurations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.MachineConfiguration" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "MachineConfigurationList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/Network": { - "description": "Network describes the cluster's desired network configuration. It is\nconsumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "NetworkSpec is the top-level network configuration object.", - "properties": { - "additionalNetworks": { - "description": "additionalNetworks is a list of extra networks to make available to pods\nwhen multiple networks are enabled.", - "items": { - "description": "AdditionalNetworkDefinition configures an extra network that is available but not\ncreated by default. Instead, pods must request them by name.\ntype must be specified, along with exactly one \"Config\" that matches the type.", - "properties": { - "name": { - "description": "name is the name of the network. This will be populated in the resulting CRD\nThis must be unique.", - "type": "string" - }, - "namespace": { - "description": "namespace is the namespace of the network. This will be populated in the resulting CRD\nIf not given the network will be created in the default namespace.", - "type": "string" - }, - "rawCNIConfig": { - "description": "rawCNIConfig is the raw CNI configuration json to create in the\nNetworkAttachmentDefinition CRD", - "type": "string" - }, - "simpleMacvlanConfig": { - "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", - "properties": { - "ipamConfig": { - "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", - "properties": { - "staticIPAMConfig": { - "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", - "properties": { - "addresses": { - "description": "addresses configures IP address for the interface", - "items": { - "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "address": { - "description": "address is the IP address in CIDR format", - "type": "string" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "gateway": { - "description": "gateway is IP inside of subnet to designate as the gateway", - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dns": { - "description": "dns configures DNS for the interface", - "properties": { - "domain": { - "description": "domain configures the domainname the local domain used for short hostname lookups", - "type": "string" - }, - "nameservers": { - "description": "nameservers points DNS servers for IP lookup", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "search": { - "description": "search configures priority ordered search domains for short hostname lookups", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" }, - "type": "object" - }, - "routes": { - "description": "routes configures IP routes for the interface", - "items": { - "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { - "destination": { - "description": "destination points the IP route destination", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "gateway": { - "description": "gateway is the route's next-hop IP address\nIf unset, a default gateway is assumed (as determined by the CNI plugin).", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "type": { - "description": "type is the type of IPAM module will be used for IP Address Management(IPAM).\nThe supported values are IPAMTypeDHCP, IPAMTypeStatic", - "type": "string" - } - }, - "type": "object" - }, - "master": { - "description": "master is the host interface to create the macvlan interface from.\nIf not specified, it will be default route interface", - "type": "string" - }, - "mode": { - "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", - "type": "string" - }, - "mtu": { - "description": "mtu is the mtu to use for the macvlan interface. if unset, host's\nkernel will select the value.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "type": { - "description": "type is the type of network\nThe supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "additionalRoutingCapabilities": { - "description": "additionalRoutingCapabilities describes components and relevant\nconfiguration providing additional routing capabilities. When set, it\nenables such components and the usage of the routing capabilities they\nprovide for the machine network. Upstream operators, like MetalLB\noperator, requiring these capabilities may rely on, or automatically set\nthis attribute. Network plugins may leverage advanced routing\ncapabilities acquired through the enablement of these components but may\nrequire specific configuration on their side to do so; refer to their\nrespective documentation and configuration options.", - "properties": { - "providers": { - "description": "providers is a set of enabled components that provide additional routing\ncapabilities. Entries on this list must be unique. The only valid value\nis currrently \"FRR\" which provides FRR routing capabilities through the\ndeployment of FRR.", - "items": { - "description": "RoutingCapabilitiesProvider is a component providing routing capabilities.", - "enum": [ - "FRR" - ], - "type": "string" - }, - "maxItems": 1, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic", - "x-kubernetes-validations": [ - { - "rule": "self.all(x, self.exists_one(y, x == y))" - } - ] - } - }, - "required": [ - "providers" - ], - "type": "object" - }, - "clusterNetwork": { - "description": "clusterNetwork is the IP address pool to use for pod IPs.\nSome network providers support multiple ClusterNetworks.\nOthers only support one. This is equivalent to the cluster-cidr.", - "items": { - "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size\nHostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If\nthe HostPrefix field is not used by the plugin, it can be left unset.\nNot all network providers support multiple ClusterNetworks", - "properties": { - "cidr": { - "type": "string" - }, - "hostPrefix": { - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "defaultNetwork": { - "description": "defaultNetwork is the \"default\" network that all pods will receive", - "properties": { - "openshiftSDNConfig": { - "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin.\nDEPRECATED: OpenShift SDN is no longer supported.", - "properties": { - "enableUnidling": { - "description": "enableUnidling controls whether or not the service proxy will support idling\nand unidling of services. By default, unidling is enabled.", - "type": "boolean" - }, - "mode": { - "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", - "type": "string" - }, - "mtu": { - "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset.\nThis must be 50 bytes smaller than the machine's uplink.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "useExternalOpenvswitch": { - "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS\nDaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always\nrun as a system service, and this flag is ignored.", - "type": "boolean" - }, - "vxlanPort": { - "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "ovnKubernetesConfig": { - "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", - "properties": { - "egressIPConfig": { - "description": "egressIPConfig holds the configuration for EgressIP options.", - "properties": { - "reachabilityTotalTimeoutSeconds": { - "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds.\nIf the EgressIP node cannot be reached within this timeout, the node is declared down.\nSetting a large value may cause the EgressIP feature to react slowly to node changes.\nIn particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable.\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is 1 second.\nA value of 0 disables the EgressIP node's reachability check.", - "format": "int32", - "maximum": 60, - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "gatewayConfig": { - "description": "gatewayConfig holds the configuration for node gateway options.", - "properties": { - "ipForwarding": { - "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex).\nBy default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other\nIP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across\nOVN-Kubernetes managed interfaces, then set this field to \"Global\".\nThe supported values are \"Restricted\" and \"Global\".", - "type": "string" - }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default\nconfiguration is used. Check individual members fields within ipv4 for details of default values.", - "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by\novn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these\naddresses, as well as the shared gateway bridge interface. The values can be changed after\ninstallation. The subnet chosen should not overlap with other networks specified for\nOVN-Kubernetes as well as other networks used on the host. Additionally the subnet must\nbe large enough to accommodate 6 IPs (maximum prefix length /29).\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.\nThe current default subnet is 169.254.169.0/29\nThe value must be in proper IPV4 CIDR format", - "maxLength": 18, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV4 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 4" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" }, - { - "message": "subnet must be in the range /0 to /29 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 29" + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" }, - { - "message": "first IP address octet must not be 0", - "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } - ] + }, + "type": "object" } }, "type": "object" }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default\nconfiguration is used. Check individual members fields within ipv6 for details of default values.", + "iconURL": { + "description": "Icon URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "imageURL": { + "description": "Image URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "linkNames": { + "description": "Whether to enable link names.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "description": "Whether to use short fields.", + "type": "boolean" + }, + "text": { + "description": "The message text to send, it is optional because of attachments.", + "minLength": 1, + "type": "string" + }, + "thumbURL": { + "description": "Thumbnail URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "title": { + "description": "The message title.", + "minLength": 1, + "type": "string" + }, + "titleLink": { + "description": "The title link for the message.", + "minLength": 1, + "type": "string" + }, + "token": { + "description": "The sender token.", "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by\novn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these\naddresses, as well as the shared gateway bridge interface. The values can be changed after\ninstallation. The subnet chosen should not overlap with other networks specified for\nOVN-Kubernetes as well as other networks used on the host. Additionally the subnet must\nbe large enough to accommodate 6 IPs (maximum prefix length /125).\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.\nThe current default subnet is fd69::/125\nNote that IPV6 dual addresses are not permitted", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV6 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 6" - }, - { - "message": "subnet must be in the range /0 to /125 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" - } - ] + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "routingViaHost": { - "default": false, - "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port\ninto the host before sending it out. If this is not set, traffic will always egress directly\nfrom OVN to outside without touching the host stack. Setting this to true means hardware\noffload will not be supported. Default is false if GatewayConfig is specified.", - "type": "boolean" + "tokenID": { + "description": "The sender token ID.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, + "required": [ + "token", + "tokenID" + ], "type": "object" }, - "genevePort": { - "description": "geneve port is the UDP port to be used by geneve encapulation.\nDefault is 6081", - "format": "int32", - "minimum": 1, - "type": "integer" - }, - "hybridOverlayConfig": { - "description": "hybridOverlayConfig configures an additional overlay network for peers that are\nnot using OVN.", + "type": "array" + }, + "slackConfigs": { + "description": "List of Slack configurations.", + "items": { + "description": "SlackConfig configures notifications via Slack.\nSee https://prometheus.io/docs/alerting/latest/configuration/#slack_config", "properties": { - "hybridClusterNetwork": { - "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", + "actions": { + "description": "A list of Slack actions that are sent with each notification.", "items": { - "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size\nHostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If\nthe HostPrefix field is not used by the plugin, it can be left unset.\nNot all network providers support multiple ClusterNetworks", + "description": "SlackAction configures a single Slack action that is sent with each\nnotification.\nSee https://api.slack.com/docs/message-attachments#action_fields and\nhttps://api.slack.com/docs/message-buttons for more information.", "properties": { - "cidr": { + "confirm": { + "description": "SlackConfirmationField protect users from destructive actions or\nparticularly distinguished decisions by asking them to confirm their button\nclick one more time.\nSee https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields\nfor more information.", + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "minLength": 1, + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "name": { "type": "string" }, - "hostPrefix": { - "format": "int32", - "minimum": 0, - "type": "integer" + "style": { + "type": "string" + }, + "text": { + "minLength": 1, + "type": "string" + }, + "type": { + "minLength": 1, + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" } }, + "required": [ + "text", + "type" + ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "hybridOverlayVXLANPort": { - "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network.\nDefault is 4789", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "ipsecConfig": { - "default": { - "mode": "Disabled" - }, - "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the\ncluster.", - "properties": { - "full": { - "description": "full defines configuration parameters for the IPsec `Full` mode.\nThis is permitted only when mode is configured with `Full`,\nand forbidden otherwise.", - "minProperties": 1, + "apiURL": { + "description": "The secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { - "encapsulation": { - "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes\nare encapsulated to handle NAT traversal. When configured it uses UDP port 4500\nfor the encapsulation.\nValid values are Always, Auto and omitted.\nAlways means enable UDP encapsulation regardless of whether NAT is detected.\nAuto means enable UDP encapsulation based on the detection of NAT.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is Auto.", - "enum": [ - "Always", - "Auto" - ], + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" - } - }, - "type": "object" - }, - "mode": { - "description": "mode defines the behaviour of the ipsec configuration within the platform.\nValid values are `Disabled`, `External` and `Full`.\nWhen 'Disabled', ipsec will not be enabled at the node level.\nWhen 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters.\nThis mode is for external secure communications and the configuration can be done using the k8s-nmstate operator.\nWhen 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured.\nNote with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays),\nthis is left to the user to configure.", - "enum": [ - "Disabled", - "External", - "Full" - ], - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "ipsecConfig.mode is required", - "rule": "self == oldSelf || has(self.mode)" - }, - { - "message": "full is forbidden when mode is not Full", - "rule": "has(self.mode) && self.mode == 'Full' ? true : !has(self.full)" - } - ] - }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted,\nthis means no opinions and the default configuration is used. Check individual\nfields within ipv4 for details of default values.", - "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes. The value cannot be changed\nafter installation.\nThe current default value is 100.64.0.0/16\nThe subnet must be large enough to accomadate one IP per node in your cluster\nThe value must be in proper IPV4 CIDR format", - "maxLength": 18, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV4 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 4" }, - { - "message": "subnet must be in the range /0 to /30 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 30" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - { - "message": "first IP address octet must not be 0", - "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - ] + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally\nby OVN-Kubernetes for the distributed transit switch in the OVN Interconnect\narchitecture that connects the cluster routers on each node together to enable\neast west traffic. The subnet chosen should not overlap with other networks\nspecified for OVN-Kubernetes as well as other networks used on the host.\nThe value cannot be changed after installation.\nWhen ommitted, this means no opinion and the platform is left to choose a reasonable\ndefault which is subject to change over time.\nThe current default subnet is 100.88.0.0/16\nThe subnet must be large enough to accomadate one IP per node in your cluster\nThe value must be in proper IPV4 CIDR format", - "maxLength": 18, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV4 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 4" - }, - { - "message": "subnet must be in the range /0 to /30 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 30" - }, - { - "message": "first IP address octet must not be 0", - "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" - } - ] - } - }, - "type": "object" - }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted,\nthis means no opinions and the default configuration is used. Check individual\nfields within ipv4 for details of default values.", - "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes. The value cannot be changed\nafter installation.\nThe subnet must be large enough to accomadate one IP per node in your cluster\nThe current default value is fd98::/64\nThe value must be in proper IPV6 CIDR format\nNote that IPV6 dual addresses are not permitted", - "maxLength": 48, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV6 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 6" - }, - { - "message": "subnet must be in the range /0 to /125 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" - } - ] + "callbackId": { + "type": "string" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally\nby OVN-Kubernetes for the distributed transit switch in the OVN Interconnect\narchitecture that connects the cluster routers on each node together to enable\neast west traffic. The subnet chosen should not overlap with other networks\nspecified for OVN-Kubernetes as well as other networks used on the host.\nThe value cannot be changed after installation.\nWhen ommitted, this means no opinion and the platform is left to choose a reasonable\ndefault which is subject to change over time.\nThe subnet must be large enough to accomadate one IP per node in your cluster\nThe current default subnet is fd97::/64\nThe value must be in proper IPV6 CIDR format\nNote that IPV6 dual addresses are not permitted", - "maxLength": 48, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Subnet must be in valid IPV6 CIDR format", - "rule": "isCIDR(self) && cidr(self).ip().family() == 6" - }, - { - "message": "subnet must be in the range /0 to /125 inclusive", - "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" - } - ] - } - }, - "type": "object" - }, - "mtu": { - "description": "mtu is the MTU to use for the tunnel interface. This must be 100\nbytes smaller than the uplink mtu.\nDefault is 1400", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "policyAuditConfig": { - "description": "policyAuditConfig is the configuration for network policy audit events. If unset,\nreported defaults are used.", - "properties": { - "destination": { - "default": "null", - "description": "destination is the location for policy log messages.\nRegardless of this config, persistent logs will always be dumped to the host\nat /var/log/ovn/ however\nAdditionally syslog output may be configured as follows.\nValid values are:\n- \"libc\" -> to use the libc syslog() function of the host node's journdald process\n- \"udp:host:port\" -> for sending syslog over UDP\n- \"unix:file\" -> for using the UNIX domain socket directly\n- \"null\" -> to discard all messages logged to syslog\nThe default is \"null\"", + "channel": { + "description": "The channel or user to send notifications to.", "type": "string" }, - "maxFileSize": { - "default": 50, - "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs\nUnits are in MB and the Default is 50MB", - "format": "int32", - "minimum": 1, - "type": "integer" + "color": { + "type": "string" }, - "maxLogFiles": { - "default": 5, - "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", - "format": "int32", - "minimum": 1, - "type": "integer" + "fallback": { + "type": "string" }, - "rateLimit": { - "default": 20, - "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If\nunset the default of 20 msg/sec is used.", - "format": "int32", - "minimum": 1, - "type": "integer" + "fields": { + "description": "A list of Slack fields that are sent with each notification.", + "items": { + "description": "SlackField configures a single Slack field that is sent with each notification.\nEach field must contain a title, value, and optionally, a boolean value to indicate if the field\nis short enough to be displayed next to other fields designated as short.\nSee https://api.slack.com/docs/message-attachments#fields for more information.", + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "minLength": 1, + "type": "string" + }, + "value": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "type": "array" }, - "syslogFacility": { - "default": "local0", - "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", + "footer": { "type": "string" - } - }, - "type": "object" - }, - "routeAdvertisements": { - "description": "routeAdvertisements determines if the functionality to advertise cluster\nnetwork routes through a dynamic routing protocol, such as BGP, is\nenabled or not. This functionality is configured through the\novn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing\ncapability provider to be enabled as an additional routing capability.\nAllowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this\nmeans the user has no opinion and the platform is left to choose\nreasonable defaults. These defaults are subject to change over time. The\ncurrent default is \"Disabled\".", - "enum": [ - "", - "Enabled", - "Disabled" - ], - "type": "string" - }, - "v4InternalSubnet": { - "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes. The value cannot be changed\nafter installation.\nDefault is 100.64.0.0/16", - "type": "string" - }, - "v6InternalSubnet": { - "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes. The value cannot be changed\nafter installation.\nDefault is fd98::/64", - "type": "string" - } - }, - "type": "object" - }, - "type": { - "description": "type is the type of network\nAll NetworkTypes are supported except for NetworkTypeRaw", - "type": "string" - } - }, - "type": "object" - }, - "deployKubeProxy": { - "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should\nbe deployed by the operator. Some network providers include kube-proxy\nor similar functionality. If unset, the plugin will attempt to select\nthe correct value, which is false when ovn-kubernetes is used and true\notherwise.", - "type": "boolean" - }, - "disableMultiNetwork": { - "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability.\ndisableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD,\nthat enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins,\nbut these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", - "type": "boolean" - }, - "disableNetworkDiagnostics": { - "default": false, - "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck\nCRs from a test pod to every node, apiserver and LB should be disabled or not.\nIf unset, this property defaults to 'false' and network diagnostics is enabled.\nSetting this to 'true' would reduce the additional load of the pods performing the checks.", - "type": "boolean" - }, - "exportNetworkFlows": { - "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network\nby using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin.\nIf unset, flows will not be exported to any collector.", - "properties": { - "ipfix": { - "description": "ipfix defines IPFIX configuration.", - "properties": { - "collectors": { - "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", - "items": { - "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", - "type": "string" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "netFlow": { - "description": "netFlow defines the NetFlow configuration.", - "properties": { - "collectors": { - "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS.\nIt is a list of strings formatted as ip:port with a maximum of ten items", - "items": { - "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", - "type": "string" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "sFlow": { - "description": "sFlow defines the SFlow configuration.", - "properties": { - "collectors": { - "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", - "items": { - "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", - "type": "string" - }, - "maxItems": 10, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "kubeProxyConfig": { - "description": "kubeProxyConfig lets us configure desired proxy configuration, if\ndeployKubeProxy is true. If not specified, sensible defaults will be chosen by\nOpenShift directly.", - "properties": { - "bindAddress": { - "description": "The address to \"bind\" on\nDefaults to 0.0.0.0", - "type": "string" - }, - "iptablesSyncPeriod": { - "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted\nin large clusters for performance reasons, but this is no longer necessary, and there is no reason\nto change this from the default value.\nDefault: 30s", - "type": "string" - }, - "proxyArguments": { - "additionalProperties": { - "description": "ProxyArgumentList is a list of arguments to pass to the kubeproxy process", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "description": "Any additional arguments to pass to the kubeproxy process", - "type": "object" - } - }, - "type": "object" - }, - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "migration": { - "description": "migration enables and configures cluster network migration, for network changes\nthat cannot be made instantly.", - "properties": { - "features": { - "description": "features was previously used to configure which network plugin features\nwould be migrated in a network type migration.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", - "properties": { - "egressFirewall": { - "default": true, - "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", - "type": "boolean" - }, - "egressIP": { - "default": true, - "description": "egressIP specified whether or not the Egress IP configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", - "type": "boolean" - }, - "multicast": { - "default": true, - "description": "multicast specified whether or not the multicast configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", - "type": "boolean" - } - }, - "type": "object" - }, - "mode": { - "description": "mode indicates the mode of network type migration.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", - "enum": [ - "Live", - "Offline", - "" - ], - "type": "string" - }, - "mtu": { - "description": "mtu contains the MTU migration configuration. Set this to allow changing\nthe MTU values for the default network. If unset, the operation of\nchanging the MTU for the default network will be rejected.", - "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink.\nNeeds to be migrated along with the default network MTU unless the\ncurrent uplink MTU already accommodates the default network MTU.", - "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "format": "int32", - "minimum": 0, - "type": "integer" }, - "to": { - "description": "to is the MTU to migrate to.", - "format": "int32", - "minimum": 0, - "type": "integer" + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" } }, "type": "object" }, - "network": { - "description": "network contains information about MTU migration for the default network.\nMigrations are only allowed to MTU values lower than the machine's uplink\nMTU by the minimum appropriate offset.", + "type": "array" + }, + "snsConfigs": { + "description": "List of SNS configurations", + "items": { + "description": "SNSConfig configures notifications via AWS SNS.\nSee https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "format": "int32", - "minimum": 0, - "type": "integer" + "apiURL": { + "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.\nIf not specified, the SNS API URL from the SNS SDK will be used.", + "type": "string" }, - "to": { - "description": "to is the MTU to migrate to.", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "networkType": { - "description": "networkType was previously used when changing the default network type.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration", - "rule": "!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'" - } - ] - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "serviceNetwork": { - "description": "serviceNetwork is the ip address pool to use for Service IPs\nCurrently, all existing network providers only support a single value\nhere, but this is an array to allow for growth.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "useMultiNetworkPolicy": { - "description": "useMultiNetworkPolicy enables a controller which allows for\nMultiNetworkPolicy objects to be used on additional networks as\ncreated by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy\nobjects, but NetworkPolicy objects only apply to the primary interface.\nWith MultiNetworkPolicy, you can control the traffic that a pod can receive\nover the secondary interfaces. If unset, this property defaults to 'false'\nand MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is\n'true' then the value of this field is ignored.", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available", - "rule": "(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'" - }, - { - "message": "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'", - "rule": "!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'" - } - ] - }, - "status": { - "description": "NetworkStatus is detailed operator status, which is distilled\nup to the Network clusteroperator object.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "Network", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/NetworkList": { - "description": "NetworkList is a list of Network", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of networks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Network" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "NetworkList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OLM": { - "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" - }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OLM", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OLMList": { - "description": "OLMList is a list of OLM", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of olms. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.OLM" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OLMList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OpenShiftAPIServer": { - "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the OpenShift API Server.", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status defines the observed status of the OpenShift API Server.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "SNS message attributes.", + "type": "object" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "The message content of the SNS notification.", + "type": "string" + }, + "phoneNumber": { + "description": "Phone number if message is delivered via SMS in E.164 format.\nIf you don't specify this value, you must specify a value for the TopicARN or TargetARN.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sigv4": { + "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "subject": { + "description": "Subject line when the message is delivered to email endpoints.", + "type": "string" + }, + "targetARN": { + "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications.\nIf you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", + "type": "string" + }, + "topicARN": { + "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic\nIf you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } - }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OpenShiftAPIServer", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OpenShiftAPIServerList": { - "description": "OpenShiftAPIServerList is a list of OpenShiftAPIServer", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of openshiftapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.OpenShiftAPIServer" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OpenShiftAPIServerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OpenShiftControllerManager": { - "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" + "telegramConfigs": { + "description": "List of Telegram configurations.", + "items": { + "description": "TelegramConfig configures notifications via Telegram.\nSee https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", + "properties": { + "apiURL": { + "description": "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used.", + "type": "string" + }, + "botToken": { + "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "botTokenFile": { + "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + }, + "chatID": { + "description": "The Telegram chat ID.", + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "description": "Disable telegram notifications", + "type": "boolean" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Message template", + "type": "string" + }, + "messageThreadID": { + "description": "The Telegram Group Topic ID.\nIt requires Alertmanager >= 0.26.0.", + "format": "int64", + "type": "integer" + }, + "parseMode": { + "description": "Parse mode for telegram message", + "enum": [ + "MarkdownV2", + "Markdown", + "HTML" + ], + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "required": [ + "chatID" + ], + "type": "object" + }, + "type": "array" }, - "message": { - "type": "string" + "victoropsConfigs": { + "description": "List of VictorOps configurations.", + "items": { + "description": "VictorOpsConfig configures notifications via VictorOps.\nSee https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", + "properties": { + "apiKey": { + "description": "The secret's key that contains the API key to use when talking to the VictorOps API.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiUrl": { + "description": "The VictorOps API URL.", + "type": "string" + }, + "customFields": { + "description": "Additional custom fields for notification.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entityDisplayName": { + "description": "Contains summary of the alerted problem.", + "type": "string" + }, + "httpConfig": { + "description": "The HTTP client's configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "messageType": { + "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", + "type": "string" + }, + "monitoringTool": { + "description": "The monitoring tool the state message is from.", + "type": "string" + }, + "routingKey": { + "description": "A key used to map the alert to a team.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "stateMessage": { + "description": "Contains long explanation of the alerted problem.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" }, - "reason": { - "type": "string" + "webexConfigs": { + "description": "List of Webex configurations.", + "items": { + "description": "WebexConfig configures notification via Cisco Webex\nSee https://prometheus.io/docs/alerting/latest/configuration/#webex_config", + "properties": { + "apiURL": { + "description": "The Webex Teams API URL i.e. https://webexapis.com/v1/messages\nProvide if different from the default API URL.", + "pattern": "^https?://.+$", + "type": "string" + }, + "httpConfig": { + "description": "The HTTP client's configuration.\nYou must supply the bot token via the `httpConfig.authorization` field.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Message template", + "type": "string" + }, + "roomID": { + "description": "ID of the Webex Teams room where to send the messages.", + "minLength": 1, + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "required": [ + "roomID" + ], + "type": "object" + }, + "type": "array" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "webhookConfigs": { + "description": "List of webhook configurations.", + "items": { + "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload.\nSee https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "maxAlerts": { + "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "timeout": { + "description": "The maximum time to wait for a webhook request to complete, before failing the\nrequest and allowing it to be retried.\nIt requires Alertmanager >= v0.28.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "url": { + "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over\n`url`. One of `urlSecret` and `url` should be defined.", + "type": "string" + }, + "urlSecret": { + "description": "The secret's key that contains the webhook URL to send HTTP requests to.\n`urlSecret` takes precedence over `url`. One of `urlSecret` and `url`\nshould be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "wechatConfigs": { + "description": "List of WeChat configurations.", + "items": { + "description": "WeChatConfig configures notifications via WeChat.\nSee https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "description": "The secret's key that contains the WeChat API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiURL": { + "description": "The WeChat API URL.", + "type": "string" + }, + "corpID": { + "description": "The corp id for authentication.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "API request data as defined by the WeChat API.", + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "name" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "route": { + "description": "The Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.", + "properties": { + "activeTimeIntervals": { + "description": "ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.", + "items": { "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } + "type": "array" }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OpenShiftControllerManager", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/OpenShiftControllerManagerList": { - "description": "OpenShiftControllerManagerList is a list of OpenShiftControllerManager", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of openshiftcontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.OpenShiftControllerManager" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "OpenShiftControllerManagerList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/ServiceCA": { - "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { + "continue": { + "description": "Boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.", + "type": "boolean" + }, + "groupBy": { + "description": "List of labels to group by.\nLabels must not be repeated (unique list).\nSpecial label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", + "items": { "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" + "type": "array" + }, + "groupInterval": { + "description": "How long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"", + "type": "string" + }, + "groupWait": { + "description": "How long to wait before sending the initial notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"30s\"", + "type": "string" + }, + "matchers": { + "description": "List of matchers that the alert's labels should match. For the first\nlevel route, the operator removes any existing equality and regexp\nmatcher on the `namespace` label and adds a `namespace: ` matcher.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "regex": { + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", + "type": "boolean" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" ], - "type": "string" + "type": "object" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } + "type": "array" }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", - "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" - }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "muteTimeIntervals": { + "description": "Note: this comment applies to the field definition above but appears\nbelow otherwise it gets included in the generated manifest.\nCRD schema doesn't support self-referential types for now (see\nhttps://github.com/kubernetes/kubernetes/issues/62872). We have to use\nan alternative type to circumvent the limitation. The downside is that\nthe Kube API can't validate the data beyond the fact that it is a valid\nJSON representation.\nMuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", + "items": { "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" - } + "type": "array" }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" + "receiver": { + "description": "Name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.", + "type": "string" + }, + "repeatInterval": { + "description": "How long to wait before repeating the last notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"4h\"", + "type": "string" + }, + "routes": { + "description": "Child routes.", + "items": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "array" } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + }, + "type": "object" } }, "type": "object" @@ -266239,14 +190358,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "ServiceCA", - "version": "v1" + "group": "monitoring.coreos.com", + "kind": "AlertmanagerConfig", + "version": "v1alpha1" } ] }, - "operator.openshift.io/v1/ServiceCAList": { - "description": "ServiceCAList is a list of ServiceCA", + "monitoring.coreos.com/v1alpha1/AlertmanagerConfigList": { + "description": "AlertmanagerConfigList is a list of AlertmanagerConfig", "namespaced": true, "properties": { "apiVersion": { @@ -266254,9 +190373,9 @@ "type": "string" }, "items": { - "description": "List of servicecas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of alertmanagerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.ServiceCA" + "$ref": "#/components/schemas/com.coreos.monitoring.v1alpha1.AlertmanagerConfig" }, "type": "array" }, @@ -266279,15 +190398,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operator.openshift.io", - "kind": "ServiceCAList", - "version": "v1" + "group": "monitoring.coreos.com", + "kind": "AlertmanagerConfigList", + "version": "v1alpha1" } ] }, - "operator.openshift.io/v1/Storage": { - "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "monitoring.coreos.com/v1beta1/AlertmanagerConfig": { + "description": "The `AlertmanagerConfig` custom resource definition (CRD) defines how `Alertmanager` objects process Prometheus alerts. It allows to specify alert grouping and routing, notification receivers and inhibition rules.\n\n`Alertmanager` objects select `AlertmanagerConfig` objects using label and namespace selectors.", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -266306,12609 +190425,30084 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "logLevel": { - "default": "Normal", - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "operatorLogLevel": { - "default": "Normal", - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", - "enum": [ - "", - "Normal", - "Debug", - "Trace", - "TraceAll" - ], - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "vsphereStorageDriver": { - "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters.\nOnce this field is set to CSIWithMigrationDriver, it can not be changed.\nIf this is empty, the platform will choose a good default,\nwhich may change over time without notice.\nThe current default is CSIWithMigrationDriver and may not be changed.\nDEPRECATED: This field will be removed in a future release.", - "enum": [ - "", - "LegacyDeprecatedInTreeDriver", - "CSIWithMigrationDriver" - ], - "type": "string", - "x-kubernetes-validations": [ - { - "message": "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver", - "rule": "self != \"LegacyDeprecatedInTreeDriver\"" - } - ] - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration.\nBy definition, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "items": { - "description": "OperatorCondition is just the standard condition fields.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "inhibitRules": { + "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", "items": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other\nalerts are already firing.\nSee https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string" - }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", - "type": "string" - }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "format": "int64", - "type": "integer" - }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string" + "equal": { + "description": "Labels that must have an equal value in the source and target alert for\nthe inhibition to take effect.", + "items": { + "type": "string" + }, + "type": "array" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string" + "sourceMatch": { + "description": "Matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the\nresource's namespace.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string" + "targetMatch": { + "description": "Matchers that have to be fulfilled in the alerts to be muted. The\noperator enforces that the alert matches the resource's namespace.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" } }, - "required": [ - "group", - "name", - "namespace", - "resource" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "format": "int32", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "must only increase", - "rule": "self >= oldSelf" - } - ] - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "format": "int32", - "type": "integer" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "Storage", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1/StorageList": { - "description": "StorageList is a list of Storage", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of storages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1.Storage" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "StorageList", - "version": "v1" - } - ] - }, - "operator.openshift.io/v1alpha1/EtcdBackup": { - "description": "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "pvcName": { - "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the\netcd backup file would be saved\nThe PVC itself must always be created in the \"openshift-etcd\" namespace\nIf the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup.\nIn the future this would be backups saved across the control-plane master nodes.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "pvcName is immutable once set", - "rule": "self == oldSelf" - } - ] - } - }, - "type": "object" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "properties": { - "backupJob": { - "description": "backupJob is the reference to the Job that executes the backup.\nOptional", - "properties": { - "name": { - "description": "name is the name of the Job.\nRequired", - "type": "string" - }, - "namespace": { - "description": "namespace is the namespace of the Job.\nthis is always expected to be \"openshift-etcd\" since the user provided PVC\nis also required to be in \"openshift-etcd\"\nRequired", - "pattern": "^openshift-etcd$", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "type": "array" }, - "conditions": { - "description": "conditions provide details on the status of the etcd backup job.", + "receivers": { + "description": "List of receivers.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Receiver defines one or more notification integrations.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" + "discordConfigs": { + "description": "List of Slack configurations.", + "items": { + "description": "DiscordConfig configures notifications via Discord.\nSee https://prometheus.io/docs/alerting/latest/configuration/#discord_config", + "properties": { + "apiURL": { + "description": "The secret's key that contains the Discord webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "avatarURL": { + "description": "The avatar url of the message sender.", + "pattern": "^https?://.+$", + "type": "string" + }, + "content": { + "description": "The template of the content's body.", + "minLength": 1, + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "The template of the message's body.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "title": { + "description": "The template of the message's title.", + "type": "string" + }, + "username": { + "description": "The username of the message sender.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "apiURL" + ], + "type": "object" + }, + "type": "array" }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "emailConfigs": { + "description": "List of Email configurations.", + "items": { + "description": "EmailConfig configures notifications via Email.", + "properties": { + "authIdentity": { + "description": "The identity to use for authentication.", + "type": "string" + }, + "authPassword": { + "description": "The secret's key that contains the password to use for authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "authSecret": { + "description": "The secret's key that contains the CRAM-MD5 secret.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "authUsername": { + "description": "The username to use for authentication.", + "type": "string" + }, + "from": { + "description": "The sender address.", + "type": "string" + }, + "headers": { + "description": "Further headers email header key/value pairs. Overrides any headers\npreviously set by the notification implementation.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hello": { + "description": "The hostname to identify to the SMTP server.", + "type": "string" + }, + "html": { + "description": "The HTML body of the email notification.", + "type": "string" + }, + "requireTLS": { + "description": "The SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "smarthost": { + "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", + "type": "string" + }, + "text": { + "description": "The text body of the email notification.", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "to": { + "description": "The email address to send notifications to.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "msteamsConfigs": { + "description": "List of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.", + "items": { + "description": "MSTeamsConfig configures notifications via Microsoft Teams.\nIt requires Alertmanager >= 0.26.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "summary": { + "description": "Message summary template.\nIt requires Alertmanager >= 0.27.0.", + "type": "string" + }, + "text": { + "description": "Message body template.", + "type": "string" + }, + "title": { + "description": "Message title template.", + "type": "string" + }, + "webhookUrl": { + "description": "MSTeams webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "webhookUrl" + ], + "type": "object" + }, + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "EtcdBackup", - "version": "v1alpha1" - } - ] - }, - "operator.openshift.io/v1alpha1/EtcdBackupList": { - "description": "EtcdBackupList is a list of EtcdBackup", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of etcdbackups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1alpha1.EtcdBackup" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "EtcdBackupList", - "version": "v1alpha1" - } - ] - }, - "operator.openshift.io/v1alpha1/ImageContentSourcePolicy": { - "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in RepositoryDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nOnly image pull specifications that have an image digest will have this behavior applied\nto them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", - "items": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config.\nNote: the mirrors only work when pulling the images that are referenced by their digests.", - "properties": { - "mirrors": { - "description": "mirrors is one or more repositories that may also contain the same images.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors. Other cluster configuration,\nincluding (but not limited to) other repositoryDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.", + "msteamsv2Configs": { + "description": "List of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.", "items": { - "type": "string" + "description": "MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows\nSee https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config\nIt requires Alertmanager >= 0.28.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "text": { + "description": "Message body template.", + "minLength": 1, + "type": "string" + }, + "title": { + "description": "Message title template.", + "minLength": 1, + "type": "string" + }, + "webhookURL": { + "description": "MSTeams incoming webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, "type": "array" }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", - "type": "string" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ImageContentSourcePolicy", - "version": "v1alpha1" - } - ] - }, - "operator.openshift.io/v1alpha1/ImageContentSourcePolicyList": { - "description": "ImageContentSourcePolicyList is a list of ImageContentSourcePolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagecontentsourcepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.v1alpha1.ImageContentSourcePolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operator.openshift.io", - "kind": "ImageContentSourcePolicyList", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1/OLMConfig": { - "description": "OLMConfig is a resource responsible for configuring OLM.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "OLMConfigSpec is the spec for an OLMConfig resource.", - "properties": { - "features": { - "description": "Features contains the list of configurable OLM features.", - "properties": { - "disableCopiedCSVs": { - "description": "DisableCopiedCSVs is used to disable OLM's \"Copied CSV\" feature\nfor operators installed at the cluster scope, where a cluster\nscoped operator is one that has been installed in an\nOperatorGroup that targets all namespaces.\nWhen reenabled, OLM will recreate the \"Copied CSVs\" for each\ncluster scoped operator.", - "type": "boolean" - }, - "packageServerSyncInterval": { - "description": "PackageServerSyncInterval is used to define the sync interval for\npackagerserver pods. Packageserver pods periodically check the\nstatus of CatalogSources; this specifies the period using duration\nformat (e.g. \"60m\"). For this parameter, only hours (\"h\"), minutes\n(\"m\"), and seconds (\"s\") may be specified. When not specified, the\nperiod defaults to the value specified within the packageserver.", - "pattern": "^([0-9]+(\\.[0-9]+)?(s|m|h))+$", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "OLMConfigStatus is the status for an OLMConfig resource.", - "properties": { - "conditions": { - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, + "name": { + "description": "Name of the receiver. Must be unique across all items from the list.", "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "metadata" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OLMConfig", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OLMConfigList": { - "description": "OLMConfigList is a list of OLMConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of olmconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1.OLMConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OLMConfigList", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/Operator": { - "description": "Operator represents a cluster operator.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "OperatorSpec defines the desired state of Operator", - "type": "object" - }, - "status": { - "description": "OperatorStatus defines the observed state of an Operator and its components", - "properties": { - "components": { - "description": "Components describes resources that compose the operator.", - "properties": { - "labelSelector": { - "description": "LabelSelector is a label query over a set of resources used to select the operator's components", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "opsgenieConfigs": { + "description": "List of OpsGenie configurations.", + "items": { + "description": "OpsGenieConfig configures notifications via OpsGenie.\nSee https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "properties": { + "actions": { + "description": "Comma separated list of actions that will be available for the alert.", + "type": "string" + }, + "apiKey": { + "description": "The secret's key that contains the OpsGenie API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "refs": { - "description": "Refs are a set of references to the operator's component resources, selected with LabelSelector.", - "items": { - "description": "RichReference is a reference to a resource, enriched with its status conditions.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "conditions": { - "description": "Conditions represents the latest state of the component.", - "items": { - "description": "Condition represent the latest available observations of an component's state.", + "apiURL": { + "description": "The URL to send OpsGenie API requests to.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entity": { + "description": "Optional field that can be used to specify which domain alert is related to.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "format": "date-time", + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" }, - "lastUpdateTime": { - "description": "Last time the condition was probed", - "format": "date-time", - "type": "string" + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "reason": { - "description": "The reason for the condition's last transition.", + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", "type": "string" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "type": { - "description": "Type of condition.", - "type": "string" + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" } }, - "required": [ - "status", - "type" - ], "type": "object" }, - "type": "array" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" - } - }, - "required": [ - "labelSelector" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "Operator", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OperatorCondition": { - "description": "OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator.", - "properties": { - "deployments": { - "items": { - "type": "string" - }, - "type": "array" - }, - "overrides": { - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "serviceAccounts": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual\nstate of a system.", - "properties": { - "conditions": { - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "metadata" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OperatorCondition", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OperatorConditionList": { - "description": "OperatorConditionList is a list of OperatorCondition", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of operatorconditions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1.OperatorCondition" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OperatorConditionList", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OperatorGroup": { - "description": "OperatorGroup is the unit of multitenancy for OLM managed operators.\nIt constrains the installation of operators in its namespace to a specified set of target namespaces.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "default": { - "upgradeStrategy": "Default" - }, - "description": "OperatorGroupSpec is the spec for an OperatorGroup resource.", - "properties": { - "selector": { - "description": "Selector selects the OperatorGroup's target namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "message": { + "description": "Alert text limited to 130 characters.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "note": { + "description": "Additional alert note.", + "type": "string" + }, + "priority": { + "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", + "type": "string" + }, + "responders": { + "description": "List of responders responsible for notifications.", + "items": { + "description": "OpsGenieConfigResponder defines a responder to an incident.\nOne of `id`, `name` or `username` has to be defined.", + "properties": { + "id": { + "description": "ID of the responder.", + "type": "string" + }, + "name": { + "description": "Name of the responder.", + "type": "string" + }, + "type": { + "description": "Type of responder.", + "enum": [ + "team", + "teams", + "user", + "escalation", + "schedule" + ], + "minLength": 1, + "type": "string" + }, + "username": { + "description": "Username of the responder.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "type": "array" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "source": { + "description": "Backlink to the sender of the notification.", + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications.", + "type": "string" + } + }, + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the admin specified service account which will be\nused to deploy operator(s) in this operator group.", - "type": "string" - }, - "staticProvidedAPIs": { - "description": "Static tells OLM not to update the OperatorGroup's providedAPIs annotation", - "type": "boolean" - }, - "targetNamespaces": { - "description": "TargetNamespaces is an explicit set of namespaces to target.\nIf it is set, Selector is ignored.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "upgradeStrategy": { - "default": "Default", - "description": "UpgradeStrategy defines the upgrade strategy for operators in the namespace.\nThere are currently two supported upgrade strategies:\n\nDefault: OLM will only allow clusterServiceVersions to move to the replacing\nphase from the succeeded phase. This effectively means that OLM will not\nallow operators to move to the next version if an installation or upgrade\nhas failed.\n\nTechPreviewUnsafeFailForward: OLM will allow clusterServiceVersions to move to the\nreplacing phase from the succeeded phase or from the failed phase.\nAdditionally, OLM will generate new installPlans when a subscription references\na failed installPlan and the catalog has been updated with a new upgrade for\nthe existing set of operators.\n\nWARNING: The TechPreviewUnsafeFailForward upgrade strategy is unsafe and may result\nin unexpected behavior or unrecoverable data loss unless you have deep\nunderstanding of the set of operators being managed in the namespace.", - "enum": [ - "Default", - "TechPreviewUnsafeFailForward" - ], - "type": "string" - } - }, - "type": "object" - }, - "status": { - "description": "OperatorGroupStatus is the status for an OperatorGroupResource.", - "properties": { - "conditions": { - "description": "Conditions is an array of the OperatorGroup's conditions.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "type": "array" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "lastUpdated": { - "description": "LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated.", - "format": "date-time", - "type": "string" - }, - "namespaces": { - "description": "Namespaces is the set of target namespaces for the OperatorGroup.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "serviceAccountRef": { - "description": "ServiceAccountRef references the service account object specified.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "lastUpdated" - ], - "type": "object" - } - }, - "required": [ - "metadata" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OperatorGroup", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OperatorGroupList": { - "description": "OperatorGroupList is a list of OperatorGroup", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of operatorgroups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1.OperatorGroup" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OperatorGroupList", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1/OperatorList": { - "description": "OperatorList is a list of Operator", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of operators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1.Operator" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "OperatorList", - "version": "v1" - } - ] - }, - "operators.coreos.com/v1alpha1/CatalogSource": { - "description": "CatalogSource is a repository of CSVs, CRDs, and operator packages.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "properties": { - "address": { - "description": "Address is a host that OLM can use to connect to a pre-existing registry.\nFormat: :\nOnly used when SourceType = SourceTypeGrpc.\nIgnored when the Image field is set.", - "type": "string" - }, - "configMap": { - "description": "ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry.\nOnly used when SourceType = SourceTypeConfigmap or SourceTypeInternal.", - "type": "string" - }, - "description": { - "type": "string" - }, - "displayName": { - "description": "Metadata", - "type": "string" - }, - "grpcPodConfig": { - "description": "GrpcPodConfig exposes different overrides for the pod spec of the CatalogSource Pod.\nOnly used when SourceType = SourceTypeGrpc and Image is set.", - "properties": { - "affinity": { - "description": "Affinity is the catalog source's pod's affinity.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", + "pagerdutyConfigs": { + "description": "List of PagerDuty configurations.", + "items": { + "description": "PagerDutyConfig configures notifications via PagerDuty.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "class": { + "description": "The class/type of the event.", + "type": "string" + }, + "client": { + "description": "Client identification.", + "type": "string" + }, + "clientURL": { + "description": "Backlink to the sender of notification.", + "type": "string" + }, + "component": { + "description": "The part or component of the affected system that is broken.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "Arbitrary key/value pairs that provide further detail about the incident.", "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "description": "KeyValue defines a (key, value) tuple.", "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "group": { + "description": "A cluster or grouping of sources.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { - "description": "The label key that the selector applies to.", + "description": "The key to select.", "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { - "description": "The label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { - "description": "The label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key to select.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "matchLabels": { - "additionalProperties": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "topologyKey" - ], - "type": "object" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "type": "object" + } + }, + "type": "object" + }, + "pagerDutyImageConfigs": { + "description": "A list of image details to attach that provide further detail about an incident.", + "items": { + "description": "PagerDutyImageConfig attaches images to an incident", + "properties": { + "alt": { + "description": "Alt is the optional alternative text for the image.", + "type": "string" + }, + "href": { + "description": "Optional URL; makes the image a clickable link.", + "type": "string" + }, + "src": { + "description": "Src of the image being attached to the incident", + "type": "string" } }, - "required": [ - "podAffinityTerm", - "weight" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "pagerDutyLinkConfigs": { + "description": "A list of link details to attach that provide further detail about an incident.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "description": "PagerDutyLinkConfig attaches text links to an incident", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "alt": { + "description": "Text that describes the purpose of the link, and can be used as the link's text.", + "type": "string" + }, + "href": { + "description": "Href is the URL of the link to be attached", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "routingKey": { + "description": "The secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "serviceKey": { + "description": "The secret's key that contains the PagerDuty service key (when using\nintegration type \"Prometheus\"). Either this field or `routingKey` needs to\nbe defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "severity": { + "description": "Severity of the incident.", + "type": "string" + }, + "source": { + "description": "Unique location of the affected system.", + "type": "string" + }, + "url": { + "description": "The URL to send requests to.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "pushoverConfigs": { + "description": "List of Pushover configurations.", + "items": { + "description": "PushoverConfig configures notifications via Pushover.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", + "properties": { + "device": { + "description": "The name of a device to send the notification to", + "type": "string" + }, + "expire": { + "description": "How long your notification will continue to be retried for, unless the user\nacknowledges the notification.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "type": "string" + }, + "html": { + "description": "Whether notification message is HTML or plain text.", + "type": "boolean" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key to select.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "proxyConnectHeader": { + "additionalProperties": { "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key to select.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "cert": { + "description": "Client certificate to present when doing client-authentication.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "extractContent": { - "description": "ExtractContent configures the gRPC catalog Pod to extract catalog metadata from the provided index image and\nuse a well-known version of the `opm` server to expose it. The catalog index image that this CatalogSource is\nconfigured to use *must* be using the file-based catalogs in order to utilize this feature.", - "properties": { - "cacheDir": { - "description": "CacheDir is the (optional) directory storing the pre-calculated API cache.", - "type": "string" - }, - "catalogDir": { - "description": "CatalogDir is the directory storing the file-based catalog contents.", - "type": "string" - } - }, - "required": [ - "catalogDir" - ], - "type": "object" - }, - "memoryTarget": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MemoryTarget configures the $GOMEMLIMIT value for the gRPC catalog Pod. This is a soft memory limit for the server,\nwhich the runtime will attempt to meet but makes no guarantees that it will do so. If this value is set, the Pod\nwill have the following modifications made to the container running the server:\n- the $GOMEMLIMIT environment variable will be set to this value in bytes\n- the memory request will be set to this value\n\nThis field should be set if it's desired to reduce the footprint of a catalog server as much as possible, or if\na catalog being served is very large and needs more than the default allocation. If your index image has a file-\nsystem cache, determine a good approximation for this value by doubling the size of the package cache at\n/tmp/cache/cache/packages.json in the index image.\n\nThis field is best-effort; if unset, no default will be used and no Pod memory limit or $GOMEMLIMIT value will be set.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.", - "type": "object" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "securityContextConfig": { - "description": "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the\nright pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod\nSecurity Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be\nrun in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be\ndetermined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod\nwill be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was\nspecified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older\ncatalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`.\n\nMore information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/", - "enum": [ - "legacy", - "restricted" - ], - "type": "string" - }, - "tolerations": { - "description": "Tolerations are the catalog source's pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "icon": { - "properties": { - "base64data": { - "type": "string" - }, - "mediatype": { - "type": "string" - } - }, - "required": [ - "base64data", - "mediatype" - ], - "type": "object" - }, - "image": { - "description": "Image is an operator-registry container image to instantiate a registry-server with.\nOnly used when SourceType = SourceTypeGrpc.\nIf present, the address field is ignored.", - "type": "string" - }, - "priority": { - "description": "Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver.\nUsage:\nHigher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution.\nThe range of the priority value can go from positive to negative in the range of int32.\nThe default value to a catalog source with unassigned priority would be 0.\nThe catalog source with the same priority values will be ranked lexicographically based on its name.", - "type": "integer" - }, - "publisher": { - "type": "string" - }, - "runAsRoot": { - "description": "RunAsRoot allows admins to indicate that they wish to run the CatalogSource pod in a privileged\npod as root. This should only be enabled when running older catalog images which could not be run as non-root.", - "type": "boolean" - }, - "secrets": { - "description": "Secrets represent set of secrets that can be used to access the contents of the catalog.\nIt is best to keep this list small, since each will need to be tried for every catalog entry.", - "items": { - "type": "string" - }, - "type": "array" - }, - "sourceType": { - "description": "SourceType is the type of source", - "type": "string" - }, - "updateStrategy": { - "description": "UpdateStrategy defines how updated catalog source images can be discovered\nConsists of an interval that defines polling duration and an embedded strategy type", - "properties": { - "registryPoll": { - "properties": { - "interval": { - "description": "Interval is used to determine the time interval between checks of the latest catalog source version.\nThe catalog operator polls to see if a new version of the catalog source is available.\nIf available, the latest image is pulled and gRPC traffic is directed to the latest catalog source.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "sourceType" - ], - "type": "object" - }, - "status": { - "properties": { - "conditions": { - "description": "Represents the state of a CatalogSource. Note that Message and Reason represent the original\nstatus information, which may be migrated to be conditions based in the future. Any new features\nintroduced will use conditions.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "configMapReference": { - "description": "ConfigMapReference (deprecated) is the reference to the ConfigMap containing the catalog source's configuration, when the catalog source is a ConfigMap", - "properties": { - "lastUpdateTime": { - "format": "date-time", - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "resourceVersion": { - "type": "string" - }, - "uid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "connectionState": { - "description": "ConnectionState represents the current state of the CatalogSource's connection to the registry", - "properties": { - "address": { - "type": "string" - }, - "lastConnect": { - "format": "date-time", - "type": "string" - }, - "lastObservedState": { - "type": "string" - } - }, - "required": [ - "lastObservedState" - ], - "type": "object" - }, - "latestImageRegistryPoll": { - "description": "The last time the CatalogSource image registry has been polled to ensure the image is up-to-date", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about why the CatalogSource is in this condition.", - "type": "string" - }, - "reason": { - "description": "Reason is the reason the CatalogSource was transitioned to its current state.", - "type": "string" - }, - "registryService": { - "description": "RegistryService represents the current state of the GRPC service used to serve the catalog", - "properties": { - "createdAt": { - "format": "date-time", - "type": "string" - }, - "port": { - "type": "string" - }, - "protocol": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "serviceNamespace": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "CatalogSource", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/CatalogSourceList": { - "description": "CatalogSourceList is a list of CatalogSource", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of catalogsources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.CatalogSource" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "CatalogSourceList", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/ClusterServiceVersion": { - "description": "ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ClusterServiceVersionSpec declarations tell OLM how to install an operator\nthat can manage apps for a given version.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata.", - "type": "object" - }, - "apiservicedefinitions": { - "description": "APIServiceDefinitions declares all of the extension apis managed or required by\nan operator being ran by ClusterServiceVersion.", - "properties": { - "owned": { - "items": { - "description": "APIServiceDescription provides details to OLM about apis provided via aggregation", - "properties": { - "actionDescriptors": { - "items": { - "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "containerPort": { - "format": "int32", - "type": "integer" - }, - "deploymentName": { - "type": "string" - }, - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "resources": { - "items": { - "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", - "properties": { - "kind": { - "description": "Kind of the referenced resource type.", - "type": "string" - }, - "name": { - "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", - "type": "string" - }, - "version": { - "description": "API Version of the referenced resource type.", - "type": "string" - } - }, - "required": [ - "kind", - "name", - "version" - ], - "type": "object" - }, - "type": "array" - }, - "specDescriptors": { - "items": { - "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" + } }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "statusDescriptors": { - "items": { - "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" }, - "x-descriptors": { - "items": { - "type": "string" + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "group", - "kind", - "name", - "version" - ], - "type": "object" - }, - "type": "array" - }, - "required": { - "items": { - "description": "APIServiceDescription provides details to OLM about apis provided via aggregation", - "properties": { - "actionDescriptors": { - "items": { - "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", - "properties": { - "description": { - "type": "string" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "displayName": { - "type": "string" + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, - "path": { + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", "type": "string" }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, - "x-descriptors": { - "items": { - "type": "string" + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, - "type": "array" + "type": "object" } }, - "required": [ - "path" - ], "type": "object" }, - "type": "array" - }, - "containerPort": { - "format": "int32", - "type": "integer" - }, - "deploymentName": { - "type": "string" - }, - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "resources": { - "items": { - "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", - "properties": { - "kind": { - "description": "Kind of the referenced resource type.", - "type": "string" - }, - "name": { - "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", - "type": "string" - }, - "version": { - "description": "API Version of the referenced resource type.", - "type": "string" - } - }, - "required": [ - "kind", - "name", - "version" - ], - "type": "object" + "message": { + "description": "Notification message.", + "type": "string" }, - "type": "array" - }, - "specDescriptors": { - "items": { - "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" + "priority": { + "description": "Priority, see https://pushover.net/api#priority", + "type": "string" }, - "type": "array" - }, - "statusDescriptors": { - "items": { - "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" + "retry": { + "description": "How often the Pushover servers will send the same notification to the user.\nMust be at least 30 seconds.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "type": "string" }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "group", - "kind", - "name", - "version" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "cleanup": { - "description": "Cleanup specifies the cleanup behaviour when the CSV gets deleted", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "customresourcedefinitions": { - "description": "CustomResourceDefinitions declares all of the CRDs managed or required by\nan operator being ran by ClusterServiceVersion.\n\nIf the CRD is present in the Owned list, it is implicitly required.", - "properties": { - "owned": { - "items": { - "description": "CRDDescription provides details to OLM about the CRDs", - "properties": { - "actionDescriptors": { - "items": { - "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" }, - "type": "array" - }, - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "resources": { - "items": { - "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", + "sound": { + "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", + "type": "string" + }, + "title": { + "description": "Notification title.", + "type": "string" + }, + "token": { + "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `token` or `tokenFile` is required.", "properties": { - "kind": { - "description": "Kind of the referenced resource type.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, "type": "string" }, "name": { - "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", - "type": "string" - }, - "version": { - "description": "API Version of the referenced resource type.", + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, "type": "string" } }, "required": [ - "kind", - "name", - "version" + "key", + "name" ], "type": "object" }, - "type": "array" - }, - "specDescriptors": { - "items": { - "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" + "tokenFile": { + "description": "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" }, - "type": "array" - }, - "statusDescriptors": { - "items": { - "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", + "ttl": { + "description": "The time to live definition for the alert notification", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "url": { + "description": "A supplementary URL shown alongside the message.", + "type": "string" + }, + "urlTitle": { + "description": "A title for supplementary URL, otherwise just the URL is shown", + "type": "string" + }, + "userKey": { + "description": "The secret's key that contains the recipient user's user key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `userKey` or `userKeyFile` is required.", "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, "type": "string" }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, "type": "string" - }, - "x-descriptors": { - "items": { - "type": "string" - }, - "type": "array" } }, "required": [ - "path" + "key", + "name" ], "type": "object" }, - "type": "array" + "userKeyFile": { + "description": "The user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + } }, - "version": { - "type": "string" - } + "type": "object" }, - "required": [ - "kind", - "name", - "version" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "required": { - "items": { - "description": "CRDDescription provides details to OLM about the CRDs", - "properties": { - "actionDescriptors": { - "items": { - "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { + "rocketchatConfigs": { + "description": "List of RocketChat configurations.\nIt requires Alertmanager >= 0.28.0.", + "items": { + "description": "RocketChatConfig configures notifications via RocketChat.\nIt requires Alertmanager >= 0.28.0.", + "properties": { + "actions": { + "description": "Actions to include in the message.", + "items": { + "description": "RocketChatActionConfig defines actions for RocketChat messages.", + "properties": { + "msg": { + "description": "The message to send when the button is clicked.", + "minLength": 1, "type": "string" }, - "type": "array" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "resources": { - "items": { - "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", - "properties": { - "kind": { - "description": "Kind of the referenced resource type.", - "type": "string" - }, - "name": { - "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", - "type": "string" - }, - "version": { - "description": "API Version of the referenced resource type.", - "type": "string" - } - }, - "required": [ - "kind", - "name", - "version" - ], - "type": "object" - }, - "type": "array" - }, - "specDescriptors": { - "items": { - "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { + "text": { + "description": "The button text.", + "minLength": 1, "type": "string" }, - "type": "array" - } + "url": { + "description": "The URL the button links to.", + "pattern": "^https?://.+$", + "type": "string" + } + }, + "type": "object" }, - "required": [ - "path" - ], - "type": "object" + "minItems": 1, + "type": "array" }, - "type": "array" - }, - "statusDescriptors": { - "items": { - "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", - "properties": { - "description": { - "type": "string" - }, - "displayName": { - "type": "string" - }, - "path": { - "type": "string" - }, - "value": { - "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", - "format": "byte", - "type": "string" - }, - "x-descriptors": { - "items": { + "apiURL": { + "description": "The API URL for RocketChat.\nDefaults to https://open.rocket.chat/ if not specified.", + "pattern": "^https?://.+$", + "type": "string" + }, + "channel": { + "description": "The channel to send alerts to.", + "minLength": 1, + "type": "string" + }, + "color": { + "description": "The message color.", + "minLength": 1, + "type": "string" + }, + "emoji": { + "description": "If provided, the avatar will be displayed as an emoji.", + "minLength": 1, + "type": "string" + }, + "fields": { + "description": "Additional fields for the message.", + "items": { + "description": "RocketChatFieldConfig defines a field for RocketChat messages.", + "properties": { + "short": { + "description": "Whether the field is displayed in a compact form.", + "type": "boolean" + }, + "title": { + "description": "The field title.", + "minLength": 1, "type": "string" }, - "type": "array" - } + "value": { + "description": "The field value.", + "minLength": 1, + "type": "string" + } + }, + "type": "object" }, - "required": [ - "path" - ], - "type": "object" + "minItems": 1, + "type": "array" }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "kind", - "name", - "version" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "description": { - "description": "Description of the operator. Can include the features, limitations or use-cases of the\noperator.", - "type": "string" - }, - "displayName": { - "description": "The name of the operator in display format.", - "type": "string" - }, - "icon": { - "description": "The icon for this operator.", - "items": { - "properties": { - "base64data": { - "type": "string" - }, - "mediatype": { - "type": "string" - } - }, - "required": [ - "base64data", - "mediatype" - ], - "type": "object" - }, - "type": "array" - }, - "install": { - "description": "NamedInstallStrategy represents the block of an ClusterServiceVersion resource\nwhere the install strategy is specified.", - "properties": { - "spec": { - "description": "StrategyDetailsDeployment represents the parsed details of a Deployment\nInstallStrategy.", - "properties": { - "clusterPermissions": { - "items": { - "description": "StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy", - "properties": { - "rules": { - "items": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to.", + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", - "items": { - "type": "string" + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "items": { - "type": "string" + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "resources": { - "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", - "items": { - "type": "string" + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" } }, "required": [ - "verbs" + "key", + "name" ], "type": "object" }, - "type": "array" - }, - "serviceAccountName": { - "type": "string" - } - }, - "required": [ - "rules", - "serviceAccountName" - ], - "type": "object" - }, - "type": "array" - }, - "deployments": { - "items": { - "description": "StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create", - "properties": { - "label": { - "additionalProperties": { + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" }, - "description": "Set is a map of label:value. It implements Labels.", - "type": "object" - }, - "name": { - "type": "string" - }, - "spec": { - "description": "DeploymentSpec is the specification of the desired behavior of the Deployment.", - "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing, for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)", - "format": "int32", - "type": "integer" - }, - "paused": { - "description": "Indicates that the deployment is paused.", - "type": "boolean" - }, - "progressDeadlineSeconds": { - "description": "The maximum time in seconds for a deployment to make progress before it\nis considered to be failed. The deployment controller will continue to\nprocess failed deployments and a condition with a ProgressDeadlineExceeded\nreason will be surfaced in the deployment status. Note that progress will\nnot be estimated during the time a deployment is paused. Defaults to 600s.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "description": "Number of desired pods. This is a pointer to distinguish between explicit\nzero and not specified. Defaults to 1.", - "format": "int32", - "type": "integer" - }, - "revisionHistoryLimit": { - "description": "The number of old ReplicaSets to retain to allow rollback.\nThis is a pointer to distinguish between explicit zero and not specified.\nDefaults to 10.", - "format": "int32", - "type": "integer" - }, - "selector": { - "description": "Label selector for pods. Existing ReplicaSets whose pods are\nselected by this will be the ones affected by this deployment.\nIt must match the pod template's labels.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { "key": { - "description": "key is the label key that the selector applies to.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "key", - "operator" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "strategy": { - "description": "The deployment strategy to use to replace existing pods with new ones.", - "properties": { - "rollingUpdate": { - "description": "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.", - "properties": { - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods.", - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods.", - "x-kubernetes-int-or-string": true - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "template": { - "description": "Template describes the pods that will be created.\nThe only allowed template.spec.restartPolicy value is \"Always\".", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "endpointParams": { + "additionalProperties": { + "type": "string" }, - "spec": { - "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", - "format": "int64", - "type": "integer" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "iconURL": { + "description": "Icon URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "imageURL": { + "description": "Image URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "linkNames": { + "description": "Whether to enable link names.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "description": "Whether to use short fields.", + "type": "boolean" + }, + "text": { + "description": "The main message text.", + "minLength": 1, + "type": "string" + }, + "thumbURL": { + "description": "Thumbnail URL for the message.", + "pattern": "^https?://.+$", + "type": "string" + }, + "title": { + "description": "The message title.", + "minLength": 1, + "type": "string" + }, + "titleLink": { + "description": "The title link for the message.", + "minLength": 1, + "type": "string" + }, + "token": { + "description": "The sender token.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tokenID": { + "description": "The sender token ID.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "token", + "tokenID" + ], + "type": "object" + }, + "type": "array" + }, + "slackConfigs": { + "description": "List of Slack configurations.", + "items": { + "description": "SlackConfig configures notifications via Slack.\nSee https://prometheus.io/docs/alerting/latest/configuration/#slack_config", + "properties": { + "actions": { + "description": "A list of Slack actions that are sent with each notification.", + "items": { + "description": "SlackAction configures a single Slack action that is sent with each\nnotification.\nSee https://api.slack.com/docs/message-attachments#action_fields and\nhttps://api.slack.com/docs/message-buttons for more information.", + "properties": { + "confirm": { + "description": "SlackConfirmationField protect users from destructive actions or\nparticularly distinguished decisions by asking them to confirm their button\nclick one more time.\nSee https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields\nfor more information.", + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "minLength": 1, + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "style": { + "type": "string" + }, + "text": { + "minLength": 1, + "type": "string" + }, + "type": { + "minLength": 1, + "type": "string" + }, + "url": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "text", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "apiURL": { + "description": "The secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "callbackId": { + "type": "string" + }, + "channel": { + "description": "The channel or user to send notifications to.", + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "description": "A list of Slack fields that are sent with each notification.", + "items": { + "description": "SlackField configures a single Slack field that is sent with each notification.\nEach field must contain a title, value, and optionally, a boolean value to indicate if the field\nis short enough to be displayed next to other fields designated as short.\nSee https://api.slack.com/docs/message-attachments#fields for more information.", + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "minLength": 1, + "type": "string" + }, + "value": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "title", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "footer": { + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", - "type": "boolean" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "items": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "iconEmoji": { + "type": "string" + }, + "iconURL": { + "type": "string" + }, + "imageURL": { + "type": "string" + }, + "linkNames": { + "type": "boolean" + }, + "mrkdwnIn": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pretext": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "snsConfigs": { + "description": "List of SNS configurations", + "items": { + "description": "SNSConfig configures notifications via AWS SNS.\nSee https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", + "properties": { + "apiURL": { + "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.\nIf not specified, the SNS API URL from the SNS SDK will be used.", + "type": "string" + }, + "attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "SNS message attributes.", + "type": "object" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "The message content of the SNS notification.", + "type": "string" + }, + "phoneNumber": { + "description": "Phone number if message is delivered via SMS in E.164 format.\nIf you don't specify this value, you must specify a value for the TopicARN or TargetARN.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sigv4": { + "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "subject": { + "description": "Subject line when the message is delivered to email endpoints.", + "type": "string" + }, + "targetARN": { + "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications.\nIf you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", + "type": "string" + }, + "topicARN": { + "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic\nIf you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "telegramConfigs": { + "description": "List of Telegram configurations.", + "items": { + "description": "TelegramConfig configures notifications via Telegram.\nSee https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", + "properties": { + "apiURL": { + "description": "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used.", + "type": "string" + }, + "botToken": { + "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "botTokenFile": { + "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + }, + "chatID": { + "description": "The Telegram chat ID.", + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "description": "Disable telegram notifications", + "type": "boolean" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Message template", + "type": "string" + }, + "messageThreadID": { + "description": "The Telegram Group Topic ID.\nIt requires Alertmanager >= 0.26.0.", + "format": "int64", + "type": "integer" + }, + "parseMode": { + "description": "Parse mode for telegram message", + "enum": [ + "MarkdownV2", + "Markdown", + "HTML" + ], + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "required": [ + "chatID" + ], + "type": "object" + }, + "type": "array" + }, + "victoropsConfigs": { + "description": "List of VictorOps configurations.", + "items": { + "description": "VictorOpsConfig configures notifications via VictorOps.\nSee https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", + "properties": { + "apiKey": { + "description": "The secret's key that contains the API key to use when talking to the VictorOps API.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "apiUrl": { + "description": "The VictorOps API URL.", + "type": "string" + }, + "customFields": { + "description": "Additional custom fields for notification.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entityDisplayName": { + "description": "Contains summary of the alerted problem.", + "type": "string" + }, + "httpConfig": { + "description": "The HTTP client's configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "ip": { - "description": "IP address of the host file entry.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "ip" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "hostIPC": { - "description": "Use the host's ipc namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", - "type": "boolean" - }, - "hostPID": { - "description": "Use the host's pid namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostUsers": { - "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" - }, - "hostname": { - "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "initContainers": { - "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nthat value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", - "items": { - "description": "A single application container that you want to run within a pod.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "messageType": { + "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", + "type": "string" + }, + "monitoringTool": { + "description": "The monitoring tool the state message is from.", + "type": "string" + }, + "routingKey": { + "description": "A key used to map the alert to a team.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "stateMessage": { + "description": "Contains long explanation of the alerted problem.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "webexConfigs": { + "description": "List of Webex configurations.", + "items": { + "description": "WebexConfig configures notification via Cisco Webex\nSee https://prometheus.io/docs/alerting/latest/configuration/#webex_config", + "properties": { + "apiURL": { + "description": "The Webex Teams API URL i.e. https://webexapis.com/v1/messages", + "pattern": "^https?://.+$", + "type": "string" + }, + "httpConfig": { + "description": "The HTTP client's configuration.\nYou must use this configuration to supply the bot token as part of the HTTP `Authorization` header.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", "type": "string" }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", - "type": "string" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "Message template", + "type": "string" + }, + "roomID": { + "description": "ID of the Webex Teams room where to send the messages.", + "minLength": 1, + "type": "string" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + } + }, + "required": [ + "roomID" + ], + "type": "object" + }, + "type": "array" + }, + "webhookConfigs": { + "description": "List of webhook configurations.", + "items": { + "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload.\nSee https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "nodeSelector": { - "additionalProperties": { + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "x-kubernetes-map-type": "atomic" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "os": { - "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", - "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "overhead": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "maxAlerts": { + "description": "Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "timeout": { + "description": "The maximum time to wait for a webhook request to complete, before failing the\nrequest and allowing it to be retried.\nIt requires Alertmanager >= v0.28.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "url": { + "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over\n`url`. One of `urlSecret` and `url` should be defined.", + "type": "string" + }, + "urlSecret": { + "description": "The secret's key that contains the webhook URL to send HTTP requests to.\n`urlSecret` takes precedence over `url`. One of `urlSecret` and `url`\nshould be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "wechatConfigs": { + "description": "List of WeChat configurations.", + "items": { + "description": "WeChatConfig configures notifications via WeChat.\nSee https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", + "properties": { + "agentID": { + "type": "string" + }, + "apiSecret": { + "description": "The secret's key that contains the WeChat API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "apiURL": { + "description": "The WeChat API URL.", + "type": "string" + }, + "corpID": { + "description": "The corp id for authentication.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "The name of the secret in the object's namespace to select from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "priority": { - "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", - "format": "int32", - "type": "integer" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", - "items": { - "description": "PodReadinessGate contains the reference to a pod condition", + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, "required": [ - "conditionType" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", - "type": "string" - }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", - "type": "string" - }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "items": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "secret": { + "description": "Secret containing data to use for the targets.", "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, "name": { - "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, "required": [ - "name" + "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", - "type": "boolean" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", - "type": "string" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", - "format": "int64", - "type": "integer" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "tolerations": { - "description": "If specified, the pod's tolerations.", + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "API request data as defined by the WeChat API.", + "type": "string" + }, + "messageType": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "toParty": { + "type": "string" + }, + "toTag": { + "type": "string" + }, + "toUser": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "route": { + "description": "The Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.", + "properties": { + "activeTimeIntervals": { + "description": "ActiveTimeIntervals is a list of TimeInterval names when this route should be active.", + "items": { + "type": "string" + }, + "type": "array" + }, + "continue": { + "description": "Boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.", + "type": "boolean" + }, + "groupBy": { + "description": "List of labels to group by.\nLabels must not be repeated (unique list).\nSpecial label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "groupInterval": { + "description": "How long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"", + "type": "string" + }, + "groupWait": { + "description": "How long to wait before sending the initial notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"30s\"", + "type": "string" + }, + "matchers": { + "description": "List of matchers that the alert's labels should match. For the first\nlevel route, the operator removes any existing equality and regexp\nmatcher on the `namespace` label and adds a `namespace: ` matcher.", + "items": { + "description": "Matcher defines how to match on alert's labels.", + "properties": { + "matchType": { + "description": "Match operator, one of `=` (equal to), `!=` (not equal to), `=~` (regex\nmatch) or `!~` (not regex match).\nNegative operators (`!=` and `!~`) require Alertmanager >= v0.22.0.", + "enum": [ + "!=", + "=", + "=~", + "!~" + ], + "type": "string" + }, + "name": { + "description": "Label to match.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Label value to match.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "muteTimeIntervals": { + "description": "Note: this comment applies to the field definition above but appears\nbelow otherwise it gets included in the generated manifest.\nCRD schema doesn't support self-referential types for now (see\nhttps://github.com/kubernetes/kubernetes/issues/62872). We have to use\nan alternative type to circumvent the limitation. The downside is that\nthe Kube API can't validate the data beyond the fact that it is a valid\nJSON representation.\nMuteTimeIntervals is a list of TimeInterval names that will mute this route when matched.", + "items": { + "type": "string" + }, + "type": "array" + }, + "receiver": { + "description": "Name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.", + "type": "string" + }, + "repeatInterval": { + "description": "How long to wait before repeating the last notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"4h\"", + "type": "string" + }, + "routes": { + "description": "Child routes.", + "items": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "array" + } + }, + "type": "object" + }, + "timeIntervals": { + "description": "List of TimeInterval specifying when the routes should be muted or active.", + "items": { + "description": "TimeInterval specifies the periods in time when notifications will be muted or active.", + "properties": { + "name": { + "description": "Name of the time interval.", + "type": "string" + }, + "timeIntervals": { + "description": "TimeIntervals is a list of TimePeriod.", + "items": { + "description": "TimePeriod describes periods of time.", + "properties": { + "daysOfMonth": { + "description": "DaysOfMonth is a list of DayOfMonthRange", + "items": { + "description": "DayOfMonthRange is an inclusive range of days of the month beginning at 1", + "properties": { + "end": { + "description": "End of the inclusive range", + "maximum": 31, + "minimum": -31, + "type": "integer" + }, + "start": { + "description": "Start of the inclusive range", + "maximum": 31, + "minimum": -31, + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + "months": { + "description": "Months is a list of MonthRange", + "items": { + "description": "MonthRange is an inclusive range of months of the year beginning in January\nMonths can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", + "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)", + "type": "string" + }, + "type": "array" + }, + "times": { + "description": "Times is a list of TimeRange", + "items": { + "description": "TimeRange defines a start and end time in 24hr format", + "properties": { + "endTime": { + "description": "EndTime is the end time in 24hr format.", + "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", + "type": "string" + }, + "startTime": { + "description": "StartTime is the start time in 24hr format.", + "pattern": "^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$)", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "weekdays": { + "description": "Weekdays is a list of WeekdayRange", + "items": { + "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday\nDays can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", + "pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)", + "type": "string" + }, + "type": "array" + }, + "years": { + "description": "Years is a list of YearRange", + "items": { + "description": "YearRange is an inclusive range of years", + "pattern": "^2\\d{3}(?::2\\d{3}|$)", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "AlertmanagerConfig", + "version": "v1beta1" + } + ] + }, + "monitoring.coreos.com/v1beta1/AlertmanagerConfigList": { + "description": "AlertmanagerConfigList is a list of AlertmanagerConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of alertmanagerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.monitoring.v1beta1.AlertmanagerConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.coreos.com", + "kind": "AlertmanagerConfigList", + "version": "v1beta1" + } + ] + }, + "monitoring.openshift.io/v1/AlertRelabelConfig": { + "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec describes the desired state of this AlertRelabelConfig object.", + "properties": { + "configs": { + "description": "configs is a list of sequentially evaluated alert relabel configs.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of label sets for alerts.\nSee Prometheus documentation:\n- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "Replace", + "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep',\n'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", + "enum": [ + "Replace", + "Keep", + "Drop", + "HashMod", + "LabelMap", + "LabelDrop", + "LabelKeep" + ], + "type": "string" + }, + "modulus": { + "description": "modulus to take of the hash of the source label values. This can be\ncombined with the 'HashMod' action to set 'target_label' to the 'modulus'\nof a hash of the concatenated 'source_labels'. This is only valid if\nsourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", + "format": "int64", + "type": "integer" + }, + "regex": { + "default": "(.*)", + "description": "regex against which the extracted value is matched. Default is: '(.*)'\nregex is required for all actions except 'HashMod'", + "maxLength": 2048, + "type": "string" + }, + "replacement": { + "description": "replacement value against which a regex replace is performed if the regular\nexpression matches. This is required if the action is 'Replace' or\n'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'.\nRegex capture groups are available. Default is: '$1'", + "maxLength": 2048, + "type": "string" + }, + "separator": { + "description": "separator placed between concatenated source label values. When omitted,\nPrometheus will use its default value of ';'.", + "maxLength": 2048, + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels select values from existing labels. Their content is\nconcatenated using the configured separator and matched against the\nconfigured regular expression for the 'Replace', 'Keep', and 'Drop' actions.\nNot allowed for actions 'LabelKeep' and 'LabelDrop'.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, and underscores.", + "maxLength": 2048, + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "targetLabel to which the resulting value is written in a 'Replace' action.\nIt is required for 'Replace' and 'HashMod' actions and forbidden for\nactions 'LabelKeep' and 'LabelDrop'. Regex capture groups\nare available.", + "maxLength": 2048, + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "relabel action hashmod requires non-zero modulus", + "rule": "self.action != 'HashMod' || self.modulus != 0" + }, + { + "message": "targetLabel is required when action is Replace or HashMod", + "rule": "(self.action != 'Replace' && self.action != 'HashMod') || has(self.targetLabel)" + }, + { + "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found sourceLabels)", + "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.sourceLabels)" + }, + { + "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found targetLabel)", + "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.targetLabel)" + }, + { + "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found modulus)", + "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.modulus)" + }, + { + "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found separator)", + "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.separator)" + }, + { + "message": "LabelKeep and LabelDrop actions require only 'regex', and no other fields (found replacement)", + "rule": "(self.action != 'LabelDrop' && self.action != 'LabelKeep') || !has(self.replacement)" + }, + { + "message": "modulus requires sourceLabels to be present", + "rule": "!has(self.modulus) || (has(self.modulus) && size(self.sourceLabels) > 0)" + }, + { + "message": "sourceLabels is required for actions Replace, Keep, Drop, HashMod and LabelMap", + "rule": "(self.action == 'LabelDrop' || self.action == 'LabelKeep') || has(self.sourceLabels)" + }, + { + "message": "replacement is required for actions Replace and LabelMap", + "rule": "(self.action != 'Replace' && self.action != 'LabelMap') || has(self.replacement)" + } + ] + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "configs" + ], + "type": "object" + }, + "status": { + "description": "status describes the current state of this AlertRelabelConfig object.", + "properties": { + "conditions": { + "description": "conditions contains details on the state of the AlertRelabelConfig, may be\nempty.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.openshift.io", + "kind": "AlertRelabelConfig", + "version": "v1" + } + ] + }, + "monitoring.openshift.io/v1/AlertRelabelConfigList": { + "description": "AlertRelabelConfigList is a list of AlertRelabelConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of alertrelabelconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.monitoring.v1.AlertRelabelConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.openshift.io", + "kind": "AlertRelabelConfigList", + "version": "v1" + } + ] + }, + "monitoring.openshift.io/v1/AlertingRule": { + "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing\nalerting rules. This resource is the supported method for cluster admins to\ncreate alerts based on metrics recorded by the platform monitoring stack in\nOpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring\nnamespace. You might use this to create custom alerting rules not shipped with\nOpenShift based on metrics from components such as the node_exporter, which\nprovides machine-level metrics such as CPU usage, or kube-state-metrics, which\nprovides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the\nprometheus-operator. The primary difference being that recording rules are not\nallowed here -- only alerting rules. For each AlertingRule resource created, a\ncorresponding PrometheusRule will be created in the openshift-monitoring\nnamespace. OpenShift requires admins to use the AlertingRule resource rather\nthan the upstream type in order to allow better OpenShift specific defaulting\nand validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec describes the desired state of this AlertingRule object.", + "properties": { + "groups": { + "description": "groups is a list of grouped alerting rules. Rule groups are the unit at\nwhich Prometheus parallelizes rule processing. All rules in a single group\nshare a configured evaluation interval. All rules in the group will be\nprocessed together on this interval, sequentially, and all rules will be\nprocessed.\n\nIt's common to group related alerting rules into a single AlertingRule\nresources, and within that resource, closely related alerts, or simply\nalerts with the same interval, into individual groups. You are also free\nto create AlertingRule resources with only a single rule group, but be\naware that this can have a performance impact on Prometheus if the group is\nextremely large or has very complex query expressions to evaluate.\nSpreading very complex rules across multiple groups to allow them to be\nprocessed in parallel is also a common use-case.", + "items": { + "description": "RuleGroup is a list of sequentially evaluated alerting rules.", + "properties": { + "interval": { + "description": "interval is how often rules in the group are evaluated. If not specified,\nit defaults to the global.evaluation_interval configured in Prometheus,\nwhich itself defaults to 30 seconds. You can check if this value has been\nmodified from the default on your cluster by inspecting the platform\nPrometheus configuration:\nThe relevant field in that resource is: spec.evaluationInterval", + "maxLength": 2048, + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "name": { + "description": "name is the name of the group.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "rules": { + "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may\nprocess rule groups in parallel, but rules within a single group are always\nprocessed sequentially, and all rules are processed.", + "items": { + "description": "Rule describes an alerting rule.\nSee Prometheus documentation:\n- https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", + "properties": { + "alert": { + "description": "alert is the name of the alert. Must be a valid label value, i.e. may\ncontain any Unicode character.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "annotations to add to each alert. These are values that can be used to\nstore longer additional information that you won't query on, such as alert\ndescriptions or runbook links.", + "type": "object" + }, + "expr": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is\nevaluated at the current time, and all resultant time series become pending\nor firing alerts. This is most often a string representing a PromQL\nexpression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr\nIn rare cases this could be a simple integer, e.g. a simple \"1\" if the\nintent is to create an alert that is always firing. This is sometimes used\nto create an always-firing \"Watchdog\" alert in order to ensure the alerting\npipeline is functional.", + "x-kubernetes-int-or-string": true + }, + "for": { + "description": "for is the time period after which alerts are considered firing after first\nreturning results. Alerts which have not yet fired for long enough are\nconsidered pending.", + "maxLength": 2048, + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "labels to add or overwrite for each alert. The results of the PromQL\nexpression for the alert will result in an existing set of labels for the\nalert, after evaluating the expression, for any label specified here with\nthe same name as a label in that set, the label here wins and overwrites\nthe previous value. These should typically be short identifying values\nthat may be useful to query against. A common example is the alert\nseverity, where one sets `severity: warning` under the `labels` key:", + "type": "object" + } + }, + "required": [ + "alert", + "expr" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "name", + "rules" + ], + "type": "object" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "groups" + ], + "type": "object" + }, + "status": { + "description": "status describes the current state of this AlertOverrides object.", + "properties": { + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with.", + "format": "int64", + "type": "integer" + }, + "prometheusRule": { + "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each\nAlertingRule instance results in a generated PrometheusRule object in the\nsame namespace, which is always the openshift-monitoring namespace.", + "properties": { + "name": { + "description": "name of the referenced PrometheusRule.", + "maxLength": 2048, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.openshift.io", + "kind": "AlertingRule", + "version": "v1" + } + ] + }, + "monitoring.openshift.io/v1/AlertingRuleList": { + "description": "AlertingRuleList is a list of AlertingRule", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of alertingrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.monitoring.v1.AlertingRule" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "monitoring.openshift.io", + "kind": "AlertingRuleList", + "version": "v1" + } + ] + }, + "network.operator.openshift.io/v1/EgressRouter": { + "description": "EgressRouter is a feature allowing the user to define an egress router\nthat acts as a bridge between pods and external systems. The egress router runs\na service that redirects egress traffic originating from a pod or a group of\npods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator.\nMore specifically, given an EgressRouter CR with , the CNO will create and manage:\n- A service called \n- An egress pod called \n- A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired egress router.", + "oneOf": [ + { + "properties": { + "mode": { + "enum": [ + "Redirect" + ] + } + }, + "required": [ + "redirect" + ] + } + ], + "properties": { + "addresses": { + "description": "List of IP addresses to configure on the pod's secondary interface.", + "items": { + "description": "EgressRouterAddress contains a pair of IP CIDR and gateway to be configured on the router's interface", + "properties": { + "gateway": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ], + "description": "IP address of the next-hop gateway, if it cannot be automatically determined. Can be IPv4 or IPv6.", + "type": "string" + }, + "ip": { + "description": "ip is the address to configure on the router's interface. Can be IPv4 or IPv6.", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "mode": { + "default": "Redirect", + "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", + "enum": [ + "Redirect" + ], + "type": "string" + }, + "networkInterface": { + "default": { + "macvlan": { + "mode": "Bridge" + } + }, + "description": "Specification of interface to create/use. The default is macvlan.\nCurrently only macvlan is supported.", + "oneOf": [ + { + "required": [ + "macvlan" + ] + } + ], + "properties": { + "macvlan": { + "default": { + "mode": "Bridge" + }, + "description": "Arguments specific to the interfaceType macvlan", + "properties": { + "master": { + "description": "Name of the master interface. Need not be specified if it can be inferred from the IP address.", + "type": "string" + }, + "mode": { + "default": "Bridge", + "description": "mode depicts the mode that is used for the macvlan interface; one of Bridge|Private|VEPA|Passthru. The default mode is \"Bridge\".", + "enum": [ + "Bridge", + "Private", + "VEPA", + "Passthru" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + } + }, + "type": "object" + }, + "redirect": { + "description": "redirect represents the configuration parameters specific to redirect mode.", + "properties": { + "fallbackIP": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ], + "description": "fallbackIP specifies the remote destination's IP address. Can be IPv4 or IPv6.\nIf no redirect rules are specified, all traffic from the router are redirected to this IP.\nIf redirect rules are specified, then any connections on any other port (undefined in the rules) on the router will be redirected to this IP.\nIf redirect rules are specified and no fallback IP is provided, connections on other ports will simply be rejected.", + "type": "string" + }, + "redirectRules": { + "description": "List of L4RedirectRules that define the DNAT redirection from the pod to the destination in redirect mode.", + "items": { + "description": "L4RedirectRule defines a DNAT redirection from a given port to a destination IP and port.", + "properties": { + "destinationIP": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ], + "description": "IP specifies the remote destination's IP address. Can be IPv4 or IPv6.", + "type": "string" + }, + "port": { + "description": "port is the port number to which clients should send traffic to be redirected.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "description": "protocol can be TCP, SCTP or UDP.", + "enum": [ + "TCP", + "UDP", + "SCTP" + ], + "type": "string" + }, + "targetPort": { + "description": "targetPort allows specifying the port number on the remote destination to which the traffic gets redirected to.\nIf unspecified, the value from \"Port\" is used.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "destinationIP", + "port", + "protocol" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "addresses", + "mode", + "networkInterface" + ], + "type": "object" + }, + "status": { + "description": "Observed status of EgressRouter.", + "properties": { + "conditions": { + "description": "Observed status of the egress router", + "items": { + "description": "EgressRouterStatusCondition represents the state of the egress router's\nmanaged and monitored components.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "description": "message provides additional information about the current condition.\nThis is only to be consumed by humans. It may contain Line Feed\ncharacters (U+000A), which should be rendered as new lines.", + "type": "string" + }, + "reason": { + "description": "reason is the CamelCase reason for the condition's current status.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type specifies the aspect reported by this condition; one of Available, Progressing, Degraded", + "enum": [ + "Available", + "Progressing", + "Degraded" + ], + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "conditions" + ], + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "network.operator.openshift.io", + "kind": "EgressRouter", + "version": "v1" + } + ] + }, + "network.operator.openshift.io/v1/EgressRouterList": { + "description": "EgressRouterList is a list of EgressRouter", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of egressrouters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.network.v1.EgressRouter" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "network.operator.openshift.io", + "kind": "EgressRouterList", + "version": "v1" + } + ] + }, + "network.operator.openshift.io/v1/OperatorPKI": { + "description": "OperatorPKI is a simple certificate authority. It is not intended for external\nuse - rather, it is internal to the network operator. The CNO creates a CA and\na certificate signed by that CA. The certificate has both ClientAuth\nand ServerAuth extended usages enabled.\n\n\tMore specifically, given an OperatorPKI with , the CNO will manage:\n\n- A Secret called -ca with two data keys:\n - tls.key - the private key\n - tls.crt - the CA certificate\n\n- A ConfigMap called -ca with a single data key:\n - cabundle.crt - the CA certificate(s)\n\n- A Secret called -cert with two data keys:\n - tls.key - the private key\n - tls.crt - the certificate, signed by the CA\n\nThe CA certificate will have a validity of 10 years, rotated after 9.\nThe target certificate will have a validity of 6 months, rotated after 3\n\nThe CA certificate will have a CommonName of \"_-ca@\", where\n is the last rotation time.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OperatorPKISpec is the PKI configuration.", + "properties": { + "targetCert": { + "description": "targetCert configures the certificate signed by the CA. It will have\nboth ClientAuth and ServerAuth enabled", + "properties": { + "commonName": { + "description": "commonName is the value in the certificate's CN", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "commonName" + ], + "type": "object" + } + }, + "required": [ + "targetCert" + ], + "type": "object" + }, + "status": { + "description": "OperatorPKIStatus is not implemented.", + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "network.operator.openshift.io", + "kind": "OperatorPKI", + "version": "v1" + } + ] + }, + "network.operator.openshift.io/v1/OperatorPKIList": { + "description": "OperatorPKIList is a list of OperatorPKI", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operatorpkis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.network.v1.OperatorPKI" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "network.operator.openshift.io", + "kind": "OperatorPKIList", + "version": "v1" + } + ] + }, + "networkaddonsoperator.network.kubevirt.io/v1/NetworkAddonsConfig": { + "description": "NetworkAddonsConfig is the Schema for the networkaddonsconfigs API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "NetworkAddonsConfigSpec defines the desired state of NetworkAddonsConfig", + "properties": { + "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", + "type": "string" + }, + "kubeMacPool": { + "description": "KubeMacPool plugin manages MAC allocation to Pods and VMs in Kubernetes", + "properties": { + "rangeEnd": { + "description": "RangeEnd defines the first mac in range", + "type": "string" + }, + "rangeStart": { + "description": "RangeStart defines the first mac in range", + "type": "string" + } + }, + "type": "object" + }, + "kubeSecondaryDNS": { + "description": "KubeSecondaryDNS plugin allows to support FQDN for VMI's secondary networks", + "properties": { + "domain": { + "description": "Domain defines the FQDN domain", + "type": "string" + }, + "nameServerIP": { + "description": "NameServerIp defines the name server IP", + "type": "string" + } + }, + "type": "object" + }, + "kubevirtIpamController": { + "description": "KubevirtIpamController plugin allows to support IPAM for secondary networks", + "properties": { + "defaultNetworkNADNamespace": { + "description": "DefaultNetworkNADNamespace is the namespace of the cluster default network NetworkAttachmentDefinition exist. When a VM is attached to OVN-Kubernetes user-defined network, with persistent IPs, ipam-controller mutates the pod according to the provided default network NAD namespace.", + "type": "string" + } + }, + "type": "object" + }, + "linuxBridge": { + "description": "LinuxBridge plugin allows users to create a bridge and add the host and the container to it", + "type": "object" + }, + "macvtap": { + "description": "MacvtapCni plugin allows users to define Kubernetes networks on top of existing host interfaces", + "properties": { + "devicePluginConfig": { + "description": "DevicePluginConfig allows the user to override the name of the `ConfigMap` where the device plugin configuration is held", + "type": "string" + } + }, + "type": "object" + }, + "multus": { + "description": "Multus plugin enables attaching multiple network interfaces to Pods in Kubernetes", + "type": "object" + }, + "multusDynamicNetworks": { + "description": "A multus extension enabling hot-plug and hot-unplug of Pod interfaces", + "type": "object" + }, + "ovs": { + "description": "Ovs plugin allows users to define Kubernetes networks on top of Open vSwitch bridges available on nodes", + "type": "object" + }, + "placementConfiguration": { + "description": "PlacementConfiguration defines node placement configuration", + "properties": { + "infra": { + "description": "Infra defines placement configuration for control-plane nodes", + "properties": { + "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", - "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "options": { - "additionalProperties": { + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array" } }, "required": [ - "driver" + "key", + "operator" ], "type": "object" }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "pdName" + "key", + "operator" ], "type": "object" }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "repository" - ], - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "tolerations": { + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "workloads": { + "properties": { + "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "endpoints", - "path" - ], - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "path" - ], - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" + "type": "array" } }, "required": [ - "iqn", - "lun", - "targetPortal" + "key", + "operator" ], "type": "object" }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "pdID" + "key", + "operator" ], "type": "object" }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "volumeID" - ], - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "tolerations": { + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "selfSignConfiguration": { + "description": "SelfSignConfiguration defines self sign configuration", + "properties": { + "caOverlapInterval": { + "description": "CAOverlapInterval defines the duration where expired CA certificate can overlap with new one, in order to allow fluent CA rotation transitioning", + "type": "string" + }, + "caRotateInterval": { + "description": "CARotateInterval defines duration for CA expiration", + "type": "string" + }, + "certOverlapInterval": { + "description": "CertOverlapInterval defines the duration where expired service certificate can overlap with new one, in order to allow fluent service rotation transitioning", + "type": "string" + }, + "certRotateInterval": { + "description": "CertRotateInterval defines duration for of service certificate expiration", + "type": "string" + } + }, + "type": "object" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "nullable": true, + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n ciphers: - DES-CBC3-SHA", + "items": { + "enum": [ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "DHE-RSA-AES128-SHA256", + "DHE-RSA-AES256-SHA256", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "AES128-SHA256", + "AES256-SHA256", + "AES128-SHA", + "AES256-SHA", + "DES-CBC3-SHA" + ], + "type": "string" + }, + "type": "array" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n minTLSVersion: TLSv1.1\n NOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml):\n ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AE,SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AE,SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE,POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported.", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA256,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA256,AES256-SHA256,AES128-SHA,AES256-SHA,DES-CBC3-SHA minTLSVersion: TLSv1.0", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "NetworkAddonsConfigStatus defines the observed state of NetworkAddonsConfig", + "properties": { + "conditions": { + "items": { + "description": "Condition represents the state of the operator's reconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "containers": { + "items": { + "properties": { + "image": { + "type": "string" + }, + "name": { + "type": "string" + }, + "parentKind": { + "type": "string" + }, + "parentName": { + "type": "string" + } + }, + "required": [ + "image", + "name", + "parentKind", + "parentName" + ], + "type": "object" + }, + "type": "array" + }, + "observedVersion": { + "type": "string" + }, + "operatorVersion": { + "type": "string" + }, + "targetVersion": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networkaddonsoperator.network.kubevirt.io", + "kind": "NetworkAddonsConfig", + "version": "v1" + } + ] + }, + "networkaddonsoperator.network.kubevirt.io/v1/NetworkAddonsConfigList": { + "description": "NetworkAddonsConfigList is a list of NetworkAddonsConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of networkaddonsconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.network.networkaddonsoperator.v1.NetworkAddonsConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networkaddonsoperator.network.kubevirt.io", + "kind": "NetworkAddonsConfigList", + "version": "v1" + } + ] + }, + "networkaddonsoperator.network.kubevirt.io/v1alpha1/NetworkAddonsConfig": { + "description": "NetworkAddonsConfig is the Schema for the networkaddonsconfigs API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "NetworkAddonsConfigSpec defines the desired state of NetworkAddonsConfig", + "properties": { + "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", + "type": "string" + }, + "kubeMacPool": { + "description": "KubeMacPool plugin manages MAC allocation to Pods and VMs in Kubernetes", + "properties": { + "rangeEnd": { + "description": "RangeEnd defines the first mac in range", + "type": "string" + }, + "rangeStart": { + "description": "RangeStart defines the first mac in range", + "type": "string" + } + }, + "type": "object" + }, + "kubeSecondaryDNS": { + "description": "KubeSecondaryDNS plugin allows to support FQDN for VMI's secondary networks", + "properties": { + "domain": { + "description": "Domain defines the FQDN domain", + "type": "string" + }, + "nameServerIP": { + "description": "NameServerIp defines the name server IP", + "type": "string" + } + }, + "type": "object" + }, + "kubevirtIpamController": { + "description": "KubevirtIpamController plugin allows to support IPAM for secondary networks", + "properties": { + "defaultNetworkNADNamespace": { + "description": "DefaultNetworkNADNamespace is the namespace of the cluster default network NetworkAttachmentDefinition exist. When a VM is attached to OVN-Kubernetes user-defined network, with persistent IPs, ipam-controller mutates the pod according to the provided default network NAD namespace.", + "type": "string" + } + }, + "type": "object" + }, + "linuxBridge": { + "description": "LinuxBridge plugin allows users to create a bridge and add the host and the container to it", + "type": "object" + }, + "macvtap": { + "description": "MacvtapCni plugin allows users to define Kubernetes networks on top of existing host interfaces", + "properties": { + "devicePluginConfig": { + "description": "DevicePluginConfig allows the user to override the name of the `ConfigMap` where the device plugin configuration is held", + "type": "string" + } + }, + "type": "object" + }, + "multus": { + "description": "Multus plugin enables attaching multiple network interfaces to Pods in Kubernetes", + "type": "object" + }, + "multusDynamicNetworks": { + "description": "A multus extension enabling hot-plug and hot-unplug of Pod interfaces", + "type": "object" + }, + "ovs": { + "description": "Ovs plugin allows users to define Kubernetes networks on top of Open vSwitch bridges available on nodes", + "type": "object" + }, + "placementConfiguration": { + "description": "PlacementConfiguration defines node placement configuration", + "properties": { + "infra": { + "description": "Infra defines placement configuration for control-plane nodes", + "properties": { + "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "registry", - "volume" + "key", + "operator" ], "type": "object" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" + "type": "array" } }, "required": [ - "image", - "monitors" + "key", + "operator" ], "type": "object" }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "tolerations": { + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "workloads": { + "properties": { + "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" + "type": "array" } }, "required": [ - "gateway", - "secretRef", - "system" + "key", + "operator" ], "type": "object" }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" + "type": "array" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "tolerations": { + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "selfSignConfiguration": { + "description": "SelfSignConfiguration defines self sign configuration", + "properties": { + "caOverlapInterval": { + "description": "CAOverlapInterval defines the duration where expired CA certificate can overlap with new one, in order to allow fluent CA rotation transitioning", + "type": "string" + }, + "caRotateInterval": { + "description": "CARotateInterval defines duration for CA expiration", + "type": "string" + }, + "certOverlapInterval": { + "description": "CertOverlapInterval defines the duration where expired service certificate can overlap with new one, in order to allow fluent service rotation transitioning", + "type": "string" + }, + "certRotateInterval": { + "description": "CertRotateInterval defines duration for of service certificate expiration", + "type": "string" + } + }, + "type": "object" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "nullable": true, + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: ciphers: ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n ciphers: - DES-CBC3-SHA", + "items": { + "enum": [ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "DHE-RSA-AES128-SHA256", + "DHE-RSA-AES256-SHA256", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "AES128-SHA256", + "AES256-SHA256", + "AES128-SHA", + "AES256-SHA", + "DES-CBC3-SHA" + ], + "type": "string" + }, + "type": "array" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n minTLSVersion: TLSv1.1\n NOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 and looks like this (yaml):\n ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AE,SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AE,SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE,POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently unsupported.", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA256,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA256,AES256-SHA256,AES128-SHA,AES256-SHA,DES-CBC3-SHA minTLSVersion: TLSv1.0", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "NetworkAddonsConfigStatus defines the observed state of NetworkAddonsConfig", + "properties": { + "conditions": { + "items": { + "description": "Condition represents the state of the operator's reconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "containers": { + "items": { + "properties": { + "image": { + "type": "string" + }, + "name": { + "type": "string" + }, + "parentKind": { + "type": "string" + }, + "parentName": { + "type": "string" + } + }, + "required": [ + "image", + "name", + "parentKind", + "parentName" + ], + "type": "object" + }, + "type": "array" + }, + "observedVersion": { + "type": "string" + }, + "operatorVersion": { + "type": "string" + }, + "targetVersion": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networkaddonsoperator.network.kubevirt.io", + "kind": "NetworkAddonsConfig", + "version": "v1alpha1" + } + ] + }, + "networkaddonsoperator.network.kubevirt.io/v1alpha1/NetworkAddonsConfigList": { + "description": "NetworkAddonsConfigList is a list of NetworkAddonsConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of networkaddonsconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.network.networkaddonsoperator.v1alpha1.NetworkAddonsConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networkaddonsoperator.network.kubevirt.io", + "kind": "NetworkAddonsConfigList", + "version": "v1alpha1" + } + ] + }, + "networking.k8s.io/v1/IPAddress": { + "description": "IPAddress represents a single IP of a single IP Family. The object is designed to be used by APIs that operate on IP addresses. The object is used by the Service core API for allocation of IP addresses. An IP address can be represented in different formats, to guarantee the uniqueness of the IP, the name of the object is the IP address in canonical format, four decimal digits separated by dots suppressing leading zeros for IPv4 and the representation defined by RFC 5952 for IPv6. Valid: 192.168.1.5 or 2001:db8::1 or 2001:db8:aaaa:bbbb:cccc:dddd:eeee:1 Invalid: 10.01.2.3 or 2001:db8:0:0:0::1", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IPAddressSpec" + } + ], + "default": {}, + "description": "spec is the desired state of the IPAddress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IPAddress", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/IPAddressList": { + "description": "IPAddressList contains a list of IPAddress.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of IPAddresses.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IPAddress" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IPAddressList", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/Ingress": { + "description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressSpec" + } + ], + "default": {}, + "description": "spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressStatus" + } + ], + "default": {}, + "description": "status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "Ingress", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/IngressClass": { + "description": "IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressClassSpec" + } + ], + "default": {}, + "description": "spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IngressClass", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/IngressClassList": { + "description": "IngressClassList is a collection of IngressClasses.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of IngressClasses.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.IngressClass" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IngressClassList", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/IngressList": { + "description": "IngressList is a collection of Ingress.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of Ingress.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.Ingress" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "IngressList", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/NetworkPolicy": { + "description": "NetworkPolicy describes what network traffic is allowed for a set of Pods", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.NetworkPolicySpec" + } + ], + "default": {}, + "description": "spec represents the specification of the desired behavior for this NetworkPolicy." + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "NetworkPolicy", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/NetworkPolicyList": { + "description": "NetworkPolicyList is a list of NetworkPolicy objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of schema objects.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.NetworkPolicy" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "NetworkPolicyList", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/ServiceCIDR": { + "description": "ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). This range is used to allocate ClusterIPs to Service objects.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDRSpec" + } + ], + "default": {}, + "description": "spec is the desired state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDRStatus" + } + ], + "default": {}, + "description": "status represents the current state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "ServiceCIDR", + "version": "v1" + } + ] + }, + "networking.k8s.io/v1/ServiceCIDRList": { + "description": "ServiceCIDRList contains a list of ServiceCIDR objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of ServiceCIDRs.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.networking.v1.ServiceCIDR" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "networking.k8s.io", + "kind": "ServiceCIDRList", + "version": "v1" + } + ] + }, + "nmstate.io/v1/NMState": { + "description": "NMState is the Schema for the nmstates API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "default": {}, + "description": "NMStateSpec defines the desired state of NMState", + "properties": { + "affinity": { + "description": "Affinity is an optional affinity selector that will be added to handler DaemonSet manifest.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "infraAffinity": { + "description": "InfraAffinity is an optional affinity selector that will be added to webhook, metrics & console-plugin Deployment manifests.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "infraNodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "InfraNodeSelector is an optional selector that will be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraNodeSelector is specified, the webhook, metrics and the console plugin will run only on nodes that have each\nof the indicated key-value pairs as labels applied to the node.", + "type": "object" + }, + "infraTolerations": { + "description": "InfraTolerations is an optional list of tolerations to be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraTolerations is specified, the webhook, metrics and the console plugin will be able to be scheduled on nodes with\ncorresponding taints", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is an optional selector that will be added to handler DaemonSet manifest\nfor both workers and control-plane (https://github.com/nmstate/kubernetes-nmstate/blob/main/deploy/handler/operator.yaml).\nIf NodeSelector is specified, the handler will run only on nodes that have each of the indicated key-value pairs\nas labels applied to the node.", + "type": "object" + }, + "probeConfiguration": { + "default": {}, + "description": "ProbeConfiguration is an optional configuration of NMstate probes testing various functionalities.\nIf ProbeConfiguration is specified, the handler will use the config defined here instead of its default values.", + "properties": { + "dns": { + "default": { + "host": "root-servers.net" + }, + "properties": { + "host": { + "default": "root-servers.net", + "type": "string" + } + }, + "required": [ + "host" + ], + "type": "object" + } + }, + "type": "object" + }, + "selfSignConfiguration": { + "description": "SelfSignConfiguration defines self signed certificate configuration", + "properties": { + "caOverlapInterval": { + "description": "CAOverlapInterval defines the duration where expired CA certificate\ncan overlap with new one, in order to allow fluent CA rotation transitioning", + "type": "string" + }, + "caRotateInterval": { + "description": "CARotateInterval defines duration for CA expiration", + "type": "string" + }, + "certOverlapInterval": { + "description": "CertOverlapInterval defines the duration where expired service certificate\ncan overlap with new one, in order to allow fluent service rotation transitioning", + "type": "string" + }, + "certRotateInterval": { + "description": "CertRotateInterval defines duration for of service certificate expiration", + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "description": "Tolerations is an optional list of tolerations to be added to handler DaemonSet manifest\nIf Tolerations is specified, the handler daemonset will be also scheduled on nodes with corresponding taints", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "NMStateStatus defines the observed state of NMState", + "properties": { + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NMState", + "version": "v1" + } + ] + }, + "nmstate.io/v1/NMStateList": { + "description": "NMStateList is a list of NMState", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nmstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1.NMState" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NMStateList", + "version": "v1" + } + ] + }, + "nmstate.io/v1/NodeNetworkConfigurationPolicy": { + "description": "NodeNetworkConfigurationPolicy is the Schema for the nodenetworkconfigurationpolicies API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "NodeNetworkConfigurationPolicySpec defines the desired state of NodeNetworkConfigurationPolicy", + "properties": { + "capture": { + "additionalProperties": { + "type": "string" + }, + "description": "Capture contains expressions with an associated name than can be referenced\nat the DesiredState.", + "type": "object" + }, + "desiredState": { + "description": "The desired configuration of the policy", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxUnavailable specifies percentage or number\nof machines that can be updating at a time. Default is \"50%\".", + "x-kubernetes-int-or-string": true + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the policy to be applied to the node.\nSelector which must match a node's labels for the policy to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "NodeNetworkConfigurationPolicyStatus defines the observed state of NodeNetworkConfigurationPolicy", + "properties": { + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "lastUnavailableNodeCountUpdate": { + "description": "LastUnavailableNodeCountUpdate is time of the last UnavailableNodeCount update", + "format": "date-time", + "type": "string" + }, + "unavailableNodeCount": { + "description": "UnavailableNodeCount represents the total number of potentially unavailable nodes that are\nprocessing a NodeNetworkConfigurationPolicy", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationPolicy", + "version": "v1" + } + ] + }, + "nmstate.io/v1/NodeNetworkConfigurationPolicyList": { + "description": "NodeNetworkConfigurationPolicyList is a list of NodeNetworkConfigurationPolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nodenetworkconfigurationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1.NodeNetworkConfigurationPolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationPolicyList", + "version": "v1" + } + ] + }, + "nmstate.io/v1beta1/NMState": { + "description": "NMState is the Schema for the nmstates API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "default": {}, + "description": "NMStateSpec defines the desired state of NMState", + "properties": { + "affinity": { + "description": "Affinity is an optional affinity selector that will be added to handler DaemonSet manifest.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "infraAffinity": { + "description": "InfraAffinity is an optional affinity selector that will be added to webhook, metrics & console-plugin Deployment manifests.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "infraNodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "InfraNodeSelector is an optional selector that will be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraNodeSelector is specified, the webhook, metrics and the console plugin will run only on nodes that have each\nof the indicated key-value pairs as labels applied to the node.", + "type": "object" + }, + "infraTolerations": { + "description": "InfraTolerations is an optional list of tolerations to be added to webhook, metrics & console-plugin Deployment manifests\nIf InfraTolerations is specified, the webhook, metrics and the console plugin will be able to be scheduled on nodes with\ncorresponding taints", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is an optional selector that will be added to handler DaemonSet manifest\nfor both workers and control-plane (https://github.com/nmstate/kubernetes-nmstate/blob/main/deploy/handler/operator.yaml).\nIf NodeSelector is specified, the handler will run only on nodes that have each of the indicated key-value pairs\nas labels applied to the node.", + "type": "object" + }, + "probeConfiguration": { + "default": {}, + "description": "ProbeConfiguration is an optional configuration of NMstate probes testing various functionalities.\nIf ProbeConfiguration is specified, the handler will use the config defined here instead of its default values.", + "properties": { + "dns": { + "default": { + "host": "root-servers.net" + }, + "properties": { + "host": { + "default": "root-servers.net", + "type": "string" + } + }, + "required": [ + "host" + ], + "type": "object" + } + }, + "type": "object" + }, + "selfSignConfiguration": { + "description": "SelfSignConfiguration defines self signed certificate configuration", + "properties": { + "caOverlapInterval": { + "description": "CAOverlapInterval defines the duration where expired CA certificate\ncan overlap with new one, in order to allow fluent CA rotation transitioning", + "type": "string" + }, + "caRotateInterval": { + "description": "CARotateInterval defines duration for CA expiration", + "type": "string" + }, + "certOverlapInterval": { + "description": "CertOverlapInterval defines the duration where expired service certificate\ncan overlap with new one, in order to allow fluent service rotation transitioning", + "type": "string" + }, + "certRotateInterval": { + "description": "CertRotateInterval defines duration for of service certificate expiration", + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "description": "Tolerations is an optional list of tolerations to be added to handler DaemonSet manifest\nIf Tolerations is specified, the handler daemonset will be also scheduled on nodes with corresponding taints", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "NMStateStatus defines the observed state of NMState", + "properties": { + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NMState", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NMStateList": { + "description": "NMStateList is a list of NMState", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nmstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1beta1.NMState" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NMStateList", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkConfigurationEnactment": { + "description": "NodeNetworkConfigurationEnactment is the Schema for the nodenetworkconfigurationenactments API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "status": { + "description": "NodeNetworkConfigurationEnactmentStatus defines the observed state of NodeNetworkConfigurationEnactment", + "properties": { + "capturedStates": { + "additionalProperties": { + "properties": { + "metaInfo": { + "properties": { + "time": { + "format": "date-time", + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "description": "A cache containing the resolved captures after processing the capture at NNCP", + "type": "object" + }, + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "desiredState": { + "description": "The desired state rendered for the enactment's node using\nthe policy desiredState as template", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "desiredStateMetaInfo": { + "properties": { + "time": { + "format": "date-time", + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "features": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policyGeneration": { + "description": "The generation from policy needed to check if an enactment\ncondition status belongs to the same policy version", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationEnactment", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkConfigurationEnactmentList": { + "description": "NodeNetworkConfigurationEnactmentList is a list of NodeNetworkConfigurationEnactment", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nodenetworkconfigurationenactments. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkConfigurationEnactment" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationEnactmentList", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkConfigurationPolicy": { + "description": "NodeNetworkConfigurationPolicy is the Schema for the nodenetworkconfigurationpolicies API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "NodeNetworkConfigurationPolicySpec defines the desired state of NodeNetworkConfigurationPolicy", + "properties": { + "capture": { + "additionalProperties": { + "type": "string" + }, + "description": "Capture contains expressions with an associated name than can be referenced\nat the DesiredState.", + "type": "object" + }, + "desiredState": { + "description": "The desired configuration of the policy", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxUnavailable specifies percentage or number\nof machines that can be updating at a time. Default is \"50%\".", + "x-kubernetes-int-or-string": true + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the policy to be applied to the node.\nSelector which must match a node's labels for the policy to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "NodeNetworkConfigurationPolicyStatus defines the observed state of NodeNetworkConfigurationPolicy", + "properties": { + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "lastUnavailableNodeCountUpdate": { + "description": "LastUnavailableNodeCountUpdate is time of the last UnavailableNodeCount update", + "format": "date-time", + "type": "string" + }, + "unavailableNodeCount": { + "description": "UnavailableNodeCount represents the total number of potentially unavailable nodes that are\nprocessing a NodeNetworkConfigurationPolicy", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationPolicy", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkConfigurationPolicyList": { + "description": "NodeNetworkConfigurationPolicyList is a list of NodeNetworkConfigurationPolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nodenetworkconfigurationpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkConfigurationPolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkConfigurationPolicyList", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkState": { + "description": "NodeNetworkState is the Schema for the nodenetworkstates API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "status": { + "description": "NodeNetworkStateStatus is the status of the NodeNetworkState of a specific node", + "properties": { + "conditions": { + "items": { + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "currentState": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "handlerNetworkManagerVersion": { + "type": "string" + }, + "handlerNmstateVersion": { + "type": "string" + }, + "hostNetworkManagerVersion": { + "type": "string" + }, + "lastSuccessfulUpdateTime": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkState", + "version": "v1beta1" + } + ] + }, + "nmstate.io/v1beta1/NodeNetworkStateList": { + "description": "NodeNetworkStateList is a list of NodeNetworkState", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nodenetworkstates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.nmstate.v1beta1.NodeNetworkState" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "nmstate.io", + "kind": "NodeNetworkStateList", + "version": "v1beta1" + } + ] + }, + "node.k8s.io/v1/RuntimeClass": { + "description": "RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod. For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "handler": { + "default": "", + "description": "handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called \"runc\" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "overhead": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.node.v1.Overhead" + } + ], + "description": "overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see\n https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/" + }, + "scheduling": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.node.v1.Scheduling" + } + ], + "description": "scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes." + } + }, + "required": [ + "handler" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "node.k8s.io", + "kind": "RuntimeClass", + "version": "v1" + } + ] + }, + "node.k8s.io/v1/RuntimeClassList": { + "description": "RuntimeClassList is a list of RuntimeClass objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of schema objects.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.node.v1.RuntimeClass" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "node.k8s.io", + "kind": "RuntimeClassList", + "version": "v1" + } + ] + }, + "noobaa.io/v1alpha1/BackingStore": { + "description": "BackingStore is the Schema for the backingstores API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the noobaa BackingStore.", + "properties": { + "awsS3": { + "description": "AWSS3Spec specifies a backing store of type aws-s3", + "properties": { + "awsSTSRoleARN": { + "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", + "type": "string" + }, + "region": { + "description": "Region is the AWS region", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslDisabled": { + "description": "SSLDisabled allows to disable SSL and use plain http", + "type": "boolean" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "targetBucket" + ], + "type": "object" + }, + "azureBlob": { + "description": "AzureBlob specifies a backing store of type azure-blob", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBlobContainer": { + "description": "TargetBlobContainer is the name of the target Azure Blob container", + "type": "string" + } + }, + "required": [ + "secret", + "targetBlobContainer" + ], + "type": "object" + }, + "googleCloudStorage": { + "description": "GoogleCloudStorage specifies a backing store of type google-cloud-storage", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "secret", + "targetBucket" + ], + "type": "object" + }, + "ibmCos": { + "description": "IBMCos specifies a backing store of type ibm-cos", + "properties": { + "endpoint": { + "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target IBM COS bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "pvPool": { + "description": "PVPool specifies a backing store of type pv-pool", + "properties": { + "numVolumes": { + "description": "NumVolumes is the number of volumes to allocate", + "type": "integer" + }, + "resources": { + "description": "VolumeResources represents the minimum resources each volume should have.", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "secret": { + "description": "Secret refers to a secret that provides the agent configuration\nThe secret should define AGENT_CONFIG containing agent_configuration from noobaa-core.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClass": { + "description": "StorageClass is the name of the storage class to use for the PV's", + "type": "string" + } + }, + "required": [ + "numVolumes" + ], + "type": "object" + }, + "s3Compatible": { + "description": "S3Compatible specifies a backing store of type s3-compatible", + "properties": { + "endpoint": { + "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "type": { + "description": "Type is an enum of supported types", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the noobaa BackingStore.", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions related to operator reconciliation", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "mode": { + "description": "Mode specifies the updating mode of a BackingStore", + "properties": { + "modeCode": { + "description": "ModeCode specifies the updated mode of backingstore", + "type": "string" + }, + "timeStamp": { + "description": "TimeStamp specifies the update time of backingstore new mode", + "type": "string" + } + }, + "type": "object" + }, + "phase": { + "description": "Phase is a simple, high-level summary of where the backing store is in its lifecycle", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects related to this operator.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "BackingStore", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/BackingStoreList": { + "description": "BackingStoreList is a list of BackingStore", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of backingstores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.v1alpha1.BackingStore" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "BackingStoreList", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/BucketClass": { + "description": "BucketClass is the Schema for the bucketclasses API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the noobaa BucketClass.", + "properties": { + "namespacePolicy": { + "description": "NamespacePolicy specifies the namespace policy for the bucket class", + "properties": { + "cache": { + "description": "Cache is a namespace policy configuration of type Cache", + "properties": { + "caching": { + "description": "Caching is the cache specification for the ns policy", + "properties": { + "prefix": { + "description": "Prefix is prefix of the future cached data", + "type": "string" + }, + "ttl": { + "description": "TTL specifies the cache ttl", + "type": "integer" + } + }, + "type": "object" + }, + "hubResource": { + "description": "HubResource is the read and write resource name to use", + "type": "string" + } + }, + "type": "object" + }, + "multi": { + "description": "Multi is a namespace policy configuration of type Multi", + "properties": { + "readResources": { + "description": "ReadResources is an ordered list of read resources names to use", + "items": { + "type": "string" + }, + "type": "array" + }, + "writeResource": { + "description": "WriteResource is the write resource name to use", + "type": "string" + } + }, + "type": "object" + }, + "single": { + "description": "Single is a namespace policy configuration of type Single", + "properties": { + "resource": { + "description": "Resource is the read and write resource name to use", + "type": "string" + } + }, + "type": "object" + }, + "type": { + "description": "Type is the namespace policy type", + "type": "string" + } + }, + "type": "object" + }, + "placementPolicy": { + "description": "PlacementPolicy specifies the placement policy for the bucket class", + "properties": { + "tiers": { + "description": "Tiers is an ordered list of tiers to use.\nThe model is a waterfall - push to first tier by default,\nand when no more space spill \"cold\" storage to next tier.", + "items": { + "description": "Tier specifies a storage tier", + "properties": { + "backingStores": { + "description": "BackingStores is an unordered list of backing store names.\nThe meaning of the list depends on the placement.", + "items": { + "description": "BackingStoreName is just a name-reference to a BackingStore", + "type": "string" + }, + "type": "array" + }, + "placement": { + "description": "Placement specifies the type of placement for the tier\nIf empty it should have a single backing store.", + "enum": [ + "Spread", + "Mirror" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quota": { + "description": "Quota specifies the quota configuration for the bucket class", + "properties": { + "maxObjects": { + "description": "limits the max total quantity of objects per bucket", + "type": "string" + }, + "maxSize": { + "description": "limits the max total size of objects per bucket", + "type": "string" + } + }, + "type": "object" + }, + "replicationPolicy": { + "description": "ReplicationPolicy specifies a json of replication rules for the bucketclass", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "Most recently observed status of the noobaa BackingStore.", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions related to operator reconciliation", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "mode": { + "description": "Mode is a simple, high-level summary of where the System is in its lifecycle", + "type": "string" + }, + "phase": { + "description": "Phase is a simple, high-level summary of where the System is in its lifecycle", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects related to this operator.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "BucketClass", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/BucketClassList": { + "description": "BucketClassList is a list of BucketClass", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of bucketclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.v1alpha1.BucketClass" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "BucketClassList", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NamespaceStore": { + "description": "NamespaceStore is the Schema for the namespacestores API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the noobaa NamespaceStore.", + "properties": { + "accessMode": { + "description": "AccessMode is an enum of supported access modes", + "type": "string" + }, + "awsS3": { + "description": "AWSS3Spec specifies a namespace store of type aws-s3", + "properties": { + "awsSTSRoleARN": { + "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", + "type": "string" + }, + "region": { + "description": "Region is the AWS region", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslDisabled": { + "description": "SSLDisabled allows to disable SSL and use plain http", + "type": "boolean" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "targetBucket" + ], + "type": "object" + }, + "azureBlob": { + "description": "AzureBlob specifies a namespace store of type azure-blob", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBlobContainer": { + "description": "TargetBlobContainer is the name of the target Azure Blob container", + "type": "string" + } + }, + "required": [ + "secret", + "targetBlobContainer" + ], + "type": "object" + }, + "googleCloudStorage": { + "description": "GoogleCloudStorage specifies a namespace store of type google-cloud-storage", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "secret", + "targetBucket" + ], + "type": "object" + }, + "ibmCos": { + "description": "IBMCos specifies a namespace store of type ibm-cos", + "properties": { + "endpoint": { + "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target IBM COS bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "nsfs": { + "description": "NSFS specifies a namespace store of type nsfs", + "properties": { + "fsBackend": { + "description": "FsBackend is the backend type of the file system", + "enum": [ + "CEPH_FS", + "GPFS", + "NFSv4" + ], + "type": "string" + }, + "pvcName": { + "description": "PvcName is the name of the pvc in which the file system resides", + "type": "string" + }, + "subPath": { + "description": "SubPath is a path to a sub directory in the pvc file system", + "type": "string" + } + }, + "required": [ + "pvcName" + ], + "type": "object" + }, + "s3Compatible": { + "description": "S3Compatible specifies a namespace store of type s3-compatible", + "properties": { + "endpoint": { + "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "type": { + "description": "Type is an enum of supported types", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the noobaa NamespaceStore.", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions related to operator reconciliation", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "mode": { + "description": "Mode specifies the updating mode of a NamespaceStore", + "properties": { + "modeCode": { + "description": "ModeCode specifies the updated mode of namespacestore", + "type": "string" + }, + "timeStamp": { + "description": "TimeStamp specifies the update time of namespacestore new mode", + "type": "string" + } + }, + "type": "object" + }, + "phase": { + "description": "Phase is a simple, high-level summary of where the namespace store is in its lifecycle", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects related to this operator.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NamespaceStore", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NamespaceStoreList": { + "description": "NamespaceStoreList is a list of NamespaceStore", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of namespacestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.v1alpha1.NamespaceStore" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NamespaceStoreList", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NooBaa": { + "description": "NooBaa is the Schema for the NooBaas API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the noobaa system.", + "properties": { + "affinity": { + "description": "Affinity (optional) passed through to noobaa's pods", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "topologyKey": { + "description": "TopologyKey (optional) the TopologyKey to pass as the domain for TopologySpreadConstraint and Affinity of noobaa components\nIt is used by the endpoints and the DB pods to control pods distribution between topology domains (host/zone)", + "type": "string" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations are annotation for a given daemon", + "type": "object" + }, + "description": "The annotations-related configuration to add/set on each Pod related object.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "autoscaler": { + "description": "Configuration related to autoscaling", + "properties": { + "autoscalerType": { + "description": "Type of autoscaling (optional) for noobaa-endpoint, hpav2(default) and keda - Prometheus metrics based", + "enum": [ + "hpav2", + "keda" + ], + "type": "string" + }, + "prometheusNamespace": { + "description": "Prometheus namespace that scrap metrics from noobaa", + "type": "string" + } + }, + "type": "object" + }, + "bucketLogging": { + "description": "BucketLogging sets the configuration for bucket logging", + "properties": { + "bucketLoggingPVC": { + "description": "BucketLoggingPVC (optional) specifies the name of the Persistent Volume Claim (PVC) to be used\nfor guaranteed logging when the logging type is set to 'guaranteed'. The PVC must support\nReadWriteMany (RWX) access mode to ensure reliable logging.\nFor ODF: If not provided, the default CephFS storage class will be used to create the PVC.", + "type": "string" + }, + "loggingType": { + "description": "LoggingType specifies the type of logging for the bucket\nThere are two types available: best-effort and guaranteed logging\n- best-effort(default) - less immune to failures but with better performance\n- guaranteed - much more reliable but need to provide a storage class that supports RWX PVs", + "type": "string" + } + }, + "type": "object" + }, + "bucketNotifications": { + "description": "BucketNotifications (optional) controls bucket notification options", + "properties": { + "connections": { + "description": "Connections - A list of secrets' names that are used by the notifications configrations\n(in the TopicArn field).", + "items": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled - whether bucket notifications is enabled", + "type": "boolean" + }, + "pvc": { + "description": "PVC (optional) specifies the name of the Persistent Volume Claim (PVC) to be used\nfor holding pending notifications files.\nFor ODF - If not provided, the default CepthFS storage class will be used to create the PVC.", + "type": "string" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "cleanupPolicy": { + "description": "CleanupPolicy (optional) Indicates user's policy for deletion", + "properties": { + "allowNoobaaDeletion": { + "type": "boolean" + }, + "confirmation": { + "description": "CleanupConfirmationProperty is a string that specifies cleanup confirmation", + "type": "string" + } + }, + "type": "object" + }, + "coreResources": { + "description": "CoreResources (optional) overrides the default resource requirements for the server container", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "dbConf": { + "description": "DBConf (optional) overrides the default postgresql db config", + "type": "string" + }, + "dbImage": { + "description": "DBImage (optional) overrides the default image for the db container", + "type": "string" + }, + "dbResources": { + "description": "DBResources (optional) overrides the default resource requirements for the db container", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "dbSpec": { + "description": "DBSpec (optional) DB spec for a managed postgres cluster", + "properties": { + "dbConf": { + "additionalProperties": { + "type": "string" + }, + "description": "DBConf (optional) overrides the default postgresql db config", + "type": "object" + }, + "dbMinVolumeSize": { + "description": "DBMinVolumeSize (optional) The initial size of the database volume.The actual size might be larger.\nIncreasing the size of the volume is supported if the underlying storage class supports volume expansion.\nThe new size should be larger than actualVolumeSize in dbStatus for the volume to be resized.", + "type": "string" + }, + "dbResources": { + "description": "DBResources (optional) overrides the default resource requirements for the db container", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "dbStorageClass": { + "description": "DBStorageClass (optional) overrides the default cluster StorageClass for the database volume.", + "type": "string" + }, + "image": { + "description": "DBImage (optional) overrides the default image for the db instances", + "type": "string" + }, + "instances": { + "description": "Instances (optional) overrides the default number of db instances", + "type": "integer" + }, + "postgresMajorVersion": { + "description": "PostgresMajorVersion (optional) overrides the default postgres major version\nIt is the user's responsibility to ensure that the postgres image matches the major version.", + "type": "integer" + } + }, + "type": "object" + }, + "dbStorageClass": { + "description": "DBStorageClass (optional) overrides the default cluster StorageClass for the database volume.\nFor the time being this field is immutable and can only be set on system creation.\nThis affects where the system stores its database which contains system config,\nbuckets, objects meta-data and mapping file parts to storage locations.", + "type": "string" + }, + "dbType": { + "description": "DBType (optional) overrides the default type image for the db container.\nThe only possible value is postgres", + "enum": [ + "postgres" + ], + "type": "string" + }, + "dbVolumeResources": { + "description": "DBVolumeResources (optional) overrides the default PVC resource requirements for the database volume.\nFor the time being this field is immutable and can only be set on system creation.\nThis is because volume size updates are only supported for increasing the size,\nand only if the storage class specifies `allowVolumeExpansion: true`,", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "debugLevel": { + "description": "DebugLevel (optional) sets the debug level", + "enum": [ + "all", + "nsfs", + "warn", + "default_level" + ], + "type": "integer" + }, + "defaultBackingStoreSpec": { + "description": "Deprecated: DefaultBackingStoreSpec is not supported anymore, use ManualDefaultBackingStore instead.", + "properties": { + "awsS3": { + "description": "AWSS3Spec specifies a backing store of type aws-s3", + "properties": { + "awsSTSRoleARN": { + "description": "AWSSTSRoleARN allows to Assume Role and use AssumeRoleWithWebIdentity", + "type": "string" + }, + "region": { + "description": "Region is the AWS region", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslDisabled": { + "description": "SSLDisabled allows to disable SSL and use plain http", + "type": "boolean" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "targetBucket" + ], + "type": "object" + }, + "azureBlob": { + "description": "AzureBlob specifies a backing store of type azure-blob", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AccountName and AccountKey as provided by Azure Blob.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBlobContainer": { + "description": "TargetBlobContainer is the name of the target Azure Blob container", + "type": "string" + } + }, + "required": [ + "secret", + "targetBlobContainer" + ], + "type": "object" + }, + "googleCloudStorage": { + "description": "GoogleCloudStorage specifies a backing store of type google-cloud-storage", + "properties": { + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define GoogleServiceAccountPrivateKeyJson containing the entire json string as provided by Google.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "secret", + "targetBucket" + ], + "type": "object" + }, + "ibmCos": { + "description": "IBMCos specifies a backing store of type ibm-cos", + "properties": { + "endpoint": { + "description": "Endpoint is the IBM COS compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target IBM COS bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "pvPool": { + "description": "PVPool specifies a backing store of type pv-pool", + "properties": { + "numVolumes": { + "description": "NumVolumes is the number of volumes to allocate", + "type": "integer" + }, + "resources": { + "description": "VolumeResources represents the minimum resources each volume should have.", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "secret": { + "description": "Secret refers to a secret that provides the agent configuration\nThe secret should define AGENT_CONFIG containing agent_configuration from noobaa-core.", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClass": { + "description": "StorageClass is the name of the storage class to use for the PV's", + "type": "string" + } + }, + "required": [ + "numVolumes" + ], + "type": "object" + }, + "s3Compatible": { + "description": "S3Compatible specifies a backing store of type s3-compatible", + "properties": { + "endpoint": { + "description": "Endpoint is the S3 compatible endpoint: http(s)://host:port", + "type": "string" + }, + "secret": { + "description": "Secret refers to a secret that provides the credentials\nThe secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "signatureVersion": { + "description": "SignatureVersion specifies the client signature version to use when signing requests.", + "type": "string" + }, + "targetBucket": { + "description": "TargetBucket is the name of the target S3 bucket", + "type": "string" + } + }, + "required": [ + "endpoint", + "secret", + "targetBucket" + ], + "type": "object" + }, + "type": { + "description": "Type is an enum of supported types", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "denyHTTP": { + "description": "DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS)", + "type": "boolean" + }, + "disableLoadBalancerService": { + "description": "DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer", + "nullable": true, + "type": "boolean" + }, + "disableRoutes": { + "description": "DisableRoutes (optional) disables the reconciliation of openshift route resources in the cluster", + "nullable": true, + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints (optional) sets configuration info for the noobaa endpoint\ndeployment.", + "properties": { + "additionalVirtualHosts": { + "description": "AdditionalVirtualHosts (optional) provide a list of additional hostnames\n(on top of the builtin names defined by the cluster: service name, elb name, route name)\nto be used as virtual hosts by the the endpoints in the endpoint deployment", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxCount": { + "description": "MaxCount, the number of endpoint instances (pods)\nto be used as the upper bound when autoscaling", + "format": "int32", + "type": "integer" + }, + "minCount": { + "description": "MinCount, the number of endpoint instances (pods)\nto be used as the lower bound when autoscaling", + "format": "int32", + "type": "integer" + }, + "resources": { + "description": "Resources (optional) overrides the default resource requirements for every endpoint pod", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "externalPgSSLRequired": { + "description": "ExternalPgSSLRequired (optional) holds an optional boolean to force ssl connections to the external Postgres DB", + "type": "boolean" + }, + "externalPgSSLSecret": { + "description": "ExternalPgSSLSecret (optional) holds an optional secret with client key and cert used for connecting to external Postgres DB", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "externalPgSSLUnauthorized": { + "description": "ExternalPgSSLUnauthorized (optional) holds an optional boolean to allow unauthorized connections to external Postgres DB", + "type": "boolean" + }, + "externalPgSecret": { + "description": "ExternalPgSecret (optional) holds an optional secret with a url to an extrenal Postgres DB to be used", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "image": { + "description": "Image (optional) overrides the default image for the server container", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret (optional) sets a pull secret for the system image", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "joinSecret": { + "description": "JoinSecret (optional) instructs the operator to join another cluster\nand point to a secret that holds the join information", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "labels": { + "additionalProperties": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels are label for a given daemon", + "type": "object" + }, + "description": "The labels-related configuration to add/set on each Pod related object.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "loadBalancerSourceSubnets": { + "description": "LoadBalancerSourceSubnets (optional) if given will allow access to the NooBaa services\nonly from the listed subnets. This field will have no effect if DisableLoadBalancerService is set\nto true", + "properties": { + "s3": { + "description": "S3 is a list of subnets that will be allowed to access the Noobaa S3 service", + "items": { + "type": "string" + }, + "type": "array" + }, + "sts": { + "description": "STS is a list of subnets that will be allowed to access the Noobaa STS service", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "logResources": { + "description": "LogResources (optional) overrides the default resource requirements for the noobaa-log-processor container", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "manualDefaultBackingStore": { + "description": "ManualDefaultBackingStore (optional - default value is false) if true the default backingstore/namespacestore\nwill not be reconciled by the operator and it should be manually handled by the user. It will allow the\nuser to delete DefaultBackingStore/DefaultNamespaceStore, user needs to delete associated buckets and\nupdate the admin account with new BackingStore/NamespaceStore in order to delete the DefaultBackingStore/DefaultNamespaceStore", + "nullable": true, + "type": "boolean" + }, + "pvPoolDefaultStorageClass": { + "description": "PVPoolDefaultStorageClass (optional) overrides the default cluster StorageClass for the pv-pool volumes.\nThis affects where the system stores data chunks (encrypted).\nUpdates to this field will only affect new pv-pools,\nbut updates to existing pools are not supported by the operator.", + "type": "string" + }, + "region": { + "description": "Region (optional) provide a region for the location info\nof the endpoints in the endpoint deployment", + "type": "string" + }, + "security": { + "description": "Security represents security settings", + "properties": { + "kms": { + "description": "KeyManagementServiceSpec represent various details of the KMS server", + "properties": { + "connectionDetails": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enableKeyRotation": { + "type": "boolean" + }, + "schedule": { + "type": "string" + }, + "tokenSecretName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "tolerations": { + "description": "Tolerations (optional) passed through to noobaa's pods", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "Most recently observed status of the noobaa system.", + "properties": { + "accounts": { + "description": "Accounts reports accounts info for the admin account", + "properties": { + "admin": { + "description": "UserStatus is the status info of a user secret", + "properties": { + "secretRef": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret\nin any namespace", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + } + }, + "required": [ + "admin" + ], + "type": "object" + }, + "actualImage": { + "description": "ActualImage is set to report which image the operator is using", + "type": "string" + }, + "beforeUpgradeDbImage": { + "description": "BeforeUpgradeDbImage is the db image used before last db upgrade", + "type": "string" + }, + "conditions": { + "description": "Conditions is a list of conditions related to operator reconciliation", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "dbStatus": { + "description": "DBStatus is the status of the postgres cluster", + "properties": { + "actualVolumeSize": { + "description": "ActualVolumeSize is the actual size of the postgres cluster volume. This can be different than the requested size", + "type": "string" + }, + "currentPgMajorVersion": { + "description": "CurrentPgMajorVersion is the major version of the postgres cluster", + "type": "integer" + }, + "dbClusterStatus": { + "description": "DBClusterStatus is the status of the postgres cluster", + "type": "string" + }, + "dbCurrentImage": { + "description": "DBCurrentImage is the image of the postgres cluster", + "type": "string" + } + }, + "type": "object" + }, + "endpoints": { + "description": "Endpoints reports the actual number of endpoints in the endpoint deployment\nand the virtual hosts list used recognized by the endpoints", + "properties": { + "readyCount": { + "format": "int32", + "type": "integer" + }, + "virtualHosts": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "readyCount", + "virtualHosts" + ], + "type": "object" + }, + "lastKeyRotateTime": { + "description": "LastKeyRotateTime is the time system ran an encryption key rotate", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the most recent generation observed for this noobaa system.\nIt corresponds to the CR generation, which is updated on mutation by the API Server.", + "format": "int64", + "type": "integer" + }, + "phase": { + "description": "Phase is a simple, high-level summary of where the System is in its lifecycle", + "type": "string" + }, + "postgresUpdatePhase": { + "description": "Upgrade reports the status of the ongoing postgres upgrade process", + "type": "string" + }, + "readme": { + "description": "Readme is a user readable string with explanations on the system", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects related to this operator.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "services": { + "description": "Services reports addresses for the services", + "properties": { + "serviceMgmt": { + "description": "ServiceStatus is the status info and network addresses of a service", + "properties": { + "externalDNS": { + "description": "ExternalDNS are external public addresses for the service", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalIP": { + "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalDNS": { + "description": "InternalDNS are internal addresses of the service inside the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalIP": { + "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePorts": { + "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", + "items": { + "type": "string" + }, + "type": "array" + }, + "podPorts": { + "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serviceS3": { + "description": "ServiceStatus is the status info and network addresses of a service", + "properties": { + "externalDNS": { + "description": "ExternalDNS are external public addresses for the service", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalIP": { + "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalDNS": { + "description": "InternalDNS are internal addresses of the service inside the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalIP": { + "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePorts": { + "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", + "items": { + "type": "string" + }, + "type": "array" + }, + "podPorts": { + "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serviceSts": { + "description": "ServiceStatus is the status info and network addresses of a service", + "properties": { + "externalDNS": { + "description": "ExternalDNS are external public addresses for the service", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalIP": { + "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalDNS": { + "description": "InternalDNS are internal addresses of the service inside the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalIP": { + "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePorts": { + "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", + "items": { + "type": "string" + }, + "type": "array" + }, + "podPorts": { + "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serviceSyslog": { + "description": "ServiceStatus is the status info and network addresses of a service", + "properties": { + "externalDNS": { + "description": "ExternalDNS are external public addresses for the service", + "items": { + "type": "string" + }, + "type": "array" + }, + "externalIP": { + "description": "ExternalIP are external public addresses for the service\nLoadBalancerPorts such as AWS ELB provide public address and load balancing for the service\nIngressPorts are manually created public addresses for the service\nhttps://kubernetes.io/docs/concepts/services-networking/service/#external-ips\nhttps://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\nhttps://kubernetes.io/docs/concepts/services-networking/ingress/", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalDNS": { + "description": "InternalDNS are internal addresses of the service inside the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "internalIP": { + "description": "InternalIP are internal addresses of the service inside the cluster\nhttps://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePorts": { + "description": "NodePorts are the most basic network available.\nNodePorts use the networks available on the hosts of kubernetes nodes.\nThis generally works from within a pod, and from the internal\nnetwork of the nodes, but may fail from public network.\nhttps://kubernetes.io/docs/concepts/services-networking/service/#nodeport", + "items": { + "type": "string" + }, + "type": "array" + }, + "podPorts": { + "description": "PodPorts are the second most basic network address.\nEvery pod has an IP in the cluster and the pods network is a mesh\nso the operator running inside a pod in the cluster can use this address.\nNote: pod IPs are not guaranteed to persist over restarts, so should be rediscovered.\nNote2: when running the operator outside of the cluster, pod IP is not accessible.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "serviceMgmt", + "serviceS3" + ], + "type": "object" + }, + "upgradePhase": { + "description": "Upgrade reports the status of the ongoing upgrade process", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NooBaa", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NooBaaAccount": { + "description": "NooBaaAccount is the Schema for the NooBaaAccounts API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the NooBaaAccount.", + "properties": { + "allow_bucket_creation": { + "description": "AllowBucketCreate specifies if new buckets can be created by this account", + "type": "boolean" + }, + "default_resource": { + "description": "DefaultResource specifies which backingstore this account will use to create new buckets", + "type": "string" + }, + "force_md5_etag": { + "description": "ForceMd5Etag specifies whether MD5 Etags should be calculated for the account or not", + "type": "boolean" + }, + "nsfs_account_config": { + "description": "NsfsAccountConfig specifies the configurations on Namespace FS", + "nullable": true, + "properties": { + "distinguished_name": { + "type": "string" + }, + "gid": { + "type": "integer" + }, + "new_buckets_path": { + "type": "string" + }, + "nsfs_only": { + "type": "boolean" + }, + "uid": { + "type": "integer" + } + }, + "required": [ + "new_buckets_path", + "nsfs_only" + ], + "type": "object" + } + }, + "required": [ + "allow_bucket_creation" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the NooBaaAccount.", + "properties": { + "conditions": { + "description": "Conditions is a list of conditions related to operator reconciliation", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "phase": { + "description": "Phase is a simple, high-level summary of where the noobaa user is in its lifecycle", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects related to this operator.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NooBaaAccount", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NooBaaAccountList": { + "description": "NooBaaAccountList is a list of NooBaaAccount", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of noobaaaccounts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.v1alpha1.NooBaaAccount" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NooBaaAccountList", + "version": "v1alpha1" + } + ] + }, + "noobaa.io/v1alpha1/NooBaaList": { + "description": "NooBaaList is a list of NooBaa", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of noobaas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.v1alpha1.NooBaa" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "noobaa.io", + "kind": "NooBaaList", + "version": "v1alpha1" + } + ] + }, + "oauth.openshift.io/v1/OAuthAccessToken": { + "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "format": "int64", + "type": "integer" + }, + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "format": "int32", + "type": "integer" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" + }, + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", + "type": "string" + }, + "scopes": { + "description": "scopes is an array of the requested scopes.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token", + "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthAccessToken", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthAccessTokenList": { + "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth access tokens", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthAccessToken" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthAccessTokenList", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthAuthorizeToken": { + "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "codeChallenge": { + "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "codeChallengeMethod": { + "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "format": "int64", + "type": "integer" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" + }, + "scopes": { + "description": "scopes is an array of the requested scopes.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "state": { + "description": "state data from request", + "type": "string" + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", + "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthAuthorizeToken", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthAuthorizeTokenList": { + "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth authorization tokens", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthAuthorizeTokenList", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthClient": { + "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "format": "int32", + "type": "integer" + }, + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", + "format": "int32", + "type": "integer" + }, + "additionalSecrets": { + "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "grantMethod": { + "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "redirectURIs": { + "description": "redirectURIs is the valid redirection URIs associated with a client", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-patch-strategy": "merge" + }, + "respondWithChallenges": { + "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", + "type": "boolean" + }, + "scopeRestrictions": { + "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.ScopeRestriction" + } + ], + "default": {} + }, + "type": "array" + }, + "secret": { + "description": "secret is the unique secret associated with a client", + "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthClient", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthClientAuthorization": { + "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this authorization", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "scopes": { + "description": "scopes is an array of the granted scopes.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "userName": { + "description": "userName is the user name that authorized this client", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", + "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthClientAuthorization", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthClientAuthorizationList": { + "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth client authorizations", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthClientAuthorizationList", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/OAuthClientList": { + "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth clients", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.OAuthClient" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "OAuthClientList", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/UserOAuthAccessToken": { + "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "format": "int64", + "type": "integer" + }, + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "format": "int32", + "type": "integer" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" + }, + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", + "type": "string" + }, + "scopes": { + "description": "scopes is an array of the requested scopes.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token", + "type": "string" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "UserOAuthAccessToken", + "version": "v1" + } + ] + }, + "oauth.openshift.io/v1/UserOAuthAccessTokenList": { + "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "oauth.openshift.io", + "kind": "UserOAuthAccessTokenList", + "version": "v1" + } + ] + }, + "objectbucket.io/v1alpha1/ObjectBucket": { + "description": "", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the bucket.", + "properties": { + "additionalState": { + "additionalProperties": { + "type": "string" + }, + "description": "additionalState gives providers a location to set proprietary config values (tenant, namespace, etc)", + "type": "object" + }, + "claimRef": { + "description": "ObjectReference to ObjectBucketClaim", + "type": "object" + }, + "endpoint": { + "description": "Endpoint contains all connection relevant data that an app may require for accessing the bucket", + "properties": { + "additionalConfig": { + "additionalProperties": { + "type": "string" + }, + "description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)", + "type": "object" + }, + "bucketHost": { + "description": "Bucket address hostname", + "type": "string" + }, + "bucketName": { + "description": "Bucket name", + "type": "string" + }, + "bucketPort": { + "description": "Bucket address port", + "type": "integer" + }, + "region": { + "description": "Bucket region", + "type": "string" + }, + "subRegion": { + "description": "Bucket sub-region", + "type": "string" + } + }, + "type": "object" + }, + "reclaimPolicy": { + "description": "Describes a policy for end-of-life maintenance of ObjectBucket.", + "enum": [ + "Delete", + "Retain", + "Recycle" + ], + "type": "string" + }, + "storageClassName": { + "description": "StorageClass names the StorageClass object representing the desired provisioner and parameters", + "type": "string" + } + }, + "required": [ + "storageClassName" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the bucket.", + "properties": { + "phase": { + "description": "ObjectBucketStatusPhase is set by the controller to save the state of the provisioning process", + "enum": [ + "Bound", + "Released", + "Failed" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "objectbucket.io", + "kind": "ObjectBucket", + "version": "v1alpha1" + } + ] + }, + "objectbucket.io/v1alpha1/ObjectBucketClaim": { + "description": "", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the claim.", + "properties": { + "additionalConfig": { + "additionalProperties": { + "type": "string" + }, + "description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)", + "type": "object" + }, + "bucketName": { + "description": "BucketName (not recommended) the name of the bucket. Caution! In-store bucket names may collide across namespaces. If you define the name yourself, try to make it as unique as possible.", + "type": "string" + }, + "generateBucketName": { + "description": "GenerateBucketName (recommended) a prefix for a bucket name to be followed by a hyphen and 5 random characters. Protects against in-store name collisions.", + "type": "string" + }, + "objectBucketName": { + "description": "ObjectBucketName is the name of the object bucket resource. This is the authoritative determination for binding.", + "type": "string" + }, + "storageClassName": { + "description": "StorageClass names the StorageClass object representing the desired provisioner and parameters", + "type": "string" + } + }, + "required": [ + "storageClassName" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the claim.", + "properties": { + "phase": { + "description": "ObjectBucketClaimStatusPhase is set by the controller to save the state of the provisioning process", + "enum": [ + "Pending", + "Bound", + "Released", + "Failed" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "objectbucket.io", + "kind": "ObjectBucketClaim", + "version": "v1alpha1" + } + ] + }, + "objectbucket.io/v1alpha1/ObjectBucketClaimList": { + "description": "ObjectBucketClaimList is a list of ObjectBucketClaim", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of objectbucketclaims. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.objectbucket.v1alpha1.ObjectBucketClaim" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "objectbucket.io", + "kind": "ObjectBucketClaimList", + "version": "v1alpha1" + } + ] + }, + "objectbucket.io/v1alpha1/ObjectBucketList": { + "description": "ObjectBucketList is a list of ObjectBucket", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of objectbuckets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.objectbucket.v1alpha1.ObjectBucket" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "objectbucket.io", + "kind": "ObjectBucketList", + "version": "v1alpha1" + } + ] + }, + "ocs.openshift.io/v1/OCSInitialization": { + "description": "OCSInitialization represents the initial data to be created when the operator is installed.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OCSInitializationSpec defines the desired state of OCSInitialization", + "type": "object" + }, + "status": { + "description": "OCSInitializationStatus defines the observed state of OCSInitialization", + "properties": { + "conditions": { + "description": "Conditions describes the state of the OCSInitialization resource.", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "errorMessage": { + "type": "string" + }, + "phase": { + "description": "Phase describes the Phase of OCSInitialization\nThis is used by OLM UI to provide status information\nto the user", + "type": "string" + }, + "relatedObjects": { + "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "sCCsCreated": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "OCSInitialization", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/OCSInitializationList": { + "description": "OCSInitializationList is a list of OCSInitialization", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ocsinitializations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1.OCSInitialization" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "OCSInitializationList", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageAutoScaler": { + "description": "StorageAutoScaler represents the automatic storage scaling for storage cluster.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "StorageAutoScalerSpec defines the desired state of StorageAutoScaler", + "properties": { + "deviceClass": { + "default": "ssd", + "description": "DeviceClass is the name of the device class for which the storage scaling is to be done.", + "type": "string" + }, + "maxOsdSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "default": "8Ti", + "description": "MaxOsdSize is the maximum size that Osd disk can be expanded to.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "storageCapacityLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "StorageCapacityLimit is the total aggregate capacity limit for the storage scaling for the specific deviceClass and storagecluster.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "storageCluster": { + "description": "StorageCluster is the name of the storage cluster for which the storage scaling is to be done.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageScalingThresholdPercent": { + "default": 70, + "description": "StorageScalingThresholdPercent is the threshold percentage of the storage capacity that triggers the auto-scaling of the OSDs.\nShould be less than the OsdNearFullThresholdPercentage.", + "type": "integer" + }, + "timeoutSeconds": { + "default": 1800, + "description": "TimeoutSeconds is the time in seconds after which the storage auto-scaler will alert the user that the scaling operation has been failed.", + "type": "integer" + } + }, + "required": [ + "storageCapacityLimit", + "storageCluster" + ], + "type": "object" + }, + "status": { + "description": "StorageAutoScalerStatus defines the observed state of StorageAutoScaler", + "properties": { + "error": { + "description": "Error is the error message in case the storage scaling operation has failed.", + "nullable": true, + "properties": { + "message": { + "description": "Message is the error message in case the storage scaling operation has failed.", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time stamp when the error occurred.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "lastExpansion": { + "nullable": true, + "properties": { + "completionTime": { + "description": "CompletionTime is the time stamp of the last run completion of the storage scaling", + "format": "date-time", + "type": "string" + }, + "expectedOsdCount": { + "description": "The Expected OSD count is the count that the auto-expansion has decided to set.\nThis will be set on the storageCluster CR as the desired count of the OSDs.\nUsed for horizontal scaling of OSDs.", + "type": "integer" + }, + "expectedOsdSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The ExpectedOsdSize is the size that the auto-expansion has decided to set.\nThis will be set on the storageCLuster CR as the desired size of the OSDs.\nUsed for vertical scaling of OSDs.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "expectedStorageCapacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "ExpectedStorageCapacity is the expected storage capacity of the storage cluster after the expansion in progress is completed.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "startOsdCount": { + "description": "The start OSD count is the original count of the OSDs before the expansion in progress is completed.\nAfter the expansion is completed, this would be updated to the expected OSD count.\nUsed for horizontal scaling of OSDs.", + "type": "integer" + }, + "startOsdSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The start OSD size is the original size of the OSDs before the expansion in progress is completed.\nAfter the expansion is completed, this would be updated to the expected OSD size.\nUsed for vertical scaling of OSDs.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "startStorageCapacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "StartStorageCapacity is the original storage capacity of the storage cluster before the expansion in progress is completed.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "startTime": { + "description": "StartTime is the time stamp of the last run start of the storage scaling", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "phase": { + "description": "Phase describes the Phase of StorageAutoScaler", + "type": "string" + }, + "storageCapacityLimitReached": { + "description": "StorageCapacityLimitReached is the flag that indicates if the storage capacity limit has been reached.", + "nullable": true, + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageAutoScaler", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageAutoScalerList": { + "description": "StorageAutoScalerList is a list of StorageAutoScaler", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageautoscalers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageAutoScaler" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageAutoScalerList", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageCluster": { + "description": "StorageCluster represents a cluster including Ceph Cluster, NooBaa and all the storage and compute resources required.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "StorageClusterSpec defines the desired state of StorageCluster", + "properties": { + "allowRemoteStorageConsumers": { + "description": "AllowRemoteStorageConsumers Indicates that the OCS cluster should deploy the needed\ncomponents to enable connections from remote consumers.", + "type": "boolean", + "x-kubernetes-validations": [ + { + "message": "allowRemoteStorageConsumers is immutable", + "rule": "oldSelf == self" + } + ] + }, + "arbiter": { + "description": "ArbiterSpec specifies the storage cluster options related to arbiter.\nIf Arbiter is enabled, ArbiterLocation in the NodeTopologies must be specified.", + "properties": { + "arbiterMonPVCTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "disableMasterNodeToleration": { + "description": "DisableMasterNodeToleration can be used to turn off the arbiter mon toleration for the master node taint.", + "type": "boolean" + }, + "enable": { + "type": "boolean" + } + }, + "type": "object" + }, + "backingStorageClasses": { + "description": "BackingStorageClasses is a list of storage classes that will be\nprovisioned by the storagecluster controller to be used in\nstorageDeviceSets section of the CR.", + "items": { + "description": "BackingStorageClass defines the backing storageclass for StorageDeviceSet", + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters holds the parameters for the provisioner that should\ncreate volumes of this storage class.", + "type": "object" + }, + "provisioner": { + "description": "Provisioner indicates the type of the provisioner.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "csi": { + "description": "CSIDriverSpec defines the CSI driver settings for the StorageCluster.", + "properties": { + "readAffinity": { + "description": "ReadAffinity defines the read affinity settings for CSI driver.", + "properties": { + "crushLocationLabels": { + "description": "CrushLocationLabels defines which node labels to use\nas CRUSH location. This should correspond to the values set in\nthe CRUSH map.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enabled": { + "description": "Enables read affinity for CSI driver.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enableCephTools": { + "description": "EnableCephTools toggles on whether or not the ceph tools pod\nshould be deployed.\nDefaults to false", + "type": "boolean" + }, + "encryption": { + "description": "EncryptionSpec defines if encryption should be enabled for the Storage Cluster\nIt is optional and defaults to false.", + "properties": { + "clusterWide": { + "type": "boolean" + }, + "enable": { + "description": "deprecated from OCS 4.10 onwards, acting as a dummy,\nUI will keep sending this flag for backward compatibility (OCP 4.10 + OCS 4.9)", + "type": "boolean" + }, + "keyRotation": { + "description": "KeyRotation defines options for Key Rotation.", + "properties": { + "enable": { + "description": "Enable represents whether the key rotation is enabled.", + "type": "boolean" + }, + "schedule": { + "default": "@weekly", + "description": "Schedule represents the cron schedule for key rotation.", + "type": "string" + } + }, + "type": "object" + }, + "kms": { + "description": "KeyManagementServiceSpec provides a way to enable KMS", + "properties": { + "enable": { + "type": "boolean" + } + }, + "type": "object" + }, + "storageClass": { + "type": "boolean" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for ceph encrypted block pools", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "externalStorage": { + "description": "ExternalStorage is optional and defaults to false. When set to true, OCS will\nconnect to an external OCS Storage Cluster instead of provisioning one locally.", + "properties": { + "enable": { + "type": "boolean" + } + }, + "type": "object" + }, + "flexibleScaling": { + "description": "If enabled, sets the failureDomain to host, allowing devices to be\ndistributed evenly across all nodes, regardless of distribution in zones\nor racks.", + "type": "boolean" + }, + "hostNetwork": { + "description": "HostNetwork defaults to false", + "type": "boolean" + }, + "labelSelector": { + "description": "LabelSelector is used to specify custom labels of nodes to run OCS on", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "logCollector": { + "description": "Logging represents loggings settings", + "nullable": true, + "properties": { + "enabled": { + "description": "Enabled represents whether the log collector is enabled", + "type": "boolean" + }, + "maxLogSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "periodicity": { + "description": "Periodicity is the periodicity of the log rotation.", + "pattern": "^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$", + "type": "string" + } + }, + "type": "object" + }, + "managedResources": { + "description": "ManagedResources specifies how to deal with auxiliary resources reconciled\nwith the StorageCluster", + "properties": { + "cephBlockPools": { + "description": "ManageCephBlockPools defines how to reconcile CephBlockPools", + "properties": { + "defaultStorageClass": { + "description": "if set to true, the storageClass created for cephBlockPools will be annotated as the default for the whole cluster", + "type": "boolean" + }, + "defaultVirtualizationStorageClass": { + "description": "if set to true, the virtualization storageClass will be annotated as the default for kubevirt workloads", + "type": "boolean" + }, + "poolSpec": { + "description": "PoolSpec specifies the pool specification for the default cephBlockPool", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, + "properties": { + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", + "type": "string" + }, + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", + "type": "string" + }, + "startTime": { + "description": "StartTime indicates when to start the snapshot", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" + }, + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" + }, + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "reconcileStrategy": { + "type": "string" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for ceph block pools", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "virtualizationStorageClassName": { + "description": "VirtualizationStorageClassName specifies the name of the storage class created for ceph block pools\nfor virtualization environment", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "cephCluster": { + "description": "ManageCephCluster defines how to reconcile the Ceph cluster definition", + "properties": { + "allowDeviceClassUpdate": { + "description": "Whether to allow updating the device class after the OSD is initially provisioned", + "type": "boolean" + }, + "backfillFullRatio": { + "description": "BackfillFullRatio is the ratio at which the cluster is too full for backfill. Backfill will be disabled if above this threshold. Default is 0.80.", + "maximum": 1, + "minimum": 0, + "nullable": true, + "type": "number" + }, + "cephConfig": { + "additionalProperties": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "description": "Ceph Config options", + "type": "object" + }, + "cleanupPolicy": { + "description": "CleanupPolicy defines the cleanup policy for the Rook Ceph cluster.", + "properties": { + "allowUninstallWithVolumes": { + "description": "AllowUninstallWithVolumes defines whether we can proceed with the uninstall if they are RBD images still present", + "type": "boolean" + }, + "confirmation": { + "description": "Confirmation represents the cleanup confirmation", + "nullable": true, + "pattern": "^$|^yes-really-destroy-data$", + "type": "string" + }, + "sanitizeDisks": { + "description": "SanitizeDisks represents way we sanitize disks", + "nullable": true, + "properties": { + "dataSource": { + "description": "DataSource is the data source to use to sanitize the disk with", + "enum": [ + "zero", + "random" + ], + "type": "string" + }, + "iteration": { + "description": "Iteration is the number of pass to apply the sanitizing", + "format": "int32", + "type": "integer" + }, + "method": { + "description": "Method is the method we use to sanitize disks", + "enum": [ + "complete", + "quick" + ], + "type": "string" + } + }, + "type": "object" + }, + "wipeDevicesFromOtherClusters": { + "description": "WipeDevicesFromOtherClusters wipes the OSD disks belonging to other clusters. This is useful in scenarios where ceph cluster\nwas reinstalled but OSD disk still contains the metadata from previous ceph cluster.", + "type": "boolean" + } + }, + "type": "object" + }, + "clearDefaultTargetSizeRatio": { + "description": "If set to true, ocs-operator will not set the default target size ratio for the data pools it creates.", + "type": "boolean" + }, + "continueUpgradeAfterChecksEvenIfNotHealthy": { + "description": "Whether or not continue if PGs are not clean during an upgrade", + "type": "boolean" + }, + "fullRatio": { + "description": "FullRatio is the ratio at which the cluster is considered full and ceph will stop accepting writes. Default is 0.85.", + "maximum": 1, + "minimum": 0, + "nullable": true, + "type": "number" + }, + "healthCheck": { + "description": "CephClusterHealthCheckSpec represent the healthcheck for Ceph daemons", + "properties": { + "daemonHealth": { + "description": "DaemonHealth is the health check for a given daemon", + "nullable": true, + "properties": { + "mon": { + "description": "Monitor represents the health check settings for the Ceph monitor", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + }, + "osd": { + "description": "ObjectStorageDaemon represents the health check settings for the Ceph OSDs", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "Status represents the health check settings for the Ceph health", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "additionalProperties": { + "description": "ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon", + "properties": { + "disabled": { + "description": "Disabled determines whether probe is disable or not", + "type": "boolean" + }, + "probe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "description": "LivenessProbe allows changing the livenessProbe configuration for a given daemon", + "type": "object" + }, + "startupProbe": { + "additionalProperties": { + "description": "ProbeSpec is a wrapper around Probe so it can be enabled or disabled for a Ceph daemon", + "properties": { + "disabled": { + "description": "Disabled determines whether probe is disable or not", + "type": "boolean" + }, + "probe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" + "value": { + "description": "The header field value", + "type": "string" } }, "required": [ - "name" + "name", + "value" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "description": "StartupProbe allows changing the startupProbe configuration for a given daemon", + "type": "object" + } + }, + "type": "object" + }, + "mgrCount": { + "enum": [ + 1, + 2 + ], + "type": "integer" + }, + "monCount": { + "enum": [ + 3, + 5 + ], + "type": "integer" + }, + "nearFullRatio": { + "description": "NearFullRatio is the ratio at which the cluster is considered nearly full and will raise a ceph health warning. Default is 0.75.", + "maximum": 1, + "minimum": 0, + "nullable": true, + "type": "number" + }, + "osdMaintenanceTimeout": { + "description": "A duration in minutes that determines how long an entire failureDomain like `region/zone/host` will be held in `noout` (in addition to the\ndefault DOWN/OUT interval) when it is draining. This is only relevant when `managePodBudgets` is `true` in cephCluster CR.\nThe default value is `30` minutes.", + "format": "int64", + "type": "integer" + }, + "reconcileStrategy": { + "type": "string" + }, + "skipUpgradeChecks": { + "description": "Whether or not upgrade should continue even if a check fails\nThis means Ceph's status could be degraded and we don't recommend upgrading but you might decide otherwise\nUse at your OWN risk", + "type": "boolean" + }, + "upgradeOSDRequiresHealthyPGs": { + "description": "Whether or not requires PGs are clean before an OSD upgrade. If set to `true` OSD upgrade process won't start until PGs are healthy.\nThis configuration will be ignored if `skipUpgradeChecks` is `true`.", + "type": "boolean" + }, + "waitTimeoutForHealthyOSDInMinutes": { + "description": "WaitTimeoutForHealthyOSDInMinutes defines the time the operator would wait before an OSD can be stopped for upgrade or restart.\nIf `continueUpgradeAfterChecksEvenIfNotHealthy` is `false` and the timeout exceeds and OSD is not ok to stop, then the operator\nwould skip upgrade for the current OSD and proceed with the next one.\nIf `continueUpgradeAfterChecksEvenIfNotHealthy` is `true`, then operator would continue with the upgrade of an OSD even if its\nnot ok to stop after the timeout.\nThis timeout won't be applied if `skipUpgradeChecks` is `true`.\nThe default wait timeout is 10 minutes.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "cephConfig": { + "description": "ManageCephConfig defines how to reconcile the Ceph configuration", + "properties": { + "reconcileStrategy": { + "type": "string" + } + }, + "type": "object" + }, + "cephDashboard": { + "description": "ManageCephDashboard defines how to reconcile Ceph dashboard", + "properties": { + "enable": { + "type": "boolean" + }, + "ssl": { + "description": "serve the dashboard using SSL", + "type": "boolean" + } + }, + "type": "object" + }, + "cephFilesystems": { + "description": "ManageCephFilesystems defines how to reconcile CephFilesystems", + "properties": { + "activeMetadataServers": { + "type": "integer" + }, + "additionalDataPools": { + "description": "AdditionalDataPools specifies list of additional named cephfs data pools", + "items": { + "description": "NamedPoolSpec represents the named ceph pool spec", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, + "properties": { + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", + "type": "string" + }, + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", + "type": "string" + }, + "startTime": { + "description": "StartTime indicates when to start the snapshot", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the pool", + "type": "string" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" + }, + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" + }, + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "type": "array" + }, + "dataPoolSpec": { + "description": "DataPoolSpec specifies the pool specification for the default cephfs data pool", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, + "properties": { + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", + "type": "string" + }, + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", + "type": "string" + }, + "startTime": { + "description": "StartTime indicates when to start the snapshot", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" + }, + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" + }, + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "metadataPoolSpec": { + "description": "MetadataPoolSpec specifies the pool specification for the default cephFS metadata pool", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, + "properties": { + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", + "type": "string" + }, + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", + "type": "string" + }, + "startTime": { + "description": "StartTime indicates when to start the snapshot", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" + }, + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" + }, + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "reconcileStrategy": { + "type": "string" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for cephfs", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "cephNonResilientPools": { + "description": "ManageCephNonResilientPools defines how to reconcile ceph non-resilient pools", + "properties": { + "count": { + "description": "Count is the number of devices in this set", + "minimum": 1, + "type": "integer" + }, + "enable": { + "type": "boolean" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on the non-resilient cephBlockPools", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "resources": { + "description": "ResourceRequirements (requests/limits) for the devices", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for ceph non-resilient pools", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "volumeClaimTemplate": { + "description": "VolumeClaimTemplates is a PVC template for the underlying storage devices", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "containers" + "key", + "operator" ], "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "cephObjectStoreUsers": { + "description": "ManageCephObjectStoreUsers defines how to reconcile CephObjectStoreUsers", + "properties": { + "reconcileStrategy": { + "type": "string" + } + }, + "type": "object" + }, + "cephObjectStores": { + "description": "ManageCephObjectStores defines how to reconcile CephObjectStores", + "properties": { + "dataPoolSpec": { + "description": "DataPoolSpec specifies the pool specification for the default cephObjectStore data pool", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, + "properties": { + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", + "type": "string" + }, + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", + "type": "string" + }, + "startTime": { + "description": "StartTime indicates when to start the snapshot", + "type": "string" } }, - "type": "object" - } + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "primaryDeviceClass", + "secondaryDeviceClass" + ], + "type": "object" }, - "required": [ - "selector", - "template" - ], - "type": "object" - } + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } + }, + "required": [ + "size" + ], + "type": "object" }, - "required": [ - "name", - "spec" - ], - "type": "object" + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } }, - "type": "array" + "type": "object" }, - "permissions": { - "items": { - "description": "StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy", - "properties": { - "rules": { - "items": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to.", + "disableRoute": { + "type": "boolean" + }, + "gatewayInstances": { + "type": "integer" + }, + "gatewayPort": { + "type": "integer" + }, + "gatewaySecurePort": { + "type": "integer" + }, + "hostNetwork": { + "type": "boolean" + }, + "metadataPoolSpec": { + "description": "MetadataPoolSpec specifies the pool specification for the default cephObjectStore metadata pool", + "properties": { + "application": { + "description": "The application name to set on the pool. Only expected to be set for rgw pools.", + "type": "string" + }, + "compressionMode": { + "description": "DEPRECATED: use Parameters instead, e.g., Parameters[\"compression_mode\"] = \"force\"\nThe inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)\nDo NOT set a default value for kubebuilder as this will override the Parameters", + "enum": [ + "none", + "passive", + "aggressive", + "force", + "" + ], + "nullable": true, + "type": "string" + }, + "crushRoot": { + "description": "The root of the crush hierarchy utilized by the pool", + "nullable": true, + "type": "string" + }, + "deviceClass": { + "description": "The device class the OSD should set to for use in the pool", + "nullable": true, + "type": "string" + }, + "enableCrushUpdates": { + "description": "Allow rook operator to change the pool CRUSH tunables once the pool is created", + "nullable": true, + "type": "boolean" + }, + "enableRBDStats": { + "description": "EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool", + "type": "boolean" + }, + "erasureCoded": { + "description": "The erasure code settings", + "properties": { + "algorithm": { + "description": "The algorithm for erasure coding.\nIf absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.", + "enum": [ + "isa", + "jerasure" + ], + "type": "string" + }, + "codingChunks": { + "description": "Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThis is the number of OSDs that can be lost simultaneously before data cannot be recovered.", + "minimum": 0, + "type": "integer" + }, + "dataChunks": { + "description": "Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).\nThe number of chunks required to recover an object when any single OSD is lost is the same\nas dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.", + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "codingChunks", + "dataChunks" + ], + "type": "object" + }, + "failureDomain": { + "description": "The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map", + "type": "string" + }, + "mirroring": { + "description": "The mirroring settings", + "properties": { + "enabled": { + "description": "Enabled whether this pool is mirrored or not", + "type": "boolean" + }, + "mode": { + "description": "Mode is the mirroring mode: pool, image or init-only.", + "enum": [ + "pool", + "image", + "init-only" + ], + "type": "string" + }, + "peers": { + "description": "Peers represents the peers spec", + "nullable": true, "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "secretNames": { + "description": "SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers", "items": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", - "items": { + "type": "array" + } + }, + "type": "object" + }, + "snapshotSchedules": { + "description": "SnapshotSchedules is the scheduling of snapshot for mirrored images/pools", + "items": { + "description": "SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool", + "properties": { + "interval": { + "description": "Interval represent the periodicity of the snapshot.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "items": { + "path": { + "description": "Path is the path to snapshot, only valid for CephFS", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", - "items": { + "startTime": { + "description": "StartTime indicates when to start the snapshot", "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a list of properties to enable on a given pool", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "quotas": { + "description": "The quota settings", + "nullable": true, + "properties": { + "maxBytes": { + "description": "MaxBytes represents the quota in bytes\nDeprecated in favor of MaxSize", + "format": "int64", + "type": "integer" + }, + "maxObjects": { + "description": "MaxObjects represents the quota in objects", + "format": "int64", + "type": "integer" + }, + "maxSize": { + "description": "MaxSize represents the quota in bytes as a string", + "pattern": "^[0-9]+[\\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$", + "type": "string" + } + }, + "type": "object" + }, + "replicated": { + "description": "The replication settings", + "properties": { + "hybridStorage": { + "description": "HybridStorage represents hybrid storage tier settings", + "nullable": true, + "properties": { + "primaryDeviceClass": { + "description": "PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD", + "minLength": 1, + "type": "string" + }, + "secondaryDeviceClass": { + "description": "SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs", + "minLength": 1, + "type": "string" } }, "required": [ - "verbs" + "primaryDeviceClass", + "secondaryDeviceClass" ], "type": "object" }, - "type": "array" + "replicasPerFailureDomain": { + "description": "ReplicasPerFailureDomain the number of replica in the specified failure domain", + "minimum": 1, + "type": "integer" + }, + "requireSafeReplicaSize": { + "description": "RequireSafeReplicaSize if false allows you to set replica 1", + "type": "boolean" + }, + "size": { + "description": "Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)", + "minimum": 0, + "type": "integer" + }, + "subFailureDomain": { + "description": "SubFailureDomain the name of the sub-failure domain", + "type": "string" + }, + "targetSizeRatio": { + "description": "TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity", + "minimum": 0, + "type": "number" + } }, - "serviceAccountName": { - "type": "string" - } + "required": [ + "size" + ], + "type": "object" }, - "required": [ - "rules", - "serviceAccountName" - ], - "type": "object" + "statusCheck": { + "description": "The mirroring statusCheck", + "properties": { + "mirror": { + "description": "HealthCheckSpec represents the health check of an object store bucket", + "nullable": true, + "properties": { + "disabled": { + "type": "boolean" + }, + "interval": { + "description": "Interval is the internal in second or minute for the health check to run like 60s for 60 seconds", + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } }, - "type": "array" + "type": "object" + }, + "reconcileStrategy": { + "type": "string" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for ceph obc's", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" } }, - "required": [ - "deployments" - ], "type": "object" }, - "strategy": { - "type": "string" - } - }, - "required": [ - "strategy" - ], - "type": "object" - }, - "installModes": { - "description": "InstallModes specify supported installation types", - "items": { - "description": "InstallMode associates an InstallModeType with a flag representing if the CSV supports it", - "properties": { - "supported": { - "type": "boolean" + "cephRBDMirror": { + "description": "ManageCephRBDMirror defines how to reconcile Ceph RBDMirror", + "properties": { + "daemonCount": { + "minimum": 1, + "type": "integer" + }, + "reconcileStrategy": { + "type": "string" + } }, - "type": { - "description": "InstallModeType is a supported type of install mode for CSV installation", - "type": "string" - } + "type": "object" }, - "required": [ - "supported", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "keywords": { - "description": "A list of keywords describing the operator.", - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "cephToolbox": { + "description": "ManageCephToolbox defines how to reconcile Ceph toolbox", + "properties": { + "reconcileStrategy": { + "type": "string" + } + }, + "type": "object" + } }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.", "type": "object" }, - "links": { - "description": "A list of links related to the operator.", - "items": { - "properties": { - "name": { - "type": "string" - }, - "url": { - "type": "string" - } + "mirroring": { + "description": "Mirroring specifies data mirroring configuration for the storage cluster.\nThis configuration will only be applied to resources managed by the operator.", + "properties": { + "enabled": { + "description": "If true, data mirroring is enabled for the StorageCluster.\nThis configuration will only be applied to resources (such as CephBlockPool)\nmanaged by the operator.\nIt is optional and defaults to false.", + "type": "boolean" }, - "type": "object" - }, - "type": "array" - }, - "maintainers": { - "description": "A list of organizational entities maintaining the operator.", - "items": { - "properties": { - "email": { + "peerSecretNames": { + "description": "PeerSecretNames represents the Kubernetes Secret names of rbd-mirror peers tokens", + "items": { "type": "string" }, - "name": { - "type": "string" - } - }, - "type": "object" + "type": "array" + } }, - "type": "array" - }, - "maturity": { - "type": "string" + "type": "object" }, - "minKubeVersion": { + "monDataDirHostPath": { "type": "string" }, - "nativeAPIs": { - "items": { - "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion\nto avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", - "properties": { - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "group", - "kind", - "version" - ], - "type": "object" - }, - "type": "array" - }, - "provider": { - "description": "The publishing entity behind the operator.", + "monPVCTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "properties": { - "name": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "url": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "relatedImages": { - "description": "List any related images, or other container images that your Operator might require to perform their functions.\nThis list should also include operand images as well. All image references should be specified by\ndigest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime.", - "items": { - "properties": { - "image": { - "type": "string" - }, - "name": { - "type": "string" - } }, - "required": [ - "image", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "replaces": { - "description": "The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV.", - "type": "string" - }, - "selector": { - "description": "Label selector for related resources.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "object" + }, + "finalizers": { + "items": { "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "array" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "skips": { - "description": "The name(s) of one or more CSV(s) that should be skipped in the upgrade graph.\nShould match the `metadata.Name` field of the CSV that should be skipped.\nThis field is only used during catalog creation and plays no part in cluster runtime.", - "items": { - "type": "string" - }, - "type": "array" - }, - "version": { - "type": "string" - }, - "webhookdefinitions": { - "items": { - "description": "WebhookDescription provides details to OLM about required webhooks", - "properties": { - "admissionReviewVersions": { - "items": { - "type": "string" + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "type": "array" - }, - "containerPort": { - "default": 443, - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "conversionCRDs": { - "items": { + "name": { "type": "string" }, - "type": "array" - }, - "deploymentName": { - "type": "string" - }, - "failurePolicy": { - "description": "FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.", - "type": "string" - }, - "generateName": { - "type": "string" - }, - "matchPolicy": { - "description": "MatchPolicyType specifies the type of match policy.", - "type": "string" + "namespace": { + "type": "string" + } }, - "objectSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "matchLabels": { - "additionalProperties": { + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "reinvocationPolicy": { - "description": "ReinvocationPolicyType specifies what type of policy the admission hook uses.", - "type": "string" - }, - "rules": { - "items": { - "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make\nsure that all the tuple expansions are valid.", + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", - "items": { - "type": "string" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions.\nIf '*' is present, the length of the slice must be one.\nRequired.", - "items": { - "type": "string" + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "operations": { - "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *\nfor all of those operations and any future admission operations that are added.\nIf '*' is present, the length of the slice must be one.\nRequired.", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "OperationType specifies an operation for a request.", - "type": "string" + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example:\n'pods' means pods.\n'pods/log' means the log subresource of pods.\n'*' means all resources, but not subresources.\n'pods/*' means all subresources of pods.\n'*/scale' means all scale subresources.\n'*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not\noverlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed.\nRequired.", - "items": { + "matchLabels": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "scope": { - "description": "scope specifies the scope of this rule.\nValid values are \"Cluster\", \"Namespaced\", and \"*\"\n\"Cluster\" means that only cluster-scoped resources will match this rule.\nNamespace API objects are cluster-scoped.\n\"Namespaced\" means that only namespaced resources will match this rule.\n\"*\" means that there are no scope restrictions.\nSubresources match the scope of their parent resource.\nDefault is \"*\".", - "type": "string" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array" - }, - "sideEffects": { - "description": "SideEffectClass specifies the types of side effects a webhook may have.", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "timeoutSeconds": { - "format": "int32", - "type": "integer" - }, - "type": { - "description": "WebhookAdmissionType is the type of admission webhooks supported by OLM", - "enum": [ - "ValidatingAdmissionWebhook", - "MutatingAdmissionWebhook", - "ConversionWebhook" - ], - "type": "string" + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } }, - "webhookPath": { - "type": "string" - } + "type": "object" }, - "required": [ - "admissionReviewVersions", - "generateName", - "sideEffects", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "displayName", - "install" - ], - "type": "object" - }, - "status": { - "description": "ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual\nstate of a system.", - "properties": { - "certsLastUpdated": { - "description": "Last time the owned APIService certs were updated", - "format": "date-time", - "type": "string" - }, - "certsRotateAt": { - "description": "Time the owned APIService certs will rotate next", - "format": "date-time", - "type": "string" - }, - "cleanup": { - "description": "CleanupStatus represents information about the status of cleanup while a CSV is pending deletion", - "properties": { - "pendingDeletion": { - "description": "PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers.\nThis indicates the progress of cleanup that is blocking CSV deletion or operator uninstall.", - "items": { - "description": "ResourceList represents a list of resources which are of the same Group/Kind", - "properties": { - "group": { + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { "type": "string" }, - "instances": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "description": "Namespace can be empty for cluster-scoped resources", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } }, - "type": "array" + "required": [ + "status", + "type" + ], + "type": "object" }, - "kind": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "group", - "instances", - "kind" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "conditions": { - "description": "List of conditions, a history of state transitions", - "items": { - "description": "Conditions appear in the status as a record of state transitions on the ClusterServiceVersion", - "properties": { - "lastTransitionTime": { - "description": "Last time the status transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "lastUpdateTime": { - "description": "Last time we updated the status", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about why the ClusterServiceVersion is in this condition.", - "type": "string" - }, - "phase": { - "description": "Condition of the ClusterServiceVersion", - "type": "string" - }, - "reason": { - "description": "A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state.\ne.g. 'RequirementsNotMet'", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "lastTransitionTime": { - "description": "Last time the status transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "lastUpdateTime": { - "description": "Last time we updated the status", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about why the ClusterServiceVersion is in this condition.", - "type": "string" - }, - "phase": { - "description": "Current condition of the ClusterServiceVersion", - "type": "string" - }, - "reason": { - "description": "A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state.\ne.g. 'RequirementsNotMet'", - "type": "string" - }, - "requirementStatus": { - "description": "The status of each requirement for this CSV", - "items": { - "properties": { - "dependents": { - "items": { - "description": "DependentStatus is the status for a dependent requirement (to prevent infinite nesting)", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "message": { - "type": "string" - }, "status": { - "description": "StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus", - "type": "string" - }, - "uuid": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", "type": "string" }, - "version": { + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } }, "required": [ - "group", - "kind", - "status", - "version" + "status" ], "type": "object" }, - "type": "array" - }, - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "status": { - "description": "StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus", - "type": "string" + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } }, - "uuid": { + "type": "object" + } + }, + "type": "object" + }, + "monitoring": { + "description": "Monitoring controls the configuration of resources for exposing OCS metrics", + "properties": { + "labels": { + "additionalProperties": { "type": "string" }, - "version": { - "type": "string" - } + "description": "Labels to add to monitoring resources created by operator.\nThese labels are used as LabelSelector for Prometheus", + "type": "object" }, - "required": [ - "group", - "kind", - "message", - "name", - "status", - "version" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "ClusterServiceVersion", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/ClusterServiceVersionList": { - "description": "ClusterServiceVersionList is a list of ClusterServiceVersion", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterserviceversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.ClusterServiceVersion" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "ClusterServiceVersionList", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/InstallPlan": { - "description": "InstallPlan defines the installation of a set of operators.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "InstallPlanSpec defines a set of Application resources to be installed", - "properties": { - "approval": { - "description": "Approval is the user approval policy for an InstallPlan.\nIt must be one of \"Automatic\" or \"Manual\".", - "type": "string" - }, - "approved": { - "type": "boolean" - }, - "clusterServiceVersionNames": { - "items": { - "type": "string" + "reconcileStrategy": { + "type": "string" + } }, - "type": "array" - }, - "generation": { - "type": "integer" - }, - "source": { - "type": "string" + "type": "object" }, - "sourceNamespace": { - "type": "string" - } - }, - "required": [ - "approval", - "approved", - "clusterServiceVersionNames" - ], - "type": "object" - }, - "status": { - "description": "InstallPlanStatus represents the information about the status of\nsteps required to complete installation.\n\nStatus may trail the actual state of a system.", - "properties": { - "attenuatedServiceAccountRef": { - "description": "AttenuatedServiceAccountRef references the service account that is used\nto do scoped operator install.", + "multiCloudGateway": { + "description": "MultiCloudGatewaySpec defines specific multi-cloud gateway configuration options", "properties": { - "apiVersion": { - "description": "API version of the referent.", + "dbStorageClassName": { + "description": "DbStorageClassName specifies the default storage class\nfor nooba-db pods", "type": "string" }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" + "denyHTTP": { + "description": "DenyHTTP (optional) if given will deny access to the NooBaa S3 service using HTTP (only HTTPS)", + "type": "boolean" }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "disableLoadBalancerService": { + "description": "DisableLoadBalancerService (optional) sets the service type to ClusterIP instead of LoadBalancer", + "nullable": true, + "type": "boolean" }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "disableRoutes": { + "description": "DisableRoutes (optional) disables the reconciliation of openshift route resources in the cluster", + "nullable": true, + "type": "boolean" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" + "endpoints": { + "description": "Endpoints (optional) sets configuration info for the noobaa endpoint\ndeployment.", + "properties": { + "additionalVirtualHosts": { + "description": "AdditionalVirtualHosts (optional) provide a list of additional hostnames\n(on top of the builtin names defined by the cluster: service name, elb name, route name)\nto be used as virtual hosts by the the endpoints in the endpoint deployment", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxCount": { + "description": "MaxCount, the number of endpoint instances (pods)\nto be used as the upper bound when autoscaling", + "format": "int32", + "type": "integer" + }, + "minCount": { + "description": "MinCount, the number of endpoint instances (pods)\nto be used as the lower bound when autoscaling", + "format": "int32", + "type": "integer" + }, + "resources": { + "description": "Resources (optional) overrides the default resource requirements for every endpoint pod", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "externalPgConfig": { + "description": "Allows Noobaa to connect to an external Postgres server", + "properties": { + "allowSelfSignedCerts": { + "description": "AllowSelfSignedCerts will allow the Postgres server to use self signed certificates to authenticate", + "type": "boolean" + }, + "enableTls": { + "description": "EnableTLS will allow the postgres server to connect via TLS/SSL", + "type": "boolean" + }, + "pgSecretName": { + "description": "PGSecret stores the secret name which contains connection string of the Postgres server", + "type": "string" + }, + "tlsSecretName": { + "description": "TLSSecret stores the secret name which contains the client side certificates if enabled", + "type": "string" + } + }, + "type": "object" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "reconcileStrategy": { + "description": "ReconcileStrategy specifies whether to reconcile NooBaa CRs. Valid\nvalues are \"manage\", \"standalone\", \"ignore\" (same as \"standalone\"),\nand \"\" (same as \"manage\").", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "bundleLookups": { - "description": "BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster.", - "items": { - "description": "BundleLookup is a request to pull and unpackage the content of a bundle to the cluster.", - "properties": { - "catalogSourceRef": { - "description": "CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "network": { + "description": "Network represents cluster network settings", + "properties": { + "addressRanges": { + "description": "AddressRanges specify a list of CIDRs that Rook will apply to Ceph's 'public_network' and/or\n'cluster_network' configurations. This config section may be used for the \"host\" or \"multus\"\nnetwork providers.", + "nullable": true, + "properties": { + "cluster": { + "description": "Cluster defines a list of CIDRs to use for Ceph cluster network communication.", + "items": { + "description": "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code.", + "pattern": "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$", "type": "string" }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "array" + }, + "public": { + "description": "Public defines a list of CIDRs to use for Ceph public network communication.", + "items": { + "description": "An IPv4 or IPv6 network CIDR.\n\nThis naive kubebuilder regex provides immediate feedback for some typos and for a common problem\ncase where the range spec is forgotten (e.g., /24). Rook does in-depth validation in code.", + "pattern": "^[0-9a-fA-F:.]{2,}\\/[0-9]{1,3}$", "type": "string" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "type": "array" + } + }, + "type": "object" + }, + "connections": { + "description": "Settings for network connections such as compression and encryption across the\nwire.", + "nullable": true, + "properties": { + "compression": { + "description": "Compression settings for the network connections.", + "nullable": true, + "properties": { + "enabled": { + "description": "Whether to compress the data in transit across the wire.\nThe default is not set.", + "type": "boolean" + } }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "conditions": { - "description": "Conditions represents the overall state of a BundleLookup.", - "items": { + "encryption": { + "description": "Encryption settings for the network connections.", + "nullable": true, "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "lastUpdateTime": { - "description": "Last time the condition was probed.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "description": "Type of condition.", - "type": "string" + "enabled": { + "description": "Whether to encrypt the data in transit across the wire to prevent eavesdropping\nthe data on the network. The default is not set. Even if encryption is not enabled,\nclients still establish a strong initial authentication for the connection\nand data integrity is still validated with a crc check. When encryption is enabled,\nall communication between clients and Ceph daemons, or between Ceph daemons will\nbe encrypted.", + "type": "boolean" } }, - "required": [ - "status", - "type" - ], "type": "object" }, - "type": "array" - }, - "identifier": { - "description": "Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs)", - "type": "string" - }, - "path": { - "description": "Path refers to the location of a bundle to pull.\nIt's typically an image reference.", - "type": "string" + "requireMsgr2": { + "description": "Whether to require msgr2 (port 3300) even if compression or encryption are not enabled.\nIf true, the msgr1 port (6789) will be disabled.\nRequires a kernel that supports msgr2 (kernel 5.11 or CentOS 8.4 or newer).", + "type": "boolean" + } }, + "type": "object" + }, + "dualStack": { + "description": "DualStack determines whether Ceph daemons should listen on both IPv4 and IPv6", + "type": "boolean" + }, + "hostNetwork": { + "description": "HostNetwork to enable host network.\nIf host networking is enabled or disabled on a running cluster, then the operator will automatically fail over all the mons to\napply the new network settings.", + "type": "boolean" + }, + "ipFamily": { + "description": "IPFamily is the single stack IPv6 or IPv4 protocol", + "enum": [ + "IPv4", + "IPv6" + ], + "nullable": true, + "type": "string" + }, + "multiClusterService": { + "description": "Enable multiClusterService to export the Services between peer clusters", "properties": { - "description": "The effective properties of the unpacked bundle.", - "type": "string" + "clusterID": { + "description": "ClusterID uniquely identifies a cluster. It is used as a prefix to nslookup exported\nservices. For example: ...svc.clusterset.local", + "type": "string" + }, + "enabled": { + "description": "Enable multiClusterService to export the mon and OSD services to peer cluster.\nEnsure that peer clusters are connected using an MCS API compatible application,\nlike Globalnet Submariner.", + "type": "boolean" + } }, - "replaces": { - "description": "Replaces is the name of the bundle to replace with the one found at Path.", - "type": "string" - } + "type": "object" }, - "required": [ - "catalogSourceRef", - "identifier", - "path", - "replaces" - ], - "type": "object" + "provider": { + "description": "Provider is what provides network connectivity to the cluster e.g. \"host\" or \"multus\".\nIf the Provider is updated from being empty to \"host\" on a running cluster, then the operator will automatically fail over all the mons to apply the \"host\" network settings.", + "enum": [ + "", + "host", + "multus" + ], + "nullable": true, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "network provider must be disabled (reverted to empty string) before a new provider is enabled", + "rule": "self == '' || oldSelf == '' || self == oldSelf" + } + ] + }, + "selectors": { + "additionalProperties": { + "type": "string" + }, + "description": "Selectors define NetworkAttachmentDefinitions to be used for Ceph public and/or cluster\nnetworks when the \"multus\" network provider is used. This config section is not used for\nother network providers.\n\nValid keys are \"public\" and \"cluster\". Refer to Ceph networking documentation for more:\nhttps://docs.ceph.com/en/latest/rados/configuration/network-config-ref/\n\nRefer to Multus network annotation documentation for help selecting values:\nhttps://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\n\nRook will make a best-effort attempt to automatically detect CIDR address ranges for given\nnetwork attachment definitions. Rook's methods are robust but may be imprecise for\nsufficiently complicated networks. Rook's auto-detection process obtains a new IP address\nlease for each CephCluster reconcile. If Rook fails to detect, incorrectly detects, only\npartially detects, or if underlying networks do not support reusing old IP addresses, it is\nbest to use the 'addressRanges' config section to specify CIDR ranges for the Ceph cluster.\n\nAs a contrived example, one can use a theoretical Kubernetes-wide network for Ceph client\ntraffic and a theoretical Rook-only network for Ceph replication traffic as shown:\n selectors:\n public: \"default/cluster-fast-net\"\n cluster: \"rook-ceph/ceph-backend-net\"", + "nullable": true, + "type": "object" + } }, - "type": "array" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "at least one network selector must be specified when using multus", + "rule": "!has(self.provider) || (self.provider != 'multus' || (self.provider == 'multus' && size(self.selectors) > 0))" + }, + { + "message": "the legacy hostNetwork setting can only be set if the network.provider is set to the empty string", + "rule": "!has(self.hostNetwork) || self.hostNetwork == false || !has(self.provider) || self.provider == \"\"" + } + ] }, - "catalogSources": { - "items": { - "type": "string" + "nfs": { + "description": "NFSSpec defines specific nfs configuration options", + "properties": { + "enable": { + "description": "Enable specifies whether to enable NFS.", + "type": "boolean" + }, + "logLevel": { + "description": "LogLevel set logging level\nLog levels: NIV_NULL | NIV_FATAL | NIV_MAJ | NIV_CRIT | NIV_WARN | NIV_EVENT | NIV_INFO | NIV_DEBUG | NIV_MID_DEBUG | NIV_FULL_DEBUG | NB_LOG_LEVEL", + "type": "string" + }, + "reconcileStrategy": { + "type": "string" + }, + "storageClassName": { + "description": "StorageClassName specifies the name of the storage class created for NFS", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } }, - "type": "array" + "type": "object" }, - "conditions": { - "items": { - "description": "InstallPlanCondition represents the overall status of the execution of\nan InstallPlan.", - "properties": { - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "lastUpdateTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "description": "ConditionReason is a camelcased reason for the state transition.", - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole.", - "type": "string" - } + "nodeTopologies": { + "description": "NodeTopologies specifies the nodes available for the storage cluster,\npreferred failure domain and location for the arbiter resources. This is\noptional for non-arbiter clusters. For arbiter clusters, the\narbiterLocation is required; failure domain and the node labels are\noptional. When the failure domain and the node labels are missing, the\nocs-operator makes a best effort to determine them automatically.", + "properties": { + "arbiterLocation": { + "description": "ArbiterLocation is the chosen location in the failure domain for placing the arbiter resources.\nWhen the failure domain is not provided as an input, ocs-operator determines the failure domain.", + "type": "string" }, - "type": "object" + "labels": { + "additionalProperties": { + "description": "TopologyLabelValues is a list of values for a topology label", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "Labels is a map of topology label keys\n(e.g. \"topology.kubernetes.io/zone\") to a set of values for those\nkeys.", + "nullable": true, + "type": "object" + } }, - "type": "array" - }, - "message": { - "description": "Message is a human-readable message containing detailed\ninformation that may be important to understanding why the\nplan has its current status.", - "type": "string" - }, - "phase": { - "description": "InstallPlanPhase is the current status of a InstallPlan as a whole.", - "type": "string" + "type": "object" }, - "plan": { + "overprovisionControl": { + "description": "OverprovisionControl specifies the allowed hard-limit PVs overprovisioning relative to\nthe effective usable storage capacity.", "items": { - "description": "Step represents the status of an individual step in an InstallPlan.", + "description": "OverprovisionControlSpec defines the allowed overprovisioning PVC consumption from the underlying cluster.\nThis may be an absolute value or as a percentage of the overall effective capacity.\nOne, and only one of those two (Capacity and Percentage) may be defined.", "properties": { - "optional": { - "type": "boolean" + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "resolving": { + "quotaName": { "type": "string" }, - "resource": { - "description": "StepResource represents the status of a resource to be tracked by an\nInstallPlan.", + "selector": { + "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector\nmust present. If only one is present, it is the only selection criteria. If both are specified,\nthe project must match both restrictions.", "properties": { - "group": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "manifest": { - "type": "string" - }, - "name": { - "type": "string" - }, - "sourceName": { - "type": "string" - }, - "sourceNamespace": { - "type": "string" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "AnnotationSelector is used to select projects by annotation.", + "nullable": true, + "type": "object" }, - "version": { - "type": "string" + "labels": { + "description": "LabelSelector is used to select projects by label.", + "nullable": true, + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "group", - "kind", - "name", - "sourceName", - "sourceNamespace", - "version" - ], "type": "object" }, - "status": { - "description": "StepStatus is the current status of a particular resource an in\nInstallPlan", + "storageClassName": { "type": "string" } }, - "required": [ - "resolving", - "resource", - "status" - ], "type": "object" }, "type": "array" }, - "startTime": { - "description": "StartTime is the time when the controller began applying\nthe resources listed in the plan to the cluster.", - "format": "date-time", - "type": "string" - } - }, - "required": [ - "catalogSources", - "phase" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "InstallPlan", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/InstallPlanList": { - "description": "InstallPlanList is a list of InstallPlan", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of installplans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.InstallPlan" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "operators.coreos.com", - "kind": "InstallPlanList", - "version": "v1alpha1" - } - ] - }, - "operators.coreos.com/v1alpha1/Subscription": { - "description": "Subscription keeps operators up to date by tracking changes to Catalogs.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "SubscriptionSpec defines an Application that can be installed", - "properties": { - "channel": { - "type": "string" - }, - "config": { - "description": "SubscriptionConfig contains configuration specified for a subscription.", - "properties": { - "affinity": { - "description": "If specified, overrides the pod's scheduling constraints.\nnil sub-attributes will *not* override the original values in the pod.spec for those sub-attributes.\nUse empty object ({}) to erase original sub-attribute values.", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "placement": { + "additionalProperties": { + "description": "Placement is the placement for an object", + "properties": { + "nodeAffinity": { + "description": "NodeAffinity is a group of node affinity scheduling rules", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "preference", + "weight" + ], + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "PodAffinity is a group of inter pod affinity scheduling rules", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "nodeSelectorTerms" + "podAffinityTerm", + "weight" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "topologyKey" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "topologyKey" + ], + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "topologyKey" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "topologyKey" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "topologyKey" + ], + "type": "object" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "tolerations": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "topologyKey" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" } }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "type": "object" - } - }, - "type": "object" + }, + "type": "array" + } }, - "annotations": { - "additionalProperties": { - "type": "string" + "type": "object" + }, + "description": "Placement is optional and used to specify placements of OCS components(except csi) explicitly\nThe specified placement here will be selectively merged with the default placement for the components\nFor example, if only tolerations are specified, the default node affinity or TSC etc will be applied if applicable", + "type": "object" + }, + "providerAPIServerServiceType": { + "description": "ProviderAPIServerServiceType Indicates the ServiceType for OCS Provider API Server Service.\nThe default ServiceType is derived from hostNetwork field.", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer" + ], + "type": "string" + }, + "resourceProfile": { + "description": "Resource Profile can be used to choose from a set of predefined resource profiles for the ceph daemons.\nWe have 3 profiles\nlean: suitable for clusters with limited resources,\nbalanced: suitable for most use cases,\nperformance: suitable for clusters with high amount of resources.", + "enum": [ + "lean", + "Lean", + "balanced", + "Balanced", + "performance", + "Performance" + ], + "type": "string" + }, + "resources": { + "additionalProperties": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "description": "Annotations is an unstructured key value map stored with each Deployment, Pod, APIService in the Operator.\nTypically, annotations may be set by external tools to store and retrieve arbitrary metadata.\nUse this field to pre-define annotations that OLM should add to each of the Subscription's\ndeployments, pods, and apiservices.", - "type": "object" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - "env": { - "description": "Env is a list of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", + "type": "object" + }, + "description": "Resources is optional and used to specify resource requirements for the OCS components(except csi) explicitly\nThe specified resource requirements will be selectively merged according to the type, with the defaults for the components\nFor example, if requests/limits only for CPU are specified, default limits & requests for memory would be applied to the component", + "type": "object" + }, + "storageDeviceSets": { + "items": { + "description": "StorageDeviceSet defines a set of storage devices.\nIt configures the StorageClassDeviceSets field in Rook-Ceph.", + "properties": { + "config": { + "description": "StorageDeviceSetConfig defines Ceph OSD specific config options for the StorageDeviceSet", "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "tuneFastDeviceClass": { + "description": "TuneFastDeviceClass tunes the OSD when running on a fast Device Class", + "type": "boolean" + }, + "tuneSlowDeviceClass": { + "description": "TuneSlowDeviceClass tunes the OSD when running on a slow Device Class", + "type": "boolean" + } + }, + "type": "object" + }, + "count": { + "description": "Count is the number of devices in each StorageClassDeviceSet", + "minimum": 1, + "type": "integer" + }, + "dataPVCTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { - "key": { - "description": "The key to select.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" } }, "required": [ - "key" + "kind", + "name" ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "required": [ - "fieldPath" + "kind", + "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "resource": { - "description": "Required: resource to select", - "type": "string" + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", + "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key" - ], "type": "object", "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "description": "EnvFrom is a list of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nImmutable.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" - }, - "resources": { - "description": "Resources represents compute resources required by this container.\nImmutable.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "name" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "Selector is the label selector for pods to be configured.\nExisting ReplicaSets whose pods are\nselected by this will be the ones affected by this deployment.\nIt must match the pod template's labels.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tolerations": { - "description": "Tolerations are the pod's tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "volumeMounts": { - "description": "List of VolumeMounts to set in the container.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "volumes": { - "description": "List of Volumes to set in the podSpec.", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", + "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" - }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], "type": "object" + } + }, + "type": "object" + }, + "deviceClass": { + "description": "DeviceClass is an optional, fine-grained property of DeviceType.\nIf non empty, it defines the 'crushDeviceClass' value as used by ceph's\nCRUSH map. If empty, then operator will set 'crushDeviceClass' to SSD and\n'TuneFastDeviceClass' to true", + "type": "string" + }, + "deviceType": { + "description": "DeviceType is the value of device type in\nthis StorageDeviceSet. It can have one of the\nthree values (SSD, HDD, NVMe)", + "enum": [ + "SSD", + "ssd", + "HDD", + "hdd", + "NVMe", + "NVME", + "nvme" + ], + "type": "string" + }, + "encrypted": { + "description": "Whether to encrypt the deviceSet or not", + "type": "boolean" + }, + "initialWeight": { + "description": "InitialWeight is an optional explicit OSD weight value in TiB units.\nIf non empty, it defines the 'CrushInitialWeight' value which is\nassigned to ceph OSD upon init", + "pattern": "^([0-9]*[.])?[0-9]+(Ti[B])$", + "type": "string" + }, + "metadataPVCTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { "type": "string" }, - "shareName": { - "description": "shareName is the azure share Name", + "namespace": { "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], "type": "object" }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of resource being referenced", "type": "string" } }, + "required": [ + "kind", + "name" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "volumeID" - ], "type": "object" }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "Maps a string key to a path within a volume.", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "key": { - "description": "key is the key to project.", + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", "type": "string" }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string" } }, "required": [ - "key", - "path" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "placement": { + "description": "Placement is the placement for an object", + "properties": { + "nodeAffinity": { + "description": "NodeAffinity is a group of node affinity scheduling rules", "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "nodeSelectorTerms" + ], "type": "object", "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "PodAffinity is a group of inter pod affinity scheduling rules", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "driver" - ], "type": "object" }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", + "podAntiAffinity": { + "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "items": { - "description": "Items is a list of downward API volume file", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "fieldPath" - ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resource": { - "description": "Required: resource to select", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "resource" - ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, "required": [ - "path" + "topologyKey" ], "type": "object" }, @@ -278918,567 +220512,394 @@ }, "type": "object" }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" + "tolerations": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } + "type": "object" }, - "type": "object" + "type": "array" }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", "type": "string" }, - "description": "options is Optional: this field holds extra command options if any.", - "type": "object" - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "type": "array" + } + }, + "type": "object" + }, + "portable": { + "description": "Portable says whether the OSDs in this device set can move between\nnodes. This is ignored if Placement is not set", + "type": "boolean" + }, + "preparePlacement": { + "description": "Placement is the placement for an object", + "properties": { + "nodeAffinity": { + "description": "NodeAffinity is a group of node affinity scheduling rules", "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "type": "string" + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "nodeSelectorTerms" + ], "type": "object", "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" } }, - "required": [ - "volumeID" - ], "type": "object" }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", + "podAffinity": { + "description": "PodAffinity is a group of inter pod affinity scheduling rules", "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -279522,217 +220943,451 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "path" + "topologyKey" ], "type": "object" }, - "configMap": { - "description": "configMap information about the configMap data to project", + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "Maps a string key to a path within a volume.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { - "description": "key is the key to project.", + "description": "key is the label key that the selector applies to.", "type": "string" }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ "key", - "path" + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "PodAntiAffinity is a group of inter pod anti affinity scheduling rules", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "fieldPath" + "key", + "operator" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "type": "object" }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "resource" + "key", + "operator" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "path" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" }, - "secret": { - "description": "secret information about the secret data to project", + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "Maps a string key to a path within a volume.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { - "description": "key is the key to project.", + "description": "key is the label key that the selector applies to.", "type": "string" }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ "key", - "path" + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "path" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" }, "type": "array", @@ -279741,489 +221396,1638 @@ }, "type": "object" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" + "tolerations": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "primaryAffinity": { + "description": "PrimaryAffinity is an optional OSD primary-affinity value within the\nrange [0,1). This value influence the way Ceph's CRUSH selection of\nprimary OSDs. Lower value reduce performance bottlenecks (especially\non read operations). If not set, default value is 1.\nhttps://docs.ceph.com/en/latest/rados/operations/crush-map/#primary-affinity", + "pattern": "^0.[0-9]+$", + "type": "string" + }, + "replica": { + "description": "Replica is the number of StorageClassDeviceSets for this\nStorageDeviceSet", + "minimum": 1, + "type": "integer" + }, + "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } + "required": [ + "name" + ], + "type": "object" }, - "required": [ - "registry", - "volume" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "walPVCTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { "type": "string" }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of resource being referenced", "type": "string" } }, + "required": [ + "kind", + "name" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], "type": "object" }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "Maps a string key to a path within a volume.", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { - "key": { - "description": "key is the key to project.", + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", "type": "string" }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": { + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string" } }, "required": [ - "key", - "path" + "status", + "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" + "required": [ + "status" + ], + "type": "object" }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, - "required": [ - "volumePath" - ], "type": "object" } }, - "required": [ - "name" - ], "type": "object" + } + }, + "required": [ + "count", + "dataPVCTemplate", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "StorageClusterStatus defines the observed state of StorageCluster", + "properties": { + "conditions": { + "description": "Conditions describes the state of the StorageCluster resource.", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" }, - "type": "array" + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "currentMonCount": { + "description": "CurrentMonCount holds the value of ceph mons configured in ceph cluster.", + "type": "integer" + }, + "defaultCephDeviceClass": { + "description": "DefaultCephDeviceClass holds the default ceph device class to be used for the pools", + "type": "string" + }, + "externalSecretHash": { + "description": "ExternalSecretHash holds the checksum value of external secret data.", + "type": "string" + }, + "failureDomain": { + "description": "FailureDomain is the base CRUSH element Ceph will use to distribute\nits data replicas for the default CephBlockPool", + "type": "string" + }, + "failureDomainKey": { + "description": "FailureDomainKey is the specific key used to find the locations available\nunder a failure domain. For example topology.kubernetes.io/zone", + "type": "string" + }, + "failureDomainValues": { + "description": "FailureDomainValues is the list of locations available for a failure\ndomain under the failure domain key.", + "items": { + "type": "string" + }, + "type": "array" + }, + "images": { + "description": "Images holds the image reconcile status for all images reconciled by the operator", + "properties": { + "ceph": { + "description": "ComponentImageStatus holds image status information for a specific component image", + "properties": { + "actualImage": { + "type": "string" + }, + "desiredImage": { + "type": "string" + } + }, + "type": "object" + }, + "noobaaCore": { + "description": "ComponentImageStatus holds image status information for a specific component image", + "properties": { + "actualImage": { + "type": "string" + }, + "desiredImage": { + "type": "string" + } + }, + "type": "object" + }, + "noobaaDB": { + "description": "ComponentImageStatus holds image status information for a specific component image", + "properties": { + "actualImage": { + "type": "string" + }, + "desiredImage": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" }, - "installPlanApproval": { - "description": "Approval is the user approval policy for an InstallPlan.\nIt must be one of \"Automatic\" or \"Manual\".", + "kmsServerConnection": { + "description": "KMSServerConnection holds the connection state to the KMS server.", + "properties": { + "kmsServerAddress": { + "type": "string" + }, + "kmsServerConnectionError": { + "type": "string" + } + }, + "type": "object" + }, + "lastAppliedResourceProfile": { + "description": "LastAppliedResourceProfile is the resource profile that was last applied successfully & is currently in use.", "type": "string" }, - "name": { + "nodeTopologies": { + "description": "NodeTopologies is a list of topology labels on all nodes matching\nthe StorageCluster's placement selector.", + "properties": { + "arbiterLocation": { + "description": "ArbiterLocation is the chosen location in the failure domain for placing the arbiter resources.\nWhen the failure domain is not provided as an input, ocs-operator determines the failure domain.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "description": "TopologyLabelValues is a list of values for a topology label", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "Labels is a map of topology label keys\n(e.g. \"topology.kubernetes.io/zone\") to a set of values for those\nkeys.", + "nullable": true, + "type": "object" + } + }, + "type": "object" + }, + "phase": { + "description": "Phase describes the Phase of StorageCluster\nThis is used by OLM UI to provide status information\nto the user", "type": "string" }, - "source": { + "relatedObjects": { + "description": "RelatedObjects is a list of objects created and maintained by this\noperator. Object references will be added to this list after they have\nbeen created AND found in the cluster.", + "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "storageProviderEndpoint": { + "description": "StorageProviderEndpoint holds endpoint info on Provider cluster which is required\nfor consumer to establish connection with the storage providing cluster.", "type": "string" }, - "sourceNamespace": { + "version": { + "description": "Version specifies the version of StorageCluster", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageCluster", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageClusterList": { + "description": "StorageClusterList is a list of StorageCluster", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageclusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageCluster" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageClusterList", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageClusterPeer": { + "description": "StorageClusterPeer is the Schema for the storageclusterpeers API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "StorageClusterPeerSpec defines the desired state of StorageClusterPeer", + "properties": { + "apiEndpoint": { + "description": "ApiEndpoint is the URI of the ODF api server", "type": "string" }, - "startingCSV": { + "onboardingToken": { + "description": "OnboardingToken holds an identity information required by the local ODF cluster to onboard.", "type": "string" } }, "required": [ - "name", - "source", - "sourceNamespace" + "apiEndpoint", + "onboardingToken" ], "type": "object" }, "status": { + "description": "StorageClusterPeerStatus defines the observed state of StorageClusterPeer", "properties": { - "catalogHealth": { - "description": "CatalogHealth contains the Subscription's view of its relevant CatalogSources' status.\nIt is used to determine SubscriptionStatusConditions related to CatalogSources.", + "peerInfo": { + "properties": { + "storageClusterUid": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "type": "string" + } + }, + "required": [ + "peerInfo" + ], + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageClusterPeer", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1/StorageClusterPeerList": { + "description": "StorageClusterPeerList is a list of StorageClusterPeer", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageclusterpeers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1.StorageClusterPeer" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageClusterPeerList", + "version": "v1" + } + ] + }, + "ocs.openshift.io/v1alpha1/StorageClient": { + "description": "StorageClient is the Schema for the storageclients API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "StorageClientSpec defines the desired state of StorageClient", + "properties": { + "onboardingTicket": { + "description": "OnboardingTicket holds an identity information required for consumer to onboard.", + "type": "string" + }, + "storageProviderEndpoint": { + "description": "StorageProviderEndpoint holds info to establish connection with the storage providing cluster.", + "type": "string" + } + }, + "required": [ + "onboardingTicket", + "storageProviderEndpoint" + ], + "type": "object" + }, + "status": { + "description": "StorageClientStatus defines the observed state of StorageClient", + "properties": { + "cephFsDriverRequirements": { + "type": "object" + }, + "id": { + "description": "ConsumerID will hold the identity of this cluster inside the attached provider cluster", + "type": "string" + }, + "inMaintenanceMode": { + "type": "boolean" + }, + "nfsDriverRequirements": { + "type": "object" + }, + "phase": { + "type": "string" + }, + "rbdDriverRequirements": { + "properties": { + "topologyDomainLabels": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageClient", + "version": "v1alpha1" + } + ] + }, + "ocs.openshift.io/v1alpha1/StorageClientList": { + "description": "StorageClientList is a list of StorageClient", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageclients. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1alpha1.StorageClient" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageClientList", + "version": "v1alpha1" + } + ] + }, + "ocs.openshift.io/v1alpha1/StorageConsumer": { + "description": "StorageConsumer is the Schema for the storageconsumers API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "StorageConsumerSpec defines the desired state of StorageConsumer", + "properties": { + "enable": { + "description": "Enable flag ignores a reconcile if set to false", + "type": "boolean" + }, + "resourceNameMappingConfigMap": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClasses": { "items": { - "description": "SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about.", "properties": { - "catalogSourceRef": { - "description": "CatalogSourceRef is a reference to a CatalogSource.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "aliases": { + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array" }, - "healthy": { - "description": "Healthy is true if the CatalogSource is healthy; false otherwise.", - "type": "boolean" + "name": { + "type": "string" + }, + "rename": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "storageQuotaInGiB": { + "description": "StorageQuotaInGiB describes quota for the consumer", + "type": "integer" + }, + "volumeGroupReplicationClasses": { + "items": { + "properties": { + "aliases": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "rename": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "volumeGroupSnapshotClasses": { + "items": { + "properties": { + "aliases": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "rename": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "volumeReplicationClasses": { + "items": { + "properties": { + "aliases": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "rename": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "volumeSnapshotClasses": { + "items": { + "properties": { + "aliases": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "rename": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "storageQuotaInGiB cannot be decreased unless setting to 0", + "rule": "!(has(self.storageQuotaInGiB) && has(oldSelf.storageQuotaInGiB) && self.storageQuotaInGiB < oldSelf.storageQuotaInGiB && self.storageQuotaInGiB != 0)" + } + ] + }, + "status": { + "description": "StorageConsumerStatus defines the observed state of StorageConsumer", + "properties": { + "cephResources": { + "description": "CephResources provide details of created ceph resources required for external storage", + "items": { + "description": "CephResourcesSpec hold details of created ceph resources required for external storage", + "properties": { + "cephClients": { + "additionalProperties": { + "type": "string" + }, + "description": "CephClients holds the name of CephClients mapped to the created ceph resource", + "type": "object" + }, + "kind": { + "description": "Kind describes the kind of created ceph resource", + "type": "string" + }, + "name": { + "description": "Name describes the name of created ceph resource", + "type": "string" + }, + "status": { + "description": "Phase describes the phase of created ceph resource", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "client": { + "description": "Information of storage client received from consumer", + "nullable": true, + "properties": { + "clientId": { + "description": "ID is the k8s UID of connected storageclient", + "type": "string" + }, + "clusterId": { + "description": "ClusterID is the id of the openshift cluster", + "type": "string" + }, + "clusterName": { + "description": "ClusterName is the name of the openshift cluster", + "type": "string" + }, + "name": { + "description": "Name is the name of connected storageclient", + "type": "string" + }, + "operatorNamespace": { + "description": "Client Operator Namespace", + "type": "string" + }, + "operatorVersion": { + "description": "StorageClient Operator Version", + "type": "string" + }, + "platformVersion": { + "description": "StorageClient Platform Version", + "type": "string" + }, + "storageQuotaUtilizationRatio": { + "description": "StorageQuotaUtilizationRatio is the ratio of utilized quota of connected client", + "type": "number" + } + }, + "type": "object" + }, + "lastHeartbeat": { + "description": "Timestamp of last heartbeat received from consumer", + "format": "date-time", + "type": "string" + }, + "onboardingTicketSecret": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceNameMappingConfigMap": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "state": { + "description": "State describes the state of StorageConsumer", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageConsumer", + "version": "v1alpha1" + } + ] + }, + "ocs.openshift.io/v1alpha1/StorageConsumerList": { + "description": "StorageConsumerList is a list of StorageConsumer", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storageconsumers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ocs.v1alpha1.StorageConsumer" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ocs.openshift.io", + "kind": "StorageConsumerList", + "version": "v1alpha1" + } + ] + }, + "olm.operatorframework.io/v1/ClusterCatalog": { + "description": "ClusterCatalog enables users to make File-Based Catalog (FBC) catalog data available to the cluster.\nFor more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the desired state of the ClusterCatalog.\nspec is required.\nThe controller will work to ensure that the desired\ncatalog is unpacked and served over the catalog content HTTP server.", + "properties": { + "availabilityMode": { + "default": "Available", + "description": "availabilityMode allows users to define how the ClusterCatalog is made available to clients on the cluster.\navailabilityMode is optional.\n\nAllowed values are \"Available\" and \"Unavailable\" and omitted.\n\nWhen omitted, the default value is \"Available\".\n\nWhen set to \"Available\", the catalog contents will be unpacked and served over the catalog content HTTP server.\nSetting the availabilityMode to \"Available\" tells clients that they should consider this ClusterCatalog\nand its contents as usable.\n\nWhen set to \"Unavailable\", the catalog contents will no longer be served over the catalog content HTTP server.\nWhen set to this availabilityMode it should be interpreted the same as the ClusterCatalog not existing.\nSetting the availabilityMode to \"Unavailable\" can be useful in scenarios where a user may not want\nto delete the ClusterCatalog all together, but would still like it to be treated as if it doesn't exist.", + "enum": [ + "Unavailable", + "Available" + ], + "type": "string" + }, + "priority": { + "default": 0, + "description": "priority allows the user to define a priority for a ClusterCatalog.\npriority is optional.\n\nA ClusterCatalog's priority is used by clients as a tie-breaker between ClusterCatalogs that meet the client's requirements.\nA higher number means higher priority.\n\nIt is up to clients to decide how to handle scenarios where multiple ClusterCatalogs with the same priority meet their requirements.\nWhen deciding how to break the tie in this scenario, it is recommended that clients prompt their users for additional input.\n\nWhen omitted, the default priority is 0 because that is the zero value of integers.\n\nNegative numbers can be used to specify a priority lower than the default.\nPositive numbers can be used to specify a priority higher than the default.\n\nThe lowest possible value is -2147483648.\nThe highest possible value is 2147483647.", + "format": "int32", + "type": "integer" + }, + "source": { + "description": "source allows a user to define the source of a catalog.\nA \"catalog\" contains information on content that can be installed on a cluster.\nProviding a catalog source makes the contents of the catalog discoverable and usable by\nother on-cluster components.\nThese on-cluster components may do a variety of things with this information, such as\npresenting the content in a GUI dashboard or installing content from the catalog on the cluster.\nThe catalog source must contain catalog metadata in the File-Based Catalog (FBC) format.\nFor more information on FBC, see https://olm.operatorframework.io/docs/reference/file-based-catalogs/#docs.\nsource is a required field.\n\nBelow is a minimal example of a ClusterCatalogSpec that sources a catalog from an image:\n\n source:\n type: Image\n image:\n ref: quay.io/operatorhubio/catalog:latest", + "properties": { + "image": { + "description": "image is used to configure how catalog contents are sourced from an OCI image.\nThis field is required when type is Image, and forbidden otherwise.", + "properties": { + "pollIntervalMinutes": { + "description": "pollIntervalMinutes allows the user to set the interval, in minutes, at which the image source should be polled for new content.\npollIntervalMinutes is optional.\npollIntervalMinutes can not be specified when ref is a digest-based reference.\n\nWhen omitted, the image will not be polled for new content.", + "minimum": 1, + "type": "integer" + }, + "ref": { + "description": "ref allows users to define the reference to a container image containing Catalog contents.\nref is required.\nref can not be more than 1000 characters.\n\nA reference can be broken down into 3 parts - the domain, name, and identifier.\n\nThe domain is typically the registry where an image is located.\nIt must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.\nHyphenation is allowed, but the domain must start and end with alphanumeric characters.\nSpecifying a port to use is also allowed by adding the \":\" character followed by numeric values.\nThe port must be the last value in the domain.\nSome examples of valid domain values are \"registry.mydomain.io\", \"quay.io\", \"my-registry.io:8080\".\n\nThe name is typically the repository in the registry where an image is located.\nIt must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.\nMultiple names can be concatenated with the \"/\" character.\nThe domain and name are combined using the \"/\" character.\nSome examples of valid name values are \"operatorhubio/catalog\", \"catalog\", \"my-catalog.prod\".\nAn example of the domain and name parts of a reference being combined is \"quay.io/operatorhubio/catalog\".\n\nThe identifier is typically the tag or digest for an image reference and is present at the end of the reference.\nIt starts with a separator character used to distinguish the end of the name and beginning of the identifier.\nFor a digest-based reference, the \"@\" character is the separator.\nFor a tag-based reference, the \":\" character is the separator.\nAn identifier is required in the reference.\n\nDigest-based references must contain an algorithm reference immediately after the \"@\" separator.\nThe algorithm reference must be followed by the \":\" character and an encoded string.\nThe algorithm must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.\nSome examples of valid algorithm values are \"sha256\", \"sha256+b64u\", \"multihash+base58\".\nThe encoded string following the algorithm must be hex digits (a-f, A-F, 0-9) and must be a minimum of 32 characters.\n\nTag-based references must begin with a word character (alphanumeric + \"_\") followed by word characters or \".\", and \"-\" characters.\nThe tag must not be longer than 127 characters.\n\nAn example of a valid digest-based image reference is \"quay.io/operatorhubio/catalog@sha256:200d4ddb2a73594b91358fe6397424e975205bfbe44614f5846033cad64b3f05\"\nAn example of a valid tag-based image reference is \"quay.io/operatorhubio/catalog:latest\"", + "maxLength": 1000, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must start with a valid domain. valid domains must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.", + "rule": "self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\\\b')" + }, + { + "message": "a valid name is required. valid names must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.", + "rule": "self.find('(\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') != \"\"" + }, + { + "message": "must end with a digest or a tag", + "rule": "self.find('(@.*:)') != \"\" || self.find(':.*$') != \"\"" + }, + { + "message": "tag is invalid. the tag must not be more than 127 characters", + "rule": "self.find('(@.*:)') == \"\" ? (self.find(':.*$') != \"\" ? self.find(':.*$').substring(1).size() <= 127 : true) : true" + }, + { + "message": "tag is invalid. valid tags must begin with a word character (alphanumeric + \"_\") followed by word characters or \".\", and \"-\" characters", + "rule": "self.find('(@.*:)') == \"\" ? (self.find(':.*$') != \"\" ? self.find(':.*$').matches(':[\\\\w][\\\\w.-]*$') : true) : true" + }, + { + "message": "digest algorithm is not valid. valid algorithms must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.", + "rule": "self.find('(@.*:)') != \"\" ? self.find('(@.*:)').matches('(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])') : true" + }, + { + "message": "digest is not valid. the encoded string must be at least 32 characters", + "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').substring(1).size() >= 32 : true" + }, + { + "message": "digest is not valid. the encoded string must only contain hex characters (A-F, a-f, 0-9)", + "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').matches(':[0-9A-Fa-f]*$') : true" + } + ] + } }, - "lastUpdated": { - "description": "LastUpdated represents the last time that the CatalogSourceHealth changed", - "format": "date-time", - "type": "string" - } + "required": [ + "ref" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "cannot specify pollIntervalMinutes while using digest-based image", + "rule": "self.ref.find('(@.*:)') != \"\" ? !has(self.pollIntervalMinutes) : true" + } + ] }, - "required": [ - "catalogSourceRef", - "healthy", - "lastUpdated" - ], - "type": "object" + "type": { + "description": "type is a reference to the type of source the catalog is sourced from.\ntype is required.\n\nThe only allowed value is \"Image\".\n\nWhen set to \"Image\", the ClusterCatalog content will be sourced from an OCI image.\nWhen using an image source, the image field must be set and must be the only field defined for this type.", + "enum": [ + "Image" + ], + "type": "string" + } }, - "type": "array" - }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "image is required when source type is Image, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Image' ? has(self.image) : !has(self.image)" + } + ] + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "status": { + "description": "status contains information about the state of the ClusterCatalog such as:\n - Whether or not the catalog contents are being served via the catalog content HTTP server\n - Whether or not the ClusterCatalog is progressing to a new state\n - A reference to the source from which the catalog contents were retrieved", + "properties": { "conditions": { - "description": "Conditions is a list of the latest available observations about a Subscription's current state.", + "description": "conditions is a representation of the current state for this ClusterCatalog.\n\nThe current condition types are Serving and Progressing.\n\nThe Serving condition is used to represent whether or not the contents of the catalog is being served via the HTTP(S) web server.\nWhen it has a status of True and a reason of Available, the contents of the catalog are being served.\nWhen it has a status of False and a reason of Unavailable, the contents of the catalog are not being served because the contents are not yet available.\nWhen it has a status of False and a reason of UserSpecifiedUnavailable, the contents of the catalog are not being served because the catalog has been intentionally marked as unavailable.\n\nThe Progressing condition is used to represent whether or not the ClusterCatalog is progressing or is ready to progress towards a new state.\nWhen it has a status of True and a reason of Retrying, there was an error in the progression of the ClusterCatalog that may be resolved on subsequent reconciliation attempts.\nWhen it has a status of True and a reason of Succeeded, the ClusterCatalog has successfully progressed to a new state and is ready to continue progressing.\nWhen it has a status of False and a reason of Blocked, there was an error in the progression of the ClusterCatalog that requires manual intervention for recovery.\n\nIn the case that the Serving condition is True with reason Available and Progressing is True with reason Retrying, the previously fetched\ncatalog contents are still being served via the HTTP(S) web server while we are progressing towards serving a new version of the catalog\ncontents. This could occur when we've initially fetched the latest contents from the source for this catalog and when polling for changes\nto the contents we identify that there are updates to the contents.", "items": { - "description": "SubscriptionCondition represents the latest available observations of a Subscription's state.", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { - "lastHeartbeatTime": { - "description": "LastHeartbeatTime is the last time we got an update on a given condition", - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { - "description": "LastTransitionTime is the last time the condition transit from one status to another", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "Message is a human-readable message indicating details about last transition.", + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, "type": "string" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "reason": { - "description": "Reason is a one-word CamelCase reason for the condition's last transition.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { - "description": "Status is the status of the condition, one of True, False, Unknown.", + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "Type is the type of Subscription condition.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", + "message", + "reason", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "currentCSV": { - "description": "CurrentCSV is the CSV the Subscription is progressing to.", + "lastUnpacked": { + "description": "lastUnpacked represents the last time the contents of the\ncatalog were extracted from their source format. As an example,\nwhen using an Image source, the OCI image will be pulled and the\nimage layers written to a file-system backed cache. We refer to the\nact of this extraction from the source format as \"unpacking\".", + "format": "date-time", "type": "string" }, - "installPlanGeneration": { - "description": "InstallPlanGeneration is the current generation of the installplan", - "type": "integer" - }, - "installPlanRef": { - "description": "InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV.", + "resolvedSource": { + "description": "resolvedSource contains information about the resolved source based on the source type.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "image": { + "description": "image is a field containing resolution information for a catalog sourced from an image.\nThis field must be set when type is Image, and forbidden otherwise.", + "properties": { + "ref": { + "description": "ref contains the resolved image digest-based reference.\nThe digest format is used so users can use other tooling to fetch the exact\nOCI manifests that were used to extract the catalog contents.", + "maxLength": 1000, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must start with a valid domain. valid domains must be alphanumeric characters (lowercase and uppercase) separated by the \".\" character.", + "rule": "self.matches('^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])((\\\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(:[0-9]+)?\\\\b')" + }, + { + "message": "a valid name is required. valid names must contain lowercase alphanumeric characters separated only by the \".\", \"_\", \"__\", \"-\" characters.", + "rule": "self.find('(\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?((\\\\/[a-z0-9]+((([._]|__|[-]*)[a-z0-9]+)+)?)+)?)') != \"\"" + }, + { + "message": "must end with a digest", + "rule": "self.find('(@.*:)') != \"\"" + }, + { + "message": "digest algorithm is not valid. valid algorithms must start with an uppercase or lowercase alpha character followed by alphanumeric characters and may contain the \"-\", \"_\", \"+\", and \".\" characters.", + "rule": "self.find('(@.*:)') != \"\" ? self.find('(@.*:)').matches('(@[A-Za-z][A-Za-z0-9]*([-_+.][A-Za-z][A-Za-z0-9]*)*[:])') : true" + }, + { + "message": "digest is not valid. the encoded string must be at least 32 characters", + "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').substring(1).size() >= 32 : true" + }, + { + "message": "digest is not valid. the encoded string must only contain hex characters (A-F, a-f, 0-9)", + "rule": "self.find('(@.*:)') != \"\" ? self.find(':.*$').matches(':[0-9A-Fa-f]*$') : true" + } + ] + } + }, + "required": [ + "ref" + ], + "type": "object" }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": { + "description": "type is a reference to the type of source the catalog is sourced from.\ntype is required.\n\nThe only allowed value is \"Image\".\n\nWhen set to \"Image\", information about the resolved image source will be set in the 'image' field.", + "enum": [ + "Image" + ], "type": "string" } }, + "required": [ + "image", + "type" + ], "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "installedCSV": { - "description": "InstalledCSV is the CSV currently installed by the Subscription.", - "type": "string" + "x-kubernetes-validations": [ + { + "message": "image is required when source type is Image, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Image' ? has(self.image) : !has(self.image)" + } + ] }, - "installplan": { - "description": "Install is a reference to the latest InstallPlan generated for the Subscription.\nDEPRECATED: InstallPlanRef", + "urls": { + "description": "urls contains the URLs that can be used to access the catalog.", "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "uuid": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" + "base": { + "description": "base is a cluster-internal URL that provides endpoints for\naccessing the content of the catalog.\n\nIt is expected that clients append the path for the endpoint they wish\nto access.\n\nCurrently, only a single endpoint is served and is accessible at the path\n/api/v1.\n\nThe endpoints served for the v1 API are:\n - /all - this endpoint returns the entirety of the catalog contents in the FBC format\n\nAs the needs of users and clients of the evolve, new endpoints may be added.", + "maxLength": 525, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid URL", + "rule": "isURL(self)" + }, + { + "message": "scheme must be either http or https", + "rule": "isURL(self) ? (url(self).getScheme() == \"http\" || url(self).getScheme() == \"https\") : true" + } + ] } }, "required": [ - "apiVersion", - "kind", - "name", - "uuid" + "base" ], "type": "object" - }, - "lastUpdated": { - "description": "LastUpdated represents the last time that the Subscription status was updated.", - "format": "date-time", - "type": "string" - }, - "reason": { - "description": "Reason is the reason the Subscription was transitioned to its current state.", - "type": "string" - }, - "state": { - "description": "State represents the current state of the Subscription", - "type": "string" } }, - "required": [ - "lastUpdated" - ], "type": "object" } }, @@ -280234,14 +223038,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "Subscription", - "version": "v1alpha1" + "group": "olm.operatorframework.io", + "kind": "ClusterCatalog", + "version": "v1" } ] }, - "operators.coreos.com/v1alpha1/SubscriptionList": { - "description": "SubscriptionList is a list of Subscription", + "olm.operatorframework.io/v1/ClusterCatalogList": { + "description": "ClusterCatalogList is a list of ClusterCatalog", "namespaced": true, "properties": { "apiVersion": { @@ -280249,9 +223053,9 @@ "type": "string" }, "items": { - "description": "List of subscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clustercatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.Subscription" + "$ref": "#/components/schemas/io.operatorframework.olm.v1.ClusterCatalog" }, "type": "array" }, @@ -280274,15 +223078,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "SubscriptionList", - "version": "v1alpha1" + "group": "olm.operatorframework.io", + "kind": "ClusterCatalogList", + "version": "v1" } ] }, - "operators.coreos.com/v1alpha2/OperatorGroup": { - "description": "OperatorGroup is the unit of multitenancy for OLM managed operators.\nIt constrains the installation of operators in its namespace to a specified set of target namespaces.", - "namespaced": true, + "olm.operatorframework.io/v1/ClusterExtension": { + "description": "ClusterExtension is the Schema for the clusterextensions API", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -280301,142 +223105,342 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "OperatorGroupSpec is the spec for an OperatorGroup resource.", + "description": "spec is an optional field that defines the desired state of the ClusterExtension.", "properties": { - "selector": { - "description": "Selector selects the OperatorGroup's target namespaces.", + "install": { + "description": "install is an optional field used to configure the installation options\nfor the ClusterExtension such as the pre-flight check configuration.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "preflight": { + "description": "preflight is an optional field that can be used to configure the checks that are\nrun before installation or upgrade of the content for the package specified in the packageName field.\n\nWhen specified, it replaces the default preflight configuration for install/upgrade actions.\nWhen not specified, the default configuration will be used.", + "properties": { + "crdUpgradeSafety": { + "description": "crdUpgradeSafety is used to configure the CRD Upgrade Safety pre-flight\nchecks that run prior to upgrades of installed content.\n\nThe CRD Upgrade Safety pre-flight check safeguards from unintended\nconsequences of upgrading a CRD, such as data loss.", + "properties": { + "enforcement": { + "description": "enforcement is a required field, used to configure the state of the CRD Upgrade Safety pre-flight check.\n\nAllowed values are \"None\" or \"Strict\". The default value is \"Strict\".\n\nWhen set to \"None\", the CRD Upgrade Safety pre-flight check will be skipped\nwhen performing an upgrade operation. This should be used with caution as\nunintended consequences such as data loss can occur.\n\nWhen set to \"Strict\", the CRD Upgrade Safety pre-flight check will be run when\nperforming an upgrade operation.", + "enum": [ + "None", + "Strict" + ], "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + } + }, + "required": [ + "enforcement" + ], + "type": "object" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "required": [ + "crdUpgradeSafety" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "at least one of [crdUpgradeSafety] are required when preflight is specified", + "rule": "has(self.crdUpgradeSafety)" + } + ] } }, "type": "object", - "x-kubernetes-map-type": "atomic" + "x-kubernetes-validations": [ + { + "message": "at least one of [preflight] are required when install is specified", + "rule": "has(self.preflight)" + } + ] }, - "serviceAccountName": { - "description": "ServiceAccountName is the admin specified service account which will be\nused to deploy operator(s) in this operator group.", - "type": "string" + "namespace": { + "description": "namespace is a reference to a Kubernetes namespace.\nThis is the namespace in which the provided ServiceAccount must exist.\nIt also designates the default namespace where namespace-scoped resources\nfor the extension are applied to the cluster.\nSome extensions may contain namespace-scoped resources to be applied in other namespaces.\nThis namespace must exist.\n\nnamespace is required, immutable, and follows the DNS label standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-),\nstart and end with an alphanumeric character, and be no longer than 63 characters\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "namespace is immutable", + "rule": "self == oldSelf" + }, + { + "message": "namespace must be a valid DNS1123 label", + "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?$\")" + } + ] }, - "staticProvidedAPIs": { - "description": "Static tells OLM not to update the OperatorGroup's providedAPIs annotation", - "type": "boolean" + "serviceAccount": { + "description": "serviceAccount is a reference to a ServiceAccount used to perform all interactions\nwith the cluster that are required to manage the extension.\nThe ServiceAccount must be configured with the necessary permissions to perform these interactions.\nThe ServiceAccount must exist in the namespace referenced in the spec.\nserviceAccount is required.", + "properties": { + "name": { + "description": "name is a required, immutable reference to the name of the ServiceAccount\nto be used for installation and management of the content for the package\nspecified in the packageName field.\n\nThis ServiceAccount must exist in the installNamespace.\n\nname follows the DNS subdomain standard as defined in [RFC 1123].\nIt must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.\n\nSome examples of valid values are:\n - some-serviceaccount\n - 123-serviceaccount\n - 1-serviceaccount-2\n - someserviceaccount\n - some.serviceaccount\n\nSome examples of invalid values are:\n - -some-serviceaccount\n - some-serviceaccount-\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "name is immutable", + "rule": "self == oldSelf" + }, + { + "message": "name must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", + "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + } + ] + } + }, + "required": [ + "name" + ], + "type": "object" }, - "targetNamespaces": { - "description": "TargetNamespaces is an explicit set of namespaces to target.\nIf it is set, Selector is ignored.", - "items": { - "type": "string" + "source": { + "description": "source is a required field which selects the installation source of content\nfor this ClusterExtension. Selection is performed by setting the sourceType.\n\nCatalog is currently the only implemented sourceType, and setting the\nsourcetype to \"Catalog\" requires the catalog field to also be defined.\n\nBelow is a minimal example of a source definition (in yaml):\n\nsource:\n sourceType: Catalog\n catalog:\n packageName: example-package", + "properties": { + "catalog": { + "description": "catalog is used to configure how information is sourced from a catalog.\nThis field is required when sourceType is \"Catalog\", and forbidden otherwise.", + "properties": { + "channels": { + "description": "channels is an optional reference to a set of channels belonging to\nthe package specified in the packageName field.\n\nA \"channel\" is a package-author-defined stream of updates for an extension.\n\nEach channel in the list must follow the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters. No more than 256 channels can be specified.\n\nWhen specified, it is used to constrain the set of installable bundles and\nthe automated upgrade path. This constraint is an AND operation with the\nversion field. For example:\n - Given channel is set to \"foo\"\n - Given version is set to \">=1.0.0, <1.5.0\"\n - Only bundles that exist in channel \"foo\" AND satisfy the version range comparison will be considered installable\n - Automatic upgrades will be constrained to upgrade edges defined by the selected channel\n\nWhen unspecified, upgrade edges across all channels will be used to identify valid automatic upgrade paths.\n\nSome examples of valid values are:\n - 1.1.x\n - alpha\n - stable\n - stable-v1\n - v1-stable\n - dev-preview\n - preview\n - community\n\nSome examples of invalid values are:\n - -some-channel\n - some-channel-\n - thisisareallylongchannelnamethatisgreaterthanthemaximumlength\n - original_40\n - --default-channel\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", + "items": { + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "channels entries must be valid DNS1123 subdomains", + "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + } + ] + }, + "maxItems": 256, + "type": "array" + }, + "packageName": { + "description": "packageName is a reference to the name of the package to be installed\nand is used to filter the content from catalogs.\n\npackageName is required, immutable, and follows the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.\n\nSome examples of valid values are:\n - some-package\n - 123-package\n - 1-package-2\n - somepackage\n\nSome examples of invalid values are:\n - -some-package\n - some-package-\n - thisisareallylongpackagenamethatisgreaterthanthemaximumlength\n - some.package\n\n[RFC 1123]: https://tools.ietf.org/html/rfc1123", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "packageName is immutable", + "rule": "self == oldSelf" + }, + { + "message": "packageName must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", + "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + } + ] + }, + "selector": { + "description": "selector is an optional field that can be used\nto filter the set of ClusterCatalogs used in the bundle\nselection process.\n\nWhen unspecified, all ClusterCatalogs will be used in\nthe bundle selection process.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "upgradeConstraintPolicy": { + "default": "CatalogProvided", + "description": "upgradeConstraintPolicy is an optional field that controls whether\nthe upgrade path(s) defined in the catalog are enforced for the package\nreferenced in the packageName field.\n\nAllowed values are: \"CatalogProvided\" or \"SelfCertified\", or omitted.\n\nWhen this field is set to \"CatalogProvided\", automatic upgrades will only occur\nwhen upgrade constraints specified by the package author are met.\n\nWhen this field is set to \"SelfCertified\", the upgrade constraints specified by\nthe package author are ignored. This allows for upgrades and downgrades to\nany version of the package. This is considered a dangerous operation as it\ncan lead to unknown and potentially disastrous outcomes, such as data\nloss. It is assumed that users have independently verified changes when\nusing this option.\n\nWhen this field is omitted, the default value is \"CatalogProvided\".", + "enum": [ + "CatalogProvided", + "SelfCertified" + ], + "type": "string" + }, + "version": { + "description": "version is an optional semver constraint (a specific version or range of versions). When unspecified, the latest version available will be installed.\n\nAcceptable version ranges are no longer than 64 characters.\nVersion ranges are composed of comma- or space-delimited values and one or\nmore comparison operators, known as comparison strings. Additional\ncomparison strings can be added using the OR operator (||).\n\n# Range Comparisons\n\nTo specify a version range, you can use a comparison string like \">=3.0,\n<3.6\". When specifying a range, automatic updates will occur within that\nrange. The example comparison string means \"install any version greater than\nor equal to 3.0.0 but less than 3.6.0.\". It also states intent that if any\nupgrades are available within the version range after initial installation,\nthose upgrades should be automatically performed.\n\n# Pinned Versions\n\nTo specify an exact version to install you can use a version range that\n\"pins\" to a specific version. When pinning to a specific version, no\nautomatic updates will occur. An example of a pinned version range is\n\"0.6.0\", which means \"only install version 0.6.0 and never\nupgrade from this version\".\n\n# Basic Comparison Operators\n\nThe basic comparison operators and their meanings are:\n - \"=\", equal (not aliased to an operator)\n - \"!=\", not equal\n - \"<\", less than\n - \">\", greater than\n - \">=\", greater than OR equal to\n - \"<=\", less than OR equal to\n\n# Wildcard Comparisons\n\nYou can use the \"x\", \"X\", and \"*\" characters as wildcard characters in all\ncomparison operations. Some examples of using the wildcard characters:\n - \"1.2.x\", \"1.2.X\", and \"1.2.*\" is equivalent to \">=1.2.0, < 1.3.0\"\n - \">= 1.2.x\", \">= 1.2.X\", and \">= 1.2.*\" is equivalent to \">= 1.2.0\"\n - \"<= 2.x\", \"<= 2.X\", and \"<= 2.*\" is equivalent to \"< 3\"\n - \"x\", \"X\", and \"*\" is equivalent to \">= 0.0.0\"\n\n# Patch Release Comparisons\n\nWhen you want to specify a minor version up to the next major version you\ncan use the \"~\" character to perform patch comparisons. Some examples:\n - \"~1.2.3\" is equivalent to \">=1.2.3, <1.3.0\"\n - \"~1\" and \"~1.x\" is equivalent to \">=1, <2\"\n - \"~2.3\" is equivalent to \">=2.3, <2.4\"\n - \"~1.2.x\" is equivalent to \">=1.2.0, <1.3.0\"\n\n# Major Release Comparisons\n\nYou can use the \"^\" character to make major release comparisons after a\nstable 1.0.0 version is published. If there is no stable version published, // minor versions define the stability level. Some examples:\n - \"^1.2.3\" is equivalent to \">=1.2.3, <2.0.0\"\n - \"^1.2.x\" is equivalent to \">=1.2.0, <2.0.0\"\n - \"^2.3\" is equivalent to \">=2.3, <3\"\n - \"^2.x\" is equivalent to \">=2.0.0, <3\"\n - \"^0.2.3\" is equivalent to \">=0.2.3, <0.3.0\"\n - \"^0.2\" is equivalent to \">=0.2.0, <0.3.0\"\n - \"^0.0.3\" is equvalent to \">=0.0.3, <0.0.4\"\n - \"^0.0\" is equivalent to \">=0.0.0, <0.1.0\"\n - \"^0\" is equivalent to \">=0.0.0, <1.0.0\"\n\n# OR Comparisons\nYou can use the \"||\" character to represent an OR operation in the version\nrange. Some examples:\n - \">=1.2.3, <2.0.0 || >3.0.0\"\n - \"^0 || ^3 || ^5\"\n\nFor more information on semver, please see https://semver.org/", + "maxLength": 64, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "invalid version expression", + "rule": "self.matches(\"^(\\\\s*(=||!=|>|<|>=|=>|<=|=<|~|~>|\\\\^)\\\\s*(v?(0|[1-9]\\\\d*|[x|X|\\\\*])(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*]))?(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*))?(-([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?(\\\\+([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?)\\\\s*)((?:\\\\s+|,\\\\s*|\\\\s*\\\\|\\\\|\\\\s*)(=||!=|>|<|>=|=>|<=|=<|~|~>|\\\\^)\\\\s*(v?(0|[1-9]\\\\d*|x|X|\\\\*])(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*))?(\\\\.(0|[1-9]\\\\d*|x|X|\\\\*]))?(-([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?(\\\\+([0-9A-Za-z\\\\-]+(\\\\.[0-9A-Za-z\\\\-]+)*))?)\\\\s*)*$\")" + } + ] + } + }, + "required": [ + "packageName" + ], + "type": "object" + }, + "sourceType": { + "description": "sourceType is a required reference to the type of install source.\n\nAllowed values are \"Catalog\"\n\nWhen this field is set to \"Catalog\", information for determining the\nappropriate bundle of content to install will be fetched from\nClusterCatalog resources existing on the cluster.\nWhen using the Catalog sourceType, the catalog field must also be set.", + "enum": [ + "Catalog" + ], + "type": "string" + } }, - "type": "array" + "required": [ + "sourceType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "catalog is required when sourceType is Catalog, and forbidden otherwise", + "rule": "has(self.sourceType) && self.sourceType == 'Catalog' ? has(self.catalog) : !has(self.catalog)" + } + ] } }, + "required": [ + "namespace", + "serviceAccount", + "source" + ], "type": "object" }, "status": { - "description": "OperatorGroupStatus is the status for an OperatorGroupResource.", + "description": "status is an optional field that defines the observed state of the ClusterExtension.", "properties": { - "lastUpdated": { - "description": "LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated.", - "format": "date-time", - "type": "string" - }, - "namespaces": { - "description": "Namespaces is the set of target namespaces for the OperatorGroup.", + "conditions": { + "description": "The set of condition types which apply to all spec.source variations are Installed and Progressing.\n\nThe Installed condition represents whether or not the bundle has been installed for this ClusterExtension.\nWhen Installed is True and the Reason is Succeeded, the bundle has been successfully installed.\nWhen Installed is False and the Reason is Failed, the bundle has failed to install.\n\nThe Progressing condition represents whether or not the ClusterExtension is advancing towards a new state.\nWhen Progressing is True and the Reason is Succeeded, the ClusterExtension is making progress towards a new state.\nWhen Progressing is True and the Reason is Retrying, the ClusterExtension has encountered an error that could be resolved on subsequent reconciliation attempts.\nWhen Progressing is False and the Reason is Blocked, the ClusterExtension has encountered an error that requires manual intervention for recovery.\n\nWhen the ClusterExtension is sourced from a catalog, if may also communicate a deprecation condition.\nThese are indications from a package owner to guide users away from a particular package, channel, or bundle.\nBundleDeprecated is set if the requested bundle version is marked deprecated in the catalog.\nChannelDeprecated is set if the requested channel is marked deprecated in the catalog.\nPackageDeprecated is set if the requested package is marked deprecated in the catalog.\nDeprecated is a rollup condition that is present when any of the deprecated conditions are present.", "items": { - "type": "string" + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "serviceAccountRef": { - "description": "ServiceAccountRef references the service account object specified.", + "install": { + "description": "install is a representation of the current installation status for this ClusterExtension.", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "bundle": { + "description": "bundle is a required field which represents the identifying attributes of a bundle.\n\nA \"bundle\" is a versioned set of content that represents the resources that\nneed to be applied to a cluster to install a package.", + "properties": { + "name": { + "description": "name is required and follows the DNS subdomain standard\nas defined in [RFC 1123]. It must contain only lowercase alphanumeric characters,\nhyphens (-) or periods (.), start and end with an alphanumeric character,\nand be no longer than 253 characters.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "packageName must be a valid DNS1123 subdomain. It must contain only lowercase alphanumeric characters, hyphens (-) or periods (.), start and end with an alphanumeric character, and be no longer than 253 characters", + "rule": "self.matches(\"^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$\")" + } + ] + }, + "version": { + "description": "version is a required field and is a reference to the version that this bundle represents\nversion follows the semantic versioning standard as defined in https://semver.org/.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "version must be well-formed semver", + "rule": "self.matches(\"^([0-9]+)(\\\\.[0-9]+)?(\\\\.[0-9]+)?(-([-0-9A-Za-z]+(\\\\.[-0-9A-Za-z]+)*))?(\\\\+([-0-9A-Za-z]+(-\\\\.[-0-9A-Za-z]+)*))?\")" + } + ] + } + }, + "required": [ + "name", + "version" + ], + "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "bundle" + ], + "type": "object" } }, - "required": [ - "lastUpdated" - ], "type": "object" } }, - "required": [ - "metadata" - ], + "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "OperatorGroup", - "version": "v1alpha2" + "group": "olm.operatorframework.io", + "kind": "ClusterExtension", + "version": "v1" } ] }, - "operators.coreos.com/v1alpha2/OperatorGroupList": { - "description": "OperatorGroupList is a list of OperatorGroup", + "olm.operatorframework.io/v1/ClusterExtensionList": { + "description": "ClusterExtensionList is a list of ClusterExtension", "namespaced": true, "properties": { "apiVersion": { @@ -280444,9 +223448,9 @@ "type": "string" }, "items": { - "description": "List of operatorgroups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clusterextensions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/com.coreos.operators.v1alpha2.OperatorGroup" + "$ref": "#/components/schemas/io.operatorframework.olm.v1.ClusterExtension" }, "type": "array" }, @@ -280469,15 +223473,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "OperatorGroupList", - "version": "v1alpha2" + "group": "olm.operatorframework.io", + "kind": "ClusterExtensionList", + "version": "v1" } ] }, - "operators.coreos.com/v2/OperatorCondition": { - "description": "OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator.", - "namespaced": true, + "operator.openshift.io/v1/Authentication": { + "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -280496,11 +223500,57 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "OperatorConditionSpec allows an operator to report state to OLM and provides\ncluster admin with the ability to manually override state reported by the operator.", + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { "properties": { "conditions": { + "description": "conditions is a list of conditions and their status", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "OperatorCondition is just the standard condition fields.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", @@ -280508,21 +223558,9 @@ "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { @@ -280543,24 +223581,232 @@ }, "required": [ "lastTransitionTime", - "message", - "reason", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "deployments": { + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "items": { - "type": "string" + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "overrides": { + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "oauthAPIServer": { + "description": "oauthAPIServer holds status specific only to oauth-apiserver", + "properties": { + "latestAvailableRevision": { + "description": "latestAvailableRevision is the latest revision used as suffix of revisioned\nsecrets like encryption-config. A new revision causes a new deployment of pods.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "Authentication", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/AuthenticationList": { + "description": "AuthenticationList is a list of Authentication", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.Authentication" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "AuthenticationList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/CSISnapshotController": { + "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "OperatorCondition is just the standard condition fields.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", @@ -280568,21 +223814,9 @@ "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { @@ -280602,99 +223836,109 @@ } }, "required": [ - "message", - "reason", + "lastTransitionTime", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "serviceAccounts": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "OperatorConditionStatus allows OLM to convey which conditions have been observed.", - "properties": { - "conditions": { + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", + "group": { + "description": "group is the group of the thing you're tracking", "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", "format": "int64", - "minimum": 0, "type": "integer" }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "name": { + "description": "name is the name of the thing you're tracking", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], + "namespace": { + "description": "namespace is where the thing you're tracking is", "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "resource": { + "description": "resource is the resource type of the thing you're tracking", "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "group", + "name", + "namespace", + "resource" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } }, "type": "object" } }, "required": [ - "metadata" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "OperatorCondition", - "version": "v2" + "group": "operator.openshift.io", + "kind": "CSISnapshotController", + "version": "v1" } ] }, - "operators.coreos.com/v2/OperatorConditionList": { - "description": "OperatorConditionList is a list of OperatorCondition", + "operator.openshift.io/v1/CSISnapshotControllerList": { + "description": "CSISnapshotControllerList is a list of CSISnapshotController", "namespaced": true, "properties": { "apiVersion": { @@ -280702,9 +223946,9 @@ "type": "string" }, "items": { - "description": "List of operatorconditions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of csisnapshotcontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/com.coreos.operators.v2.OperatorCondition" + "$ref": "#/components/schemas/io.openshift.operator.v1.CSISnapshotController" }, "type": "array" }, @@ -280727,15 +223971,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "operators.coreos.com", - "kind": "OperatorConditionList", - "version": "v2" + "group": "operator.openshift.io", + "kind": "CSISnapshotControllerList", + "version": "v1" } ] }, - "packages.operators.coreos.com/v1/PackageManifest": { - "description": "PackageManifest holds information about a package, which is a reference to one (or more) channels under a single package.", - "namespaced": true, + "operator.openshift.io/v1/CloudCredential": { + "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -280751,37 +223995,204 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {} + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestSpec" + "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", + "properties": { + "credentialsMode": { + "description": "credentialsMode allows informing CCO that it should not attempt to dynamically\ndetermine the root cloud credentials capabilities, and it should just run in\nthe specified mode.\nIt also allows putting the operator into \"manual\" mode if desired.\nLeaving the field in default mode runs CCO so that the cluster's cloud credentials\nwill be dynamically probed for capabilities (on supported clouds/platforms).\nSupported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", + "enum": [ + "", + "Manual", + "Mint", + "Passthrough" + ], + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } - ], - "default": {} + }, + "type": "object" }, "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestStatus" + "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } - ], - "default": {} + }, + "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "packages.operators.coreos.com", - "kind": "PackageManifest", + "group": "operator.openshift.io", + "kind": "CloudCredential", "version": "v1" } ] }, - "packages.operators.coreos.com/v1/PackageManifestList": { - "description": "PackageManifestList is a list of PackageManifest objects.", + "operator.openshift.io/v1/CloudCredentialList": { + "description": "CloudCredentialList is a list of CloudCredential", "namespaced": true, "properties": { "apiVersion": { @@ -280789,16 +224200,11 @@ "type": "string" }, "items": { + "description": "List of cloudcredentials. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifest" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.operator.v1.CloudCredential" }, - "type": "array", - "x-kubernetes-list-type": "set" + "type": "array" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -280810,7 +224216,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {} + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -280819,14 +224225,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "packages.operators.coreos.com", - "kind": "PackageManifestList", + "group": "operator.openshift.io", + "kind": "CloudCredentialList", "version": "v1" } ] }, - "performance.openshift.io/v1/PerformanceProfile": { - "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "operator.openshift.io/v1/ClusterCSIDriver": { + "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator\ninstalled by default in OpenShift. Name of the object must be name of the CSI driver\nit operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -280846,204 +224252,276 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "description": "spec holds user settable values for configuration", "properties": { - "additionalKernelArgs": { - "description": "Additional kernel arguments.", - "items": { - "type": "string" - }, - "type": "array" - }, - "cpu": { - "description": "CPU defines a set of CPU related parameters.", + "driverConfig": { + "description": "driverConfig can be used to specify platform specific driver configuration.\nWhen omitted, this means no opinion and the platform is left to choose reasonable\ndefaults. These defaults are subject to change over time.", "properties": { - "balanceIsolated": { - "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", - "type": "boolean" + "aws": { + "description": "aws is used to configure the AWS CSI driver.", + "properties": { + "efsVolumeMetrics": { + "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", + "properties": { + "recursiveWalk": { + "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver\nwhen the state is set to RecursiveWalk.", + "properties": { + "fsRateLimit": { + "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is 5.\nThe valid range is from 1 to 100 goroutines.", + "format": "int32", + "maximum": 100, + "minimum": 1, + "type": "integer" + }, + "refreshPeriodMinutes": { + "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is 240.\nThe valid range is from 1 to 43200 minutes (30 days).", + "format": "int32", + "maximum": 43200, + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "state": { + "description": "state defines the state of metric collection in the AWS EFS CSI Driver.\nThis field is required and must be set to one of the following values: Disabled or RecursiveWalk.\nDisabled means no metrics collection will be performed. This is the default value.\nRecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics.\nThis process may result in high CPU and memory usage, depending on the volume size.", + "enum": [ + "RecursiveWalk", + "Disabled" + ], + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object" + }, + "kmsKeyARN": { + "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key,\nrather than the default KMS key used by AWS.\nThe value may be either the ARN or Alias ARN of a KMS key.", + "pattern": "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\\/.*$", + "type": "string" + } + }, + "type": "object" }, - "isolated": { - "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", - "type": "string" + "azure": { + "description": "azure is used to configure the Azure CSI driver.", + "properties": { + "diskEncryptionSet": { + "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a\ncustomer-managed encryption set, rather than the default platform-managed keys.", + "properties": { + "name": { + "description": "name is the name of the disk encryption set that will be set on the default storage class.\nThe value should consist of only alphanumberic characters,\nunderscores (_), hyphens, and be at most 80 characters in length.", + "maxLength": 80, + "pattern": "^[a-zA-Z0-9\\_-]+$", + "type": "string" + }, + "resourceGroup": { + "description": "resourceGroup defines the Azure resource group that contains the disk encryption set.\nThe value should consist of only alphanumberic characters,\nunderscores (_), parentheses, hyphens and periods.\nThe value should not end in a period and be at most 90 characters in\nlength.", + "maxLength": 90, + "pattern": "^[\\w\\.\\-\\(\\)]*[\\w\\-\\(\\)]$", + "type": "string" + }, + "subscriptionID": { + "description": "subscriptionID defines the Azure subscription that contains the disk encryption set.\nThe value should meet the following conditions:\n1. It should be a 128-bit number.\n2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long.\n3. It should be displayed in five groups separated by hyphens (-).\n4. The first group should be 8 characters long.\n5. The second, third, and fourth groups should be 4 characters long.\n6. The fifth group should be 12 characters long.\nAn Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", + "maxLength": 36, + "pattern": "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$", + "type": "string" + } + }, + "required": [ + "name", + "resourceGroup", + "subscriptionID" + ], + "type": "object" + } + }, + "type": "object" }, - "offlined": { - "description": "Offline defines a set of CPUs that will be unused and set offline", + "driverType": { + "description": "driverType indicates type of CSI driver for which the\ndriverConfig is being applied to.\nValid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted.\nConsumers should treat unknown values as a NO-OP.", + "enum": [ + "", + "AWS", + "Azure", + "GCP", + "IBMCloud", + "vSphere" + ], "type": "string" }, - "reserved": { - "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", - "type": "string" - } - }, - "required": [ - "isolated" - ], - "type": "object" - }, - "globallyDisableIrqLoadBalancing": { - "description": "GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set.\nWhen the option is set to \"true\" it disables IRQs load balancing for the Isolated CPU set.\nSetting the option to \"false\" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing\ncan be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations.\nDefaults to \"false\"", - "type": "boolean" - }, - "hardwareTuning": { - "description": "HardwareTuning defines a set of CPU frequencies for isolated and reserved cpus.\nIt is an optional parameter and requires vendor recommendation to find suitable frequencies.\nThe intention is to set higher frequency for reserved cpus where\nplatform application is running while setting isolated cpus frequency to match\nvendor recommendation.", - "properties": { - "isolatedCpuFreq": { - "description": "IsolatedCpuFreq defines a minimum frequency to be set across isolated cpus", - "type": "integer" + "gcp": { + "description": "gcp is used to configure the GCP CSI driver.", + "properties": { + "kmsKey": { + "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied\nencryption keys, rather than the default keys managed by GCP.", + "properties": { + "keyRing": { + "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.\nThe value should correspond to an existing KMS key ring and should\nconsist of only alphanumeric characters, hyphens (-) and underscores (_),\nand be at most 63 characters in length.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\_-]+$", + "type": "string" + }, + "location": { + "description": "location is the GCP location in which the Key Ring exists.\nThe value must match an existing GCP location, or \"global\".\nDefaults to global, if not set.", + "pattern": "^[a-zA-Z0-9\\_-]+$", + "type": "string" + }, + "name": { + "description": "name is the name of the customer-managed encryption key to be used for disk encryption.\nThe value should correspond to an existing KMS key and should\nconsist of only alphanumeric characters, hyphens (-) and underscores (_),\nand be at most 63 characters in length.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z0-9\\_-]+$", + "type": "string" + }, + "projectID": { + "description": "projectID is the ID of the Project in which the KMS Key Ring exists.\nIt must be 6 to 30 lowercase letters, digits, or hyphens.\nIt must start with a letter. Trailing hyphens are prohibited.", + "maxLength": 30, + "minLength": 6, + "pattern": "^[a-z][a-z0-9-]+[a-z0-9]$", + "type": "string" + } + }, + "required": [ + "keyRing", + "name", + "projectID" + ], + "type": "object" + } + }, + "type": "object" }, - "reservedCpuFreq": { - "description": "ReservedCpuFreq defines a maximum frequency to be set across reserved cpus", - "type": "integer" - } - }, - "type": "object" - }, - "hugepages": { - "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the performance-addon-operator.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", - "properties": { - "defaultHugepagesSize": { - "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", - "type": "string" + "ibmcloud": { + "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "properties": { + "encryptionKeyCRN": { + "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use\nfor disk encryption of volumes for the default storage classes.", + "maxLength": 154, + "minLength": 144, + "pattern": "^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$", + "type": "string" + } + }, + "required": [ + "encryptionKeyCRN" + ], + "type": "object" }, - "pages": { - "description": "Pages defines huge pages that we want to allocate at boot time.", - "items": { - "description": "HugePage defines the number of allocated huge pages of the specific size.", - "properties": { - "count": { - "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", - "format": "int32", - "type": "integer" - }, - "node": { - "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", - "format": "int32", - "type": "integer" - }, - "size": { - "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", - "type": "string" - } + "vSphere": { + "description": "vSphere is used to configure the vsphere CSI driver.", + "properties": { + "globalMaxSnapshotsPerBlockVolume": { + "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of\ndatastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3.\nSnapshots can not be disabled using this parameter.\nIncreasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279\nVolume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", + "format": "int32", + "maximum": 32, + "minimum": 1, + "type": "integer" }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "machineConfigLabel": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" - }, - "machineConfigPoolSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" - }, - "net": { - "description": "Net defines a set of network related features", - "properties": { - "devices": { - "description": "Devices contains a list of network device representations that will be\nset with a netqueue count equal to CPU.Reserved .\nIf no devices are specified then the default is all devices.", - "items": { - "description": "Device defines a way to represent a network device in several options:\ndevice name, vendor ID, model ID, PCI path and MAC address", - "properties": { - "deviceID": { - "description": "Network device ID (model) represnted as a 16 bit hexmadecimal number.", - "type": "string" - }, - "interfaceName": { - "description": "Network device name to be matched. It uses a syntax of shell-style wildcards which are either positive or negative.", + "granularMaxSnapshotsPerBlockVolumeInVSAN": { + "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It\noverrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.\nSnapshots for VSAN can not be disabled using this parameter.", + "format": "int32", + "maximum": 32, + "minimum": 1, + "type": "integer" + }, + "granularMaxSnapshotsPerBlockVolumeInVVOL": { + "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only.\nIt overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset.\nSnapshots for VVOL can not be disabled using this parameter.", + "format": "int32", + "maximum": 32, + "minimum": 1, + "type": "integer" + }, + "topologyCategories": { + "description": "topologyCategories indicates tag categories with which\nvcenter resources such as hostcluster or datacenter were tagged with.\nIf cluster Infrastructure object has a topology, values specified in\nInfrastructure object will be used and modifications to topologyCategories\nwill be rejected.", + "items": { "type": "string" }, - "vendorID": { - "description": "Network device vendor ID represnted as a 16 bit Hexmadecimal number.", - "type": "string" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "array" - }, - "userLevelNetworking": { - "description": "UserLevelNetworking when enabled - sets either all or specified network devices queue size to the amount of reserved CPUs. Defaults to \"false\".", - "type": "boolean" + "type": "object" } }, - "type": "object" + "required": [ + "driverType" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise", + "rule": "has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)" + } + ] }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.\nIn the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format\n/: \"\" in order to be able to calculate the default values for the former mentioned fields.", - "type": "object" + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" }, - "numa": { - "description": "NUMA defines options related to topology aware affinities", - "properties": { - "topologyPolicy": { - "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", - "type": "string" - } - }, - "type": "object" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" }, - "realTimeKernel": { - "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", - "properties": { - "enabled": { - "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", - "type": "boolean" - } - }, - "type": "object" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "workloadHints": { - "description": "WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and\nkernel arguments that should be applied on top of the node.", - "properties": { - "highPowerConsumption": { - "description": "HighPowerConsumption defines if the node should be configured in high power consumption mode.\nThe flag will affect the power consumption but will improve the CPUs latency.", - "type": "boolean" - }, - "perPodPowerManagement": { - "description": "PerPodPowerManagement defines if the node should be configured in per pod power management.\nPerPodPowerManagement and HighPowerConsumption hints can not be enabled together.", - "type": "boolean" - }, - "realTime": { - "default": true, - "description": "RealTime defines if the node should be configured for the real time workload. Defaults to true.", - "type": "boolean" - } - }, - "type": "object" + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "storageClassState": { + "description": "storageClassState determines if CSI operator should create and manage storage classes.\nIf this field value is empty or Managed - CSI operator will continuously reconcile\nstorage class and create if necessary.\nIf this field value is Unmanaged - CSI operator will not reconcile any previously created\nstorage class.\nIf this field value is Removed - CSI operator will delete the storage class it created previously.\nWhen omitted, this means the user has no opinion and the platform chooses a reasonable default,\nwhich is subject to change over time.\nThe current default behaviour is Managed.", + "enum": [ + "", + "Managed", + "Unmanaged", + "Removed" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "cpu", - "nodeSelector" - ], "type": "object" }, "status": { - "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", + "description": "status holds observed values from the cluster. They may not be overridden.", "properties": { "conditions": { - "description": "Conditions represents the latest available observations of current state.", + "description": "conditions is a list of conditions and their status", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "OperatorCondition is just the standard condition fields.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, @@ -281054,45 +224532,125 @@ "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "runtimeClass": { - "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "tuned": { - "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfile", + "group": "operator.openshift.io", + "kind": "ClusterCSIDriver", "version": "v1" } ] }, - "performance.openshift.io/v1/PerformanceProfileList": { - "description": "PerformanceProfileList is a list of PerformanceProfile", + "operator.openshift.io/v1/ClusterCSIDriverList": { + "description": "ClusterCSIDriverList is a list of ClusterCSIDriver", "namespaced": true, "properties": { "apiVersion": { @@ -281100,9 +224658,9 @@ "type": "string" }, "items": { - "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clustercsidrivers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.performance.v1.PerformanceProfile" + "$ref": "#/components/schemas/io.openshift.operator.v1.ClusterCSIDriver" }, "type": "array" }, @@ -281125,14 +224683,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfileList", + "group": "operator.openshift.io", + "kind": "ClusterCSIDriverList", "version": "v1" } ] }, - "performance.openshift.io/v1alpha1/PerformanceProfile": { - "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "operator.openshift.io/v1/Config": { + "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components\non the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -281152,173 +224710,191 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "description": "spec is the specification of the desired behavior of the Config Operator.", "properties": { - "additionalKernelArgs": { - "description": "Additional kernel arguments.", - "items": { - "type": "string" - }, - "type": "array" - }, - "cpu": { - "description": "CPU defines a set of CPU related parameters.", - "properties": { - "balanceIsolated": { - "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", - "type": "boolean" - }, - "isolated": { - "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", - "type": "string" - }, - "reserved": { - "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", - "type": "string" - } - }, - "type": "object" - }, - "hugepages": { - "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the performance-addon-operator.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", - "properties": { - "defaultHugepagesSize": { - "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", - "type": "string" - }, - "pages": { - "description": "Pages defines huge pages that we want to allocate at boot time.", - "items": { - "description": "HugePage defines the number of allocated huge pages of the specific size.", - "properties": { - "count": { - "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", - "format": "int32", - "type": "integer" - }, - "node": { - "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", - "format": "int32", - "type": "integer" - }, - "size": { - "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "machineConfigLabel": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" }, - "machineConfigPoolSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.", - "type": "object" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "numa": { - "description": "NUMA defines options related to topology aware affinities", - "properties": { - "topologyPolicy": { - "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", - "type": "string" - } - }, - "type": "object" + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" }, - "realTimeKernel": { - "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", - "properties": { - "enabled": { - "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", - "type": "boolean" - } + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status defines the observed status of the Config Operator.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", - "properties": { - "conditions": { - "description": "Conditions represents the latest available observations of current state.", + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", + "group": { + "description": "group is the group of the thing you're tracking", "type": "string" }, - "lastTransitionTime": { - "format": "date-time", + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", "type": "string" }, - "message": { - "type": "string" + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" }, - "reason": { + "name": { + "description": "name is the name of the thing you're tracking", "type": "string" }, - "status": { + "namespace": { + "description": "namespace is where the thing you're tracking is", "type": "string" }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "resource": { + "description": "resource is the resource type of the thing you're tracking", "type": "string" } }, "required": [ - "status", - "type" + "group", + "name", + "namespace", + "resource" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "runtimeClass": { - "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] }, - "tuned": { - "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfile", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "Config", + "version": "v1" } ] }, - "performance.openshift.io/v1alpha1/PerformanceProfileList": { - "description": "PerformanceProfileList is a list of PerformanceProfile", + "operator.openshift.io/v1/ConfigList": { + "description": "ConfigList is a list of Config", "namespaced": true, "properties": { "apiVersion": { @@ -281326,9 +224902,9 @@ "type": "string" }, "items": { - "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.performance.v1alpha1.PerformanceProfile" + "$ref": "#/components/schemas/io.openshift.operator.v1.Config" }, "type": "array" }, @@ -281351,14 +224927,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfileList", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "ConfigList", + "version": "v1" } ] }, - "performance.openshift.io/v2/PerformanceProfile": { - "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "operator.openshift.io/v1/Console": { + "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -281378,218 +224954,843 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "description": "ConsoleSpec is the specification of the desired behavior of the Console.", "properties": { - "additionalKernelArgs": { - "description": "Additional kernel arguments.", - "items": { - "type": "string" - }, - "type": "array" - }, - "cpu": { - "description": "CPU defines a set of CPU related parameters.", + "customization": { + "description": "customization is used to optionally provide a small set of\ncustomization options to the web console.", "properties": { - "balanceIsolated": { - "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", - "type": "boolean" + "addPage": { + "description": "addPage allows customizing actions on the Add page in developer perspective.", + "properties": { + "disabledActions": { + "description": "disabledActions is a list of actions that are not shown to users.\nEach action in the list is represented by its ID.", + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "type": "object" }, - "isolated": { - "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", + "brand": { + "description": "brand is the default branding of the web console which can be overridden by\nproviding the brand field. There is a limited set of specific brand options.\nThis field controls elements of the console such as the logo.\nInvalid value will prevent a console rollout.", + "enum": [ + "openshift", + "okd", + "online", + "ocp", + "dedicated", + "azure", + "OpenShift", + "OKD", + "Online", + "OCP", + "Dedicated", + "Azure", + "ROSA" + ], "type": "string" }, - "offlined": { - "description": "Offline defines a set of CPUs that will be unused and set offline", - "type": "string" + "capabilities": { + "description": "capabilities defines an array of capabilities that can be interacted with in the console UI.\nEach capability defines a visual state that can be interacted with the console to render in the UI.\nAvailable capabilities are LightspeedButton and GettingStartedBanner.\nEach of the available capabilities may appear only once in the list.", + "items": { + "description": "Capabilities contains set of UI capabilities and their state in the console UI.", + "properties": { + "name": { + "description": "name is the unique name of a capability.\nAvailable capabilities are LightspeedButton and GettingStartedBanner.", + "enum": [ + "LightspeedButton", + "GettingStartedBanner" + ], + "type": "string" + }, + "visibility": { + "description": "visibility defines the visibility state of the capability.", + "properties": { + "state": { + "description": "state defines if the capability is enabled or disabled in the console UI.\nEnabling the capability in the console UI is represented by the \"Enabled\" value.\nDisabling the capability in the console UI is represented by the \"Disabled\" value.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object" + } + }, + "required": [ + "name", + "visibility" + ], + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "reserved": { - "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", - "type": "string" + "customLogoFile": { + "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a\nOnly one of customLogoFile or logos can be set at a time.\nConfigMap in the openshift-config namespace. This can be created with a command like\n'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'.\nImage size must be less than 1 MB due to constraints on the ConfigMap size.\nThe ConfigMap key should include a file extension so that the console serves the file\nwith the correct MIME type.\nThe recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser.\nDeprecated: Use logos instead.", + "properties": { + "key": { + "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" }, - "shared": { - "description": "Shared defines a set of CPUs that will be shared among guaranteed workloads\nthat needs additional cpus which are not exclusive,\nalongside the isolated, exclusive resources that are being used already by those workloads.", + "customProductName": { + "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog\ninstead of the normal OpenShift product name.", "type": "string" - } - }, - "required": [ - "isolated", - "reserved" - ], - "type": "object" - }, - "globallyDisableIrqLoadBalancing": { - "description": "GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set.\nWhen the option is set to \"true\" it disables IRQs load balancing for the Isolated CPU set.\nSetting the option to \"false\" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing\ncan be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations.\nDefaults to \"false\"", - "type": "boolean" - }, - "hardwareTuning": { - "description": "HardwareTuning defines a set of CPU frequencies for isolated and reserved cpus.", - "properties": { - "isolatedCpuFreq": { - "description": "IsolatedCpuFreq defines a minimum frequency to be set across isolated cpus", - "type": "integer" }, - "reservedCpuFreq": { - "description": "ReservedCpuFreq defines a maximum frequency to be set across reserved cpus", - "type": "integer" - } - }, - "type": "object" - }, - "hugepages": { - "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", - "properties": { - "defaultHugepagesSize": { - "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", + "developerCatalog": { + "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", + "properties": { + "categories": { + "description": "categories which are shown in the developer catalog.", + "items": { + "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "properties": { + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console.\nID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "maxLength": 32, + "minLength": 1, + "pattern": "^[A-Za-z0-9-_]+$", + "type": "string" + }, + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "subcategories": { + "description": "subcategories defines a list of child categories.", + "items": { + "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", + "properties": { + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console.\nID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "maxLength": 32, + "minLength": 1, + "pattern": "^[A-Za-z0-9-_]+$", + "type": "string" + }, + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", + "maxLength": 64, + "minLength": 1, + "type": "string" + }, + "tags": { + "description": "tags is a list of strings that will match the category. A selected category\nshow all items which has at least one overlapping tag between category and item.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "id", + "label" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "description": "tags is a list of strings that will match the category. A selected category\nshow all items which has at least one overlapping tag between category and item.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "id", + "label" + ], + "type": "object" + }, + "type": "array" + }, + "types": { + "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog.\nWhen omitted, all the sub-catalog types will be shown.", + "properties": { + "disabled": { + "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users.\nTypes (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available\nin the console on the cluster configuration page, or when editing the YAML in the console.\nExample: \"Devfile\", \"HelmChart\", \"BuilderImage\"\nIf the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "enabled": { + "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users.\nTypes (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available\nin the console on the cluster configuration page, or when editing the YAML in the console.\nExample: \"Devfile\", \"HelmChart\", \"BuilderImage\"\nIf the list is non-empty, a new type will not be shown to the user until it is added to list.\nIf the list is empty the complete developer catalog will be shown.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "state": { + "default": "Enabled", + "description": "state defines if a list of catalog types should be enabled or disabled.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "enabled is forbidden when state is not Enabled", + "rule": "self.state == 'Enabled' ? true : !has(self.enabled)" + }, + { + "message": "disabled is forbidden when state is not Disabled", + "rule": "self.state == 'Disabled' ? true : !has(self.disabled)" + } + ] + } + }, + "type": "object" + }, + "documentationBaseURL": { + "description": "documentationBaseURL links to external documentation are shown in various sections\nof the web console. Providing documentationBaseURL will override the default\ndocumentation URL.\nInvalid value will prevent a console rollout.", + "pattern": "^$|^((https):\\/\\/?)[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|\\/?))\\/$", "type": "string" }, - "pages": { - "description": "Pages defines huge pages that we want to allocate at boot time.", + "logos": { + "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos.\nlogos is an optional field that allows a list of logos.\nOnly one of logos or customLogoFile can be set at a time.\nIf logos is set, customLogoFile must be unset.\nWhen specified, there must be at least one entry and no more than 2 entries.\nEach type must appear only once in the list.", "items": { - "description": "HugePage defines the number of allocated huge pages of the specific size.", + "description": "Logo defines a configuration based on theme modes for the console UI logo.", "properties": { - "count": { - "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", - "format": "int32", - "type": "integer" - }, - "node": { - "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", - "format": "int32", - "type": "integer" + "themes": { + "description": "themes specifies the themes for the console UI logo.\nthemes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field.\nEach mode determines whether the logo is for the dark or light mode of the console UI.\nIf a theme is not specified, the default OpenShift logo will be displayed for that theme.\nThere must be at least one entry and no more than 2 entries.", + "items": { + "description": "Theme defines a theme mode for the console UI.", + "properties": { + "mode": { + "description": "mode is used to specify what theme mode a logo will apply to in the console UI.\nmode is a required field that allows values of Dark and Light.\nWhen set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode.\nWhen set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.", + "enum": [ + "Dark", + "Light" + ], + "type": "string" + }, + "source": { + "description": "source is used by the console to locate the specified file containing a custom logo.\nsource is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace.\nYou can create it with a command like:\n- 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file'\nThe ConfigMap key must include the file extension so that the console serves the file with the correct MIME type.\nThe recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser.\nThe logo image size must be less than 1 MB due to constraints on the ConfigMap size.\nFor more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", + "properties": { + "configMap": { + "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file.\nThe ConfigMap must exist in the openshift-config namespace.\nRequired when from is \"ConfigMap\", and forbidden otherwise.", + "properties": { + "key": { + "description": "key is the logo key inside the referenced ConfigMap.\nMust consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.).\nMust be at most 253 characters in length.\nMust end in a valid file extension.\nA valid file extension must consist of a period followed by 2 to 5 alpha characters.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "The ConfigMap key must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.).", + "rule": "self.matches('^[a-zA-Z0-9._-]+$')" + }, + { + "message": "The ConfigMap key must end with a valid file extension (2 to 5 letters).", + "rule": "self.matches('.*\\\\.[a-zA-Z]{2,5}$')" + } + ] + }, + "name": { + "description": "name is the name of the ConfigMap.\nname is a required field.\nMust consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.\nMust be at most 253 characters in length.", + "maxLength": 253, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.", + "rule": "!format.dns1123Subdomain().validate(self).hasValue()" + } + ] + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "from": { + "description": "from is a required field to specify the source type of the file reference.\nAllowed values are ConfigMap.\nWhen set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.", + "enum": [ + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "from" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "configMap is required when from is 'ConfigMap', and forbidden otherwise.", + "rule": "has(self.from) && self.from == 'ConfigMap' ? has(self.configMap) : !has(self.configMap)" + } + ] + } + }, + "required": [ + "mode", + "source" + ], + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mode" + ], + "x-kubernetes-list-type": "map" }, - "size": { - "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", + "type": { + "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon.\ntype is a required field that allows values of Masthead and Favicon.\nWhen set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI.\nWhen set to \"Favicon\", the logo will be used as the favicon of the console UI.", + "enum": [ + "Masthead", + "Favicon" + ], "type": "string" } }, + "required": [ + "themes", + "type" + ], "type": "object" }, - "type": "array" - } - }, - "type": "object" - }, - "kernelPageSize": { - "default": "4k", - "description": "KernelPageSize defines the kernel page size. 4k is the default, 64k is only supported on aarch64", - "type": "string" - }, - "machineConfigLabel": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" - }, - "machineConfigPoolSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", - "type": "object" - }, - "net": { - "description": "Net defines a set of network related features", - "properties": { - "devices": { - "description": "Devices contains a list of network device representations that will be\nset with a netqueue count equal to CPU.Reserved .\nIf no devices are specified then the default is all devices.", + "maxItems": 2, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "perspectives": { + "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", "items": { - "description": "Device defines a way to represent a network device in several options:\ndevice name, vendor ID, model ID, PCI path and MAC address", + "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", "properties": { - "deviceID": { - "description": "Network device ID (model) represnted as a 16 bit hexmadecimal number.", + "id": { + "description": "id defines the id of the perspective.\nExample: \"dev\", \"admin\".\nThe available perspective ids can be found in the code snippet section next to the yaml editor.\nIncorrect or unknown ids will be ignored.", "type": "string" }, - "interfaceName": { - "description": "Network device name to be matched. It uses a syntax of shell-style wildcards which are either positive or negative.", - "type": "string" + "pinnedResources": { + "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves.\nThe list of available Kubernetes resources could be read via `kubectl api-resources`.\nThe console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation.\nIncorrect or unknown resources will be ignored.", + "items": { + "description": "PinnedResourceReference includes the group, version and type of resource", + "properties": { + "group": { + "description": "group is the API Group of the Resource.\nEnter empty string for the core group.\nThis value should consist of only lowercase alphanumeric characters, hyphens and periods.\nExample: \"\", \"apps\", \"build.openshift.io\", etc.", + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "resource": { + "description": "resource is the type that is being referenced.\nIt is normally the plural form of the resource kind in lowercase.\nThis value should consist of only lowercase alphanumeric characters and hyphens.\nExample: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "version": { + "description": "version is the API Version of the Resource.\nThis value should consist of only lowercase alphanumeric characters.\nExample: \"v1\", \"v1beta1\", etc.", + "pattern": "^[a-z0-9]+$", + "type": "string" + } + }, + "required": [ + "group", + "resource", + "version" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array" }, - "vendorID": { - "description": "Network device vendor ID represnted as a 16 bit Hexmadecimal number.", - "type": "string" + "visibility": { + "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", + "properties": { + "accessReview": { + "description": "accessReview defines required and missing access review checks.", + "minProperties": 1, + "properties": { + "missing": { + "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", + "items": { + "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", + "properties": { + "fieldSelector": { + "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", + "properties": { + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a field selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", + "items": { + "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the field selector key that the requirement applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.\nThe list of operators may grow in the future.", + "type": "string" + }, + "values": { + "description": "values is an array of string values.\nIf the operator is In or NotIn, the values array must be non-empty.\nIf the operator is Exists or DoesNotExist, the values array must be empty.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "group": { + "description": "Group is the API Group of the Resource. \"*\" means all.", + "type": "string" + }, + "labelSelector": { + "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", + "properties": { + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a label selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces\n\"\" (empty) is defaulted for LocalSubjectAccessReviews\n\"\" (empty) is empty for cluster-scoped resources\n\"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", + "type": "string" + }, + "resource": { + "description": "Resource is one of the existing resource types. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "Subresource is one of the existing resource types. \"\" means none.", + "type": "string" + }, + "verb": { + "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "Version is the API Version of the Resource. \"*\" means all.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "required": { + "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", + "items": { + "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", + "properties": { + "fieldSelector": { + "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", + "properties": { + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a field selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", + "items": { + "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the field selector key that the requirement applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.\nThe list of operators may grow in the future.", + "type": "string" + }, + "values": { + "description": "values is an array of string values.\nIf the operator is In or NotIn, the values array must be non-empty.\nIf the operator is Exists or DoesNotExist, the values array must be empty.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "group": { + "description": "Group is the API Group of the Resource. \"*\" means all.", + "type": "string" + }, + "labelSelector": { + "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the\n`AuthorizeWithSelectors` feature gate (disabled by default).", + "properties": { + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter.\nWebhook implementations are encouraged to ignore rawSelector.\nThe kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a label selector.\nAll requirements must be met for a resource instance to match the selector.\nWebhook implementations should handle requirements, but how to handle them is up to the webhook.\nSince requirements can only limit the request, it is safe to authorize as unlimited request if the requirements\nare not understood.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces\n\"\" (empty) is defaulted for LocalSubjectAccessReviews\n\"\" (empty) is empty for cluster-scoped resources\n\"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", + "type": "string" + }, + "resource": { + "description": "Resource is one of the existing resource types. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "Subresource is one of the existing resource types. \"\" means none.", + "type": "string" + }, + "verb": { + "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "Version is the API Version of the Resource. \"*\" means all.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "state": { + "description": "state defines the perspective is enabled or disabled or access review check is required.", + "enum": [ + "Enabled", + "Disabled", + "AccessReview" + ], + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "accessReview configuration is required when state is AccessReview, and forbidden otherwise", + "rule": "self.state == 'AccessReview' ? has(self.accessReview) : !has(self.accessReview)" + } + ] } }, - "type": "object" + "required": [ + "id", + "visibility" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "pinnedResources is allowed only for dev and forbidden for other perspectives", + "rule": "has(self.id) && self.id != 'dev'? !has(self.pinnedResources) : true" + } + ] }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "id" + ], + "x-kubernetes-list-type": "map" }, - "userLevelNetworking": { - "description": "UserLevelNetworking when enabled - sets either all or specified network devices queue size to the amount of reserved CPUs. Defaults to \"false\".", - "type": "boolean" + "projectAccess": { + "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective\nProject access page which can be used by a project admin to specify roles to other users and\nrestrict access within the project. If set, the list will replace the default ClusterRole options.", + "properties": { + "availableClusterRoles": { + "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users\nthrough the project access tab.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "quickStarts": { + "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "properties": { + "disabled": { + "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" } }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.\nIn the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format\n/: \"\" in order to be able to calculate the default values for the former mentioned fields.", - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Only one of logos or customLogoFile can be set.", + "rule": "!(has(self.logos) && has(self.customLogoFile))" + } + ] }, - "numa": { - "description": "NUMA defines options related to topology aware affinities", + "ingress": { + "description": "ingress allows to configure the alternative ingress for the console.\nThis field is intended for clusters without ingress capability,\nwhere access to routes is not possible.", "properties": { - "topologyPolicy": { - "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", - "type": "string" + "clientDownloadsURL": { + "description": "clientDownloadsURL is a URL to be used as the address to download client binaries.\nIf not specified, the downloads route hostname will be used.\nThis field is required for clusters without ingress capability,\nwhere access to routes is not possible.\nThe console operator will monitor the URL and may go degraded\nif it's unreachable for an extended period.\nMust use the HTTPS scheme.", + "maxLength": 1024, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "client downloads url must be a valid absolute URL", + "rule": "size(self) == 0 || isURL(self)" + }, + { + "message": "client downloads url scheme must be https", + "rule": "size(self) == 0 || url(self).getScheme() == 'https'" + } + ] + }, + "consoleURL": { + "description": "consoleURL is a URL to be used as the base console address.\nIf not specified, the console route hostname will be used.\nThis field is required for clusters without ingress capability,\nwhere access to routes is not possible.\nMake sure that appropriate ingress is set up at this URL.\nThe console operator will monitor the URL and may go degraded\nif it's unreachable for an extended period.\nMust use the HTTPS scheme.", + "maxLength": 1024, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "console url must be a valid absolute URL", + "rule": "size(self) == 0 || isURL(self)" + }, + { + "message": "console url scheme must be https", + "rule": "size(self) == 0 || url(self).getScheme() == 'https'" + } + ] } }, "type": "object" }, - "realTimeKernel": { - "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "plugins": { + "description": "plugins defines a list of enabled console plugin names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "providers": { + "description": "providers contains configuration for using specific service providers.", "properties": { - "enabled": { - "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", - "type": "boolean" + "statuspage": { + "description": "statuspage contains ID for statuspage.io page that provides status info about.", + "properties": { + "pageID": { + "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", + "type": "string" + } + }, + "type": "object" } }, "type": "object" }, - "workloadHints": { - "description": "WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and\nkernel arguments that should be applied on top of the node.", + "route": { + "description": "route contains hostname and secret reference that contains the serving certificate.\nIf a custom route is specified, a new route will be created with the\nprovided hostname, under which console will be available.\nIn case of custom hostname uses the default routing suffix of the cluster,\nthe Secret specification for a serving certificate will not be needed.\nIn case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary.\nThe default console route will be maintained to reserve the default hostname\nfor console if the custom route is removed.\nIf not specified, default route will be used.\nDEPRECATED", "properties": { - "highPowerConsumption": { - "description": "HighPowerConsumption defines if the node should be configured in high power consumption mode.\nThe flag will affect the power consumption but will improve the CPUs latency. Defaults to false.", - "type": "boolean" - }, - "mixedCpus": { - "description": "MixedCpus enables the mixed-cpu-node-plugin on the node.\nDefaults to false.", - "type": "boolean" - }, - "perPodPowerManagement": { - "description": "PerPodPowerManagement defines if the node should be configured in per pod power management.\nPerPodPowerManagement and HighPowerConsumption hints can not be enabled together. Defaults to false.", - "type": "boolean" + "hostname": { + "description": "hostname is the desired custom domain under which console will be available.", + "type": "string" }, - "realTime": { - "default": true, - "description": "RealTime defines if the node should be configured for the real time workload. Defaults to true.", - "type": "boolean" + "secret": { + "description": "secret points to secret in the openshift-config namespace that contains custom\ncertificate and key and needs to be created manually by the cluster admin.\nReferenced Secret is required to contain following key value pairs:\n- \"tls.crt\" - to specifies custom certificate\n- \"tls.key\" - to specifies private key of the custom certificate\nIf the custom hostname uses the default routing suffix of the cluster,\nthe Secret specification for a serving certificate will not be needed.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" } }, "type": "object" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "cpu", - "nodeSelector" - ], "type": "object" }, "status": { - "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", + "description": "ConsoleStatus defines the observed status of the Console.", "properties": { "conditions": { - "description": "Conditions represents the latest available observations of current state.", + "description": "conditions is a list of conditions and their status", "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "description": "OperatorCondition is just the standard condition fields.", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, @@ -281600,45 +225801,125 @@ "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", "status", "type" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "runtimeClass": { - "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "tuned": { - "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfile", - "version": "v2" + "group": "operator.openshift.io", + "kind": "Console", + "version": "v1" } ] }, - "performance.openshift.io/v2/PerformanceProfileList": { - "description": "PerformanceProfileList is a list of PerformanceProfile", + "operator.openshift.io/v1/ConsoleList": { + "description": "ConsoleList is a list of Console", "namespaced": true, "properties": { "apiVersion": { @@ -281646,9 +225927,9 @@ "type": "string" }, "items": { - "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.performance.v2.PerformanceProfile" + "$ref": "#/components/schemas/io.openshift.operator.v1.Console" }, "type": "array" }, @@ -281671,14 +225952,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "performance.openshift.io", - "kind": "PerformanceProfileList", - "version": "v2" + "group": "operator.openshift.io", + "kind": "ConsoleList", + "version": "v1" } ] }, - "policy.networking.k8s.io/v1alpha1/AdminNetworkPolicy": { - "description": "AdminNetworkPolicy is a cluster level resource that is part of the\nAdminNetworkPolicy API.", + "operator.openshift.io/v1/DNS": { + "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. \n This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -281698,823 +225979,398 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of AdminNetworkPolicy.", + "description": "spec is the specification of the desired behavior of the DNS.", "properties": { - "egress": { - "description": "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a AdminNetworkPolicy's\nSubject field.\n", - "properties": { - "action": { - "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core", - "enum": [ - "Allow", - "Deny", - "Pass" - ], - "type": "string" - }, - "name": { - "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core", - "maxLength": 100, + "cache": { + "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", + "properties": { + "negativeTTL": { + "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached. \n If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", + "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "positiveTTL": { + "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached. \n If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", + "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + } + }, + "type": "object" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses. Setting logLevel: Trace will produce extremely verbose logs. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", + "enum": [ + "Normal", + "Debug", + "Trace" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether the DNS operator should manage cluster DNS", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "nodePlacement": { + "description": "nodePlacement provides explicit control over the scheduling of DNS pods. \n Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. \n If unset, defaults are used. See nodePlacement for more details.", + "properties": { + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "ports": { - "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namedPort": { - "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", - "type": "string" - }, - "portNumber": { - "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", - "properties": { - "port": { - "description": "Number defines a network port value.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - } - }, - "required": [ - "port", - "protocol" - ], - "type": "object" - }, - "portRange": { - "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", - "properties": { - "end": { - "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - }, - "start": { - "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "end", - "start" - ], - "type": "object" - } + "description": "nodeSelector is the node selector applied to DNS pods. \n If empty, the default is used, which is currently the following: \n kubernetes.io/os: linux \n This default is subject to change. \n If set, the specified selector is used and replaces the default.", + "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to DNS pods. \n If empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable. \n Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" }, - "type": "object" - }, - "maxItems": 100, - "type": "array" - }, - "to": { - "description": "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namespaces": { - "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "networks": { - "description": "Networks defines a way to select peers via CIDR blocks.\nThis is intended for representing entities that live outside the cluster,\nwhich can't be selected by pods, namespaces and nodes peers, but note\nthat cluster-internal traffic will be checked against the rule as\nwell. So if you Allow or Deny traffic to `\"0.0.0.0/0\"`, that will allow\nor deny all IPv4 pod-to-pod traffic as well. If you don't want that,\nadd a rule that Passes all pod traffic before the Networks rule.\n\n\nEach item in Networks should be provided in the CIDR format and should be\nIPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".\n\n\nNetworks can have upto 25 CIDRs specified.\n\n\nSupport: Extended\n\n\n", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid CIDR format provided", - "rule": "isCIDR(self)" - }, - { - "message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported", - "rule": "self.contains(':') != self.contains('.')" - } - ] - }, - "maxItems": 25, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "nodes": { - "description": "Nodes defines a way to select a set of nodes in\nthe cluster. This field follows standard label selector\nsemantics; if present but empty, it selects all Nodes.\n\n\nSupport: Extended\n\n\n", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pods": { - "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" - } + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" }, - "type": "object" + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "maxItems": 100, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "action", - "to" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes", - "rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" - } - ] + "type": "object" + }, + "type": "array" + } }, - "maxItems": 100, - "type": "array" + "type": "object" }, - "ingress": { - "description": "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core", + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", + "enum": [ + "Normal", + "Debug", + "Trace" + ], + "type": "string" + }, + "servers": { + "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. \n For example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\". \n If this field is nil, no servers are created.", "items": { - "description": "AdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by an AdminNetworkPolicy's\nSubject field.", + "description": "Server defines the schema for a server that runs per instance of CoreDNS.", "properties": { - "action": { - "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core", - "enum": [ - "Allow", - "Deny", - "Pass" - ], - "type": "string" - }, - "from": { - "description": "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namespaces": { - "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "forwardPlugin": { + "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", + "properties": { + "policy": { + "default": "Random", + "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: \n * \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. \n The default value is \"Random\"", + "enum": [ + "Random", + "RoundRobin", + "Sequential" + ], + "type": "string" + }, + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", + "enum": [ + "TCP", + "" + ], + "type": "string" + }, + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. \n The default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "properties": { + "tls": { + "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", + "properties": { + "caBundle": { + "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. \n 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "description": "name is the metadata.name of the referenced config map", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" } }, "required": [ - "key", - "operator" + "name" ], "type": "object" }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { + "serverName": { + "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", + "maxLength": 253, + "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pods": { - "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + } }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "required": [ + "serverName" + ], + "type": "object" }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" - } + "transport": { + "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). \n Possible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", + "enum": [ + "TLS", + "Cleartext", + "" + ], + "type": "string" + } + }, + "type": "object" }, - "type": "object" + "upstreams": { + "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. \n A maximum of 15 upstreams is allowed per ForwardPlugin.", + "items": { + "type": "string" + }, + "maxItems": 15, + "type": "array" + } }, - "maxItems": 100, - "minItems": 1, - "type": "array" + "type": "object" }, "name": { - "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core", - "maxLength": 100, + "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", "type": "string" }, - "ports": { - "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", + "zones": { + "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", "items": { - "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namedPort": { - "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", - "type": "string" - }, - "portNumber": { - "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", - "properties": { - "port": { - "description": "Number defines a network port value.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - } - }, - "required": [ - "port", - "protocol" - ], - "type": "object" - }, - "portRange": { - "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", - "properties": { - "end": { - "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - }, - "start": { - "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "end", - "start" - ], - "type": "object" - } - }, - "type": "object" + "type": "string" }, - "maxItems": 100, "type": "array" } }, - "required": [ - "action", - "from" - ], "type": "object" }, - "maxItems": 100, "type": "array" }, - "priority": { - "description": "Priority is a value from 0 to 1000. Rules with lower priority values have\nhigher precedence, and are checked before rules with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nThe behavior is undefined if two ANP objects have same priority.\n\n\nSupport: Core", - "format": "int32", - "maximum": 1000, - "minimum": 0, - "type": "integer" - }, - "subject": { - "description": "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core", - "maxProperties": 1, - "minProperties": 1, + "upstreamResolvers": { + "default": {}, + "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server \n If this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", "properties": { - "namespaces": { - "description": "Namespaces is used to select pods via namespace selectors.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "policy": { + "default": "Sequential", + "description": "Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified: \n * \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. \n The default value is \"Sequential\"", + "enum": [ + "Random", + "RoundRobin", + "Sequential" + ], + "type": "string" }, - "pods": { - "description": "Pods is used to select pods via namespace AND pod selectors.", + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", + "enum": [ + "TCP", + "" + ], + "type": "string" + }, + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. \n The default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", + "tls": { + "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "caBundle": { + "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers. \n 1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "name" + ], "type": "object" + }, + "serverName": { + "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", + "maxLength": 253, + "pattern": "^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])(\\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9]))*$", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "serverName" + ], + "type": "object" }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "transport": { + "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s). \n Possible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", + "enum": [ + "TLS", + "Cleartext", + "" + ], + "type": "string" + } + }, + "type": "object" + }, + "upstreams": { + "default": [ + { + "type": "SystemResolvConf" + } + ], + "description": "Upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. \n A maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", + "items": { + "anyOf": [ + { + "not": { + "required": [ + "address", + "port" + ] }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "properties": { + "type": { + "enum": [ + "", + "SystemResolvConf" + ] + } } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + { + "properties": { + "type": { + "enum": [ + "Network" + ] + } + }, + "required": [ + "address" + ] + } + ], + "description": "Upstream can either be of type SystemResolvConf, or of type Network. \n - For an Upstream of type SystemResolvConf, no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. - For an Upstream of type Network, a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53.", + "properties": { + "address": { + "anyOf": [ + { + "format": "ipv4" + }, + { + "format": "ipv6" + } + ], + "description": "Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", + "type": "string" + }, + "port": { + "default": 53, + "description": "Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "type": { + "description": "Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. \n * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address", + "enum": [ + "SystemResolvConf", + "Network", + "" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" + "maxItems": 15, + "type": "array" } }, "type": "object" } }, - "required": [ - "priority", - "subject" - ], "type": "object" }, "status": { - "description": "Status is the status to be reported by the implementation.", + "description": "status is the most recently observed status of the DNS.", "properties": { + "clusterDomain": { + "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", + "type": "string" + }, + "clusterIP": { + "description": "clusterIP is the service IP through which this DNS is made available. \n In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. \n In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, "conditions": { + "description": "conditions provide information about the state of the DNS on the cluster. \n These are the supported DNS conditions: \n * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", + "description": "OperatorCondition is just the standard condition fields.", "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", "type" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "array" } }, "required": [ - "conditions" + "clusterDomain", + "clusterIP" ], "type": "object" } }, - "required": [ - "metadata", - "spec" - ], + "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy.networking.k8s.io", - "kind": "AdminNetworkPolicy", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "DNS", + "version": "v1" } ] }, - "policy.networking.k8s.io/v1alpha1/AdminNetworkPolicyList": { - "description": "AdminNetworkPolicyList is a list of AdminNetworkPolicy", + "operator.openshift.io/v1/DNSList": { + "description": "DNSList is a list of DNS", "namespaced": true, "properties": { "apiVersion": { @@ -282522,9 +226378,9 @@ "type": "string" }, "items": { - "description": "List of adminnetworkpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.networking.policy.v1alpha1.AdminNetworkPolicy" + "$ref": "#/components/schemas/io.openshift.operator.v1.DNS" }, "type": "array" }, @@ -282547,14 +226403,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy.networking.k8s.io", - "kind": "AdminNetworkPolicyList", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "DNSList", + "version": "v1" } ] }, - "policy.networking.k8s.io/v1alpha1/BaselineAdminNetworkPolicy": { - "description": "BaselineAdminNetworkPolicy is a cluster level resource that is part of the\nAdminNetworkPolicy API.", + "operator.openshift.io/v1/Etcd": { + "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -282574,943 +226430,317 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of BaselineAdminNetworkPolicy.", "properties": { - "egress": { - "description": "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core", + "controlPlaneHardwareSpeed": { + "description": "HardwareSpeed allows user to change the etcd tuning profile which configures\nthe latency parameters for heartbeat interval and leader election timeouts\nallowing the cluster to tolerate longer round-trip-times between etcd members.\nValid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", + "enum": [ + "", + "Standard", + "Slower" + ], + "type": "string" + }, + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "items": { - "description": "BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a BaselineAdminNetworkPolicy's\nSubject field.\n", + "description": "OperatorCondition is just the standard condition fields.", "properties": { - "action": { - "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core", - "enum": [ - "Allow", - "Deny" - ], + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", "type": "string" }, - "name": { - "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core", - "maxLength": 100, + "message": { "type": "string" }, - "ports": { - "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.", - "items": { - "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namedPort": { - "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", - "type": "string" - }, - "portNumber": { - "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", - "properties": { - "port": { - "description": "Number defines a network port value.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - } - }, - "required": [ - "port", - "protocol" - ], - "type": "object" - }, - "portRange": { - "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", - "properties": { - "end": { - "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - }, - "start": { - "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "end", - "start" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 100, - "type": "array" + "reason": { + "type": "string" }, - "to": { - "description": "To is the list of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namespaces": { - "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "networks": { - "description": "Networks defines a way to select peers via CIDR blocks.\nThis is intended for representing entities that live outside the cluster,\nwhich can't be selected by pods, namespaces and nodes peers, but note\nthat cluster-internal traffic will be checked against the rule as\nwell. So if you Allow or Deny traffic to `\"0.0.0.0/0\"`, that will allow\nor deny all IPv4 pod-to-pod traffic as well. If you don't want that,\nadd a rule that Passes all pod traffic before the Networks rule.\n\n\nEach item in Networks should be provided in the CIDR format and should be\nIPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".\n\n\nNetworks can have upto 25 CIDRs specified.\n\n\nSupport: Extended\n\n\n", - "items": { - "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", - "maxLength": 43, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "Invalid CIDR format provided", - "rule": "isCIDR(self)" - }, - { - "message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported", - "rule": "self.contains(':') != self.contains('.')" - } - ] - }, - "maxItems": 25, - "minItems": 1, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "nodes": { - "description": "Nodes defines a way to select a set of nodes in\nthe cluster. This field follows standard label selector\nsemantics; if present but empty, it selects all Nodes.\n\n\nSupport: Extended\n\n\n", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pods": { - "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 100, - "minItems": 1, - "type": "array" + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" } }, "required": [ - "action", - "to" + "lastTransitionTime", + "status", + "type" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes", - "rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" - } - ] + "type": "object" }, - "maxItems": 100, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "ingress": { - "description": "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core", + "controlPlaneHardwareSpeed": { + "description": "ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels", + "enum": [ + "", + "Standard", + "Slower" + ], + "type": "string" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "items": { - "description": "BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by a BaselineAdminNetworkPolicy's\nSubject field.", + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", "properties": { - "action": { - "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core", - "enum": [ - "Allow", - "Deny" - ], + "group": { + "description": "group is the group of the thing you're tracking", "type": "string" }, - "from": { - "description": "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namespaces": { - "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pods": { - "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", - "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 100, - "minItems": 1, - "type": "array" + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" }, "name": { - "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core", - "maxLength": 100, + "description": "name is the name of the thing you're tracking", "type": "string" }, - "ports": { - "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", - "items": { - "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namedPort": { - "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", - "type": "string" - }, - "portNumber": { - "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", - "properties": { - "port": { - "description": "Number defines a network port value.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - } - }, - "required": [ - "port", - "protocol" - ], - "type": "object" - }, - "portRange": { - "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", - "properties": { - "end": { - "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", - "type": "string" - }, - "start": { - "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", - "format": "int32", - "maximum": 65535, - "minimum": 1, - "type": "integer" - } - }, - "required": [ - "end", - "start" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 100, - "type": "array" + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" } }, "required": [ - "action", - "from" + "group", + "name", + "namespace", + "resource" ], "type": "object" }, - "maxItems": 100, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "subject": { - "description": "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core", - "maxProperties": 1, - "minProperties": 1, - "properties": { - "namespaces": { - "description": "Namespaces is used to select pods via namespace selectors.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "pods": { - "description": "Pods is used to select pods via namespace AND pod selectors.", - "properties": { - "namespaceSelector": { - "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "podSelector": { - "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "namespaceSelector", - "podSelector" - ], - "type": "object" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" } - }, - "type": "object" - } - }, - "required": [ - "subject" - ], - "type": "object" - }, - "status": { - "description": "Status is the status to be reported by the implementation.", - "properties": { - "conditions": { + ] + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer" + }, + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "format": "int32", "type": "integer" }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "format": "date-time", "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer" + }, + "nodeName": { + "description": "nodeName is the name of the node", "type": "string" + }, + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", + "format": "int32", + "type": "integer" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "nodeName" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "fieldPath": ".currentRevision", + "message": "cannot be unset once set", + "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" + }, + { + "fieldPath": ".currentRevision", + "message": "currentRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.currentRevision)" + }, + { + "fieldPath": ".targetRevision", + "message": "targetRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.targetRevision)" + } + ] }, "type": "array", "x-kubernetes-list-map-keys": [ - "type" + "nodeName" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "no more than 1 node status may have a nonzero targetRevision", + "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } }, - "required": [ - "conditions" - ], "type": "object" } }, "required": [ - "metadata", "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy.networking.k8s.io", - "kind": "BaselineAdminNetworkPolicy", - "version": "v1alpha1" - } - ] - }, - "policy.networking.k8s.io/v1alpha1/BaselineAdminNetworkPolicyList": { - "description": "BaselineAdminNetworkPolicyList is a list of BaselineAdminNetworkPolicy", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of baselineadminnetworkpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.networking.policy.v1alpha1.BaselineAdminNetworkPolicy" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "policy.networking.k8s.io", - "kind": "BaselineAdminNetworkPolicyList", - "version": "v1alpha1" - } - ] - }, - "policy/v1/Eviction": { - "description": "Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods//evictions.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "deleteOptions": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" - } - ], - "description": "DeleteOptions may be provided" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "ObjectMeta describes the pod that is being evicted." - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "policy", - "kind": "Eviction", - "version": "v1" - } - ] - }, - "policy/v1/PodDisruptionBudget": { - "description": "PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudgetSpec" - } - ], - "default": {}, - "description": "Specification of the desired behavior of the PodDisruptionBudget." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudgetStatus" - } - ], - "default": {}, - "description": "Most recently observed status of the PodDisruptionBudget." - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "policy", - "kind": "PodDisruptionBudget", + "group": "operator.openshift.io", + "kind": "Etcd", "version": "v1" } ] }, - "policy/v1/PodDisruptionBudgetList": { - "description": "PodDisruptionBudgetList is a collection of PodDisruptionBudgets.", + "operator.openshift.io/v1/EtcdList": { + "description": "EtcdList is a list of Etcd", "namespaced": true, "properties": { "apiVersion": { @@ -283518,14 +226748,9 @@ "type": "string" }, "items": { - "description": "Items is a list of PodDisruptionBudgets", + "description": "List of etcds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudget" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.operator.v1.Etcd" }, "type": "array" }, @@ -283539,8 +226764,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -283549,14 +226773,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "policy", - "kind": "PodDisruptionBudgetList", + "group": "operator.openshift.io", + "kind": "EtcdList", "version": "v1" } ] }, - "pool.kubevirt.io/v1alpha1/VirtualMachinePool": { - "description": "VirtualMachinePool resource contains a VirtualMachine configuration\nthat can be used to replicate multiple VirtualMachine resources.", + "operator.openshift.io/v1/IngressController": { + "description": "IngressController describes a managed ingress controller for the cluster. The\ncontroller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is\ncreated to allow external traffic to reach the services that expose Ingress\nor Route resources. Updating this resource may lead to disruption for public\nfacing network connections as a new ingress controller revision may be rolled\nout.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each\nfield for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -283576,68 +226800,1010 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { + "description": "spec is the specification of the desired behavior of the IngressController.", "properties": { - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" + "clientTLS": { + "description": "clientTLS specifies settings for requesting and verifying client\ncertificates, which can be used to enable mutual TLS for\nedge-terminated and reencrypt routes.", + "properties": { + "allowedSubjectPatterns": { + "description": "allowedSubjectPatterns specifies a list of regular expressions that\nshould be matched against the distinguished name on a valid client\ncertificate to filter requests. The regular expressions must use\nPCRE syntax. If this list is empty, no filtering is performed. If\nthe list is nonempty, then at least one pattern must match a client\ncertificate's distinguished name or else the ingress controller\nrejects the certificate and denies the connection.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { + "clientCA": { + "description": "clientCA specifies a configmap containing the PEM-encoded CA\ncertificate bundle that should be used to verify a client's\ncertificate. The administrator must create this configmap in the\nopenshift-config namespace.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "clientCertificatePolicy": { + "description": "clientCertificatePolicy specifies whether the ingress controller\nrequires clients to provide certificates. This field accepts the\nvalues \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for\nedge-terminated and reencrypt TLS routes; it cannot check\ncertificates for cleartext HTTP or passthrough TLS routes.", + "enum": [ + "", + "Required", + "Optional" + ], "type": "string" } + }, + "required": [ + "clientCA", + "clientCertificatePolicy" ], - "description": "(Defaults to 100%) Integer or string pointer, that when set represents either a percentage or number of VMs in a pool that can be unavailable (ready condition false) at a time during automated update.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "nameGeneration": { - "description": "Options for the name generation in a pool.", + "closedClientConnectionPolicy": { + "default": "Continue", + "description": "closedClientConnectionPolicy controls how the IngressController\nbehaves when the client closes the TCP connection while the TLS\nhandshake or HTTP request is in progress. This option maps directly\nto HAProxy\u2019s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\".\nThe default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake\nif it is in progress, and it will not send an HTTP request to the backend server\nif the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake\nif it is in progress, or send an HTTP request to the backend server\nand wait for the backend server's response, regardless of\nwhether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation\nfor connections the client has already closed, and can reduce request queue\nsize, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", + "enum": [ + "Abort", + "Continue" + ], + "type": "string" + }, + "defaultCertificate": { + "description": "defaultCertificate is a reference to a secret containing the default\ncertificate served by the ingress controller. When Routes don't specify\ntheir own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The\ncertificate is valid for the ingress controller domain (and subdomains) and\nthe generated certificate's CA will be automatically integrated with the\ncluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple\nHTTP/2 enabled routes (which implies ALPN) then clients\n(i.e., notably browsers) are at liberty to reuse open\nconnections. This means a client can reuse a connection to\nanother route and that is likely to fail. This behaviour is\ngenerally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be\nautomatically integrated with OpenShift's built-in OAuth server.", "properties": { - "appendIndexToConfigMapRefs": { - "type": "boolean" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "domain": { + "description": "domain is a DNS name serviced by the ingress controller and is used to\nconfigure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be\nupdated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", + "type": "string" + }, + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is used to publish the ingress controller\nendpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on\ninfrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", + "properties": { + "hostNetwork": { + "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing\nstrategy. Present only if type is HostNetwork.", + "properties": { + "httpPort": { + "default": 80, + "description": "httpPort is the port on the host which should be used to listen for\nHTTP requests. This field should be set when port 80 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 80.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "httpsPort": { + "default": 443, + "description": "httpsPort is the port on the host which should be used to listen for\nHTTPS requests. This field should be set when port 443 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 443.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + }, + "statsPort": { + "default": 1936, + "description": "statsPort is the port on the host where the stats from the router are\npublished. The value should not coincide with the NodePort range of the\ncluster. If an external load balancer is configured to forward connections\nto this IngressController, the load balancer should use this port for\nhealth checks. The load balancer can send HTTP probes on this port on a\ngiven node, with the path /healthz/ready to determine if the ingress\ncontroller is ready to receive traffic on the node. For proper operation\nthe load balancer must not forward traffic to a node until the health\ncheck reports ready. The load balancer should also stop forwarding requests\nwithin a maximum of 45 seconds after /healthz/ready starts reporting\nnot-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with\na threshold of two successful or failed requests to become healthy or\nunhealthy respectively, are well-tested values. When the value is 0 or\nis not specified it defaults to 1936.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" }, - "appendIndexToSecretRefs": { - "type": "boolean" + "loadBalancer": { + "description": "loadBalancer holds parameters for the load balancer. Present only if\ntype is LoadBalancerService.", + "properties": { + "allowedSourceRanges": { + "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which\naccess to the load balancer should be restricted. Each range must be\nspecified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is\nspecified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default,\nwhich allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did\nnot have the allowedSourceRanges field, you may set the\nservice.beta.kubernetes.io/load-balancer-source-ranges annotation on\nthe \"router-\" service in the\n\"openshift-ingress\" namespace, and this annotation will take\neffect if allowedSourceRanges is empty on OpenShift 4.12.", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\"\nor \"fd00::/8\").", + "pattern": "(^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dnsManagementPolicy": { + "default": "Managed", + "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record\nassociated with the load balancer service will be managed by\nthe ingress operator. It defaults to Managed.\nValid values are: Managed and Unmanaged.", + "enum": [ + "Managed", + "Unmanaged" + ], + "type": "string" + }, + "providerParameters": { + "description": "providerParameters holds desired load balancer information specific to\nthe underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters\nfields for details about their defaults.", + "properties": { + "aws": { + "description": "aws provides configuration settings that are specific to AWS\nload balancers.\n\nIf empty, defaults will be applied. See specific aws fields for\ndetails about their defaults.", + "properties": { + "classicLoadBalancer": { + "description": "classicLoadBalancerParameters holds configuration parameters for an AWS\nclassic load balancer. Present only if type is Classic.", + "properties": { + "connectionIdleTimeout": { + "description": "connectionIdleTimeout specifies the maximum time period that a\nconnection may be idle before the load balancer closes the\nconnection. The value must be parseable as a time duration value;\nsee . A nil or zero value\nmeans no opinion, in which case a default value is used. The default\nvalue for this field is 60s. This default is subject to change.", + "format": "duration", + "type": "string" + }, + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", + "properties": { + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", + "items": { + "description": "AWSSubnetID is a reference to an AWS subnet ID.", + "maxLength": 24, + "minLength": 24, + "pattern": "^subnet-[0-9A-Za-z]+$", + "type": "string" + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet ids cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + }, + "names": { + "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", + "items": { + "description": "AWSSubnetName is a reference to an AWS subnet name.", + "maxLength": 256, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "subnet name cannot contain a comma", + "rule": "!self.contains(',')" + }, + { + "message": "subnet name cannot start with 'subnet-'", + "rule": "!self.startsWith('subnet-')" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet names cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "the total number of subnets cannot exceed 10", + "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" + }, + { + "message": "must specify at least 1 subnet name or id", + "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" + } + ] + } + }, + "type": "object" + }, + "networkLoadBalancer": { + "description": "networkLoadBalancerParameters holds configuration parameters for an AWS\nnetwork load balancer. Present only if type is NLB.", + "properties": { + "eipAllocations": { + "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that\nare assigned to the Network Load Balancer.\nThe following restrictions apply:\n\neipAllocations can only be used with external scope, not internal.\nAn EIP can be allocated to only a single IngressController.\nThe number of EIP allocations must match the number of subnets that are used for the load balancer.\nEach EIP allocation must be unique.\nA maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general\ninformation about configuration, characteristics, and limitations of Elastic IP addresses.", + "items": { + "description": "EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.\nValues must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.", + "maxLength": 26, + "minLength": 26, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "eipAllocations should start with 'eipalloc-'", + "rule": "self.startsWith('eipalloc-')" + }, + { + "message": "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)", + "rule": "self.split(\"-\", 2)[1].matches('[0-9a-fA-F]{17}$')" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "eipAllocations cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + }, + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", + "properties": { + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", + "items": { + "description": "AWSSubnetID is a reference to an AWS subnet ID.", + "maxLength": 24, + "minLength": 24, + "pattern": "^subnet-[0-9A-Za-z]+$", + "type": "string" + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet ids cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + }, + "names": { + "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", + "items": { + "description": "AWSSubnetName is a reference to an AWS subnet name.", + "maxLength": 256, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "subnet name cannot contain a comma", + "rule": "!self.contains(',')" + }, + { + "message": "subnet name cannot start with 'subnet-'", + "rule": "!self.startsWith('subnet-')" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet names cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "the total number of subnets cannot exceed 10", + "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" + }, + { + "message": "must specify at least 1 subnet name or id", + "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.ids) && has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids + self.subnets.names) == size(self.eipAllocations) : true" + }, + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.ids) && !has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids) == size(self.eipAllocations) : true" + }, + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.names) && !has(self.subnets.ids) && has(self.eipAllocations) ? size(self.subnets.names) == size(self.eipAllocations) : true" + } + ] + }, + "type": { + "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "enum": [ + "Classic", + "NLB" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "gcp": { + "description": "gcp provides configuration settings that are specific to GCP\nload balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for\ndetails about their defaults.", + "properties": { + "clientAccess": { + "description": "clientAccess describes how client access is restricted for internal\nload balancers.\n\nValid values are:\n* \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", + "enum": [ + "Global", + "Local" + ], + "type": "string" + } + }, + "type": "object" + }, + "ibm": { + "description": "ibm provides configuration settings that are specific to IBM Cloud\nload balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for\ndetails about their defaults.", + "properties": { + "protocol": { + "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to\nthe IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:\n\"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is TCP, without the proxy protocol enabled.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "openstack": { + "description": "openstack provides configuration settings that are specific to OpenStack\nload balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for\ndetails about their defaults.", + "properties": { + "floatingIP": { + "description": "floatingIP specifies the IP address that the load balancer will use.\nWhen not specified, an IP address will be assigned randomly by the OpenStack cloud provider.\nWhen specified, the floating IP has to be pre-created. If the\nspecified value is not a floating IP or is already claimed, the\nOpenStack cloud provider won't be able to provision the load\nbalancer.\nThis field may only be used if the IngressController has External scope.\nThis value must be a valid IPv4 or IPv6 address.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "floatingIP must be a valid IPv4 or IPv6 address", + "rule": "isIP(self)" + } + ] + } + }, + "type": "object" + }, + "type": { + "description": "type is the underlying infrastructure provider for the load balancer.\nAllowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\",\n\"OpenStack\", and \"VSphere\".", + "enum": [ + "AWS", + "Azure", + "BareMetal", + "GCP", + "Nutanix", + "OpenStack", + "VSphere", + "IBM" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "openstack is not permitted when type is not OpenStack", + "rule": "has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)" + } + ] + }, + "scope": { + "description": "scope indicates the scope at which the load balancer is exposed.\nPossible values are \"External\" and \"Internal\".", + "enum": [ + "Internal", + "External" + ], + "type": "string" + } + }, + "required": [ + "dnsManagementPolicy", + "scope" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "eipAllocations are forbidden when the scope is Internal.", + "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)" + }, + { + "message": "cannot specify a floating ip when scope is internal", + "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == \"\"" + } + ] + }, + "nodePort": { + "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy.\nPresent only if type is NodePortService.", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "private": { + "description": "private holds parameters for the Private endpoint publishing\nstrategy. Present only if type is Private.", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the\nLoadBalancer Service's external name. DNS records are managed only in DNS\nzones defined by dns.config.openshift.io/cluster .spec.publicZone and\n.spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure,\nand GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller\nis deployed.\n\nIn this configuration, the ingress controller deployment uses host\nnetworking, bound to node ports 80 and 443. The user is responsible for\nconfiguring an external load balancer to publish the ingress controller via\nthe node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking, and is not explicitly published. The user must manually publish\nthe ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A NodePort Service is created to publish the deployment. The\nspecific node ports are dynamically allocated by OpenShift; however, to\nsupport static port allocations, user changes to the node port\nfield of the managed NodePort Service will preserved.", + "enum": [ + "LoadBalancerService", + "HostNetwork", + "Private", + "NodePortService" + ], + "type": "string" } }, + "required": [ + "type" + ], "type": "object" }, - "paused": { - "description": "Indicates that the pool is paused.", - "type": "boolean" + "httpCompression": { + "description": "httpCompression defines a policy for HTTP traffic compression.\nBy default, there is no HTTP compression.", + "properties": { + "mimeTypes": { + "description": "mimeTypes is a list of MIME types that should have compression applied.\nThis list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources\nto try to compress if instructed to. Generally speaking, text (html, css, js, etc.)\nformats benefit from compression, but formats that are already compressed (image,\naudio, video, etc.) benefit little in exchange for the time and cpu spent on compressing\nagain. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", + "items": { + "description": "CompressionMIMEType defines the format of a single MIME type.\nE.g. \"text/css; charset=utf-8\", \"text/html\", \"text/*\", \"image/svg+xml\",\n\"application/octet-stream\", \"X-custom/customsub\", etc.\n\nThe format should follow the Content-Type definition in RFC 1341:\nContent-Type := type \"/\" subtype *[\";\" parameter]\n - The type in Content-Type can be one of:\n application, audio, image, message, multipart, text, video, or a custom\n type preceded by \"X-\" and followed by a token as defined below.\n - The token is a string of at least one character, and not containing white\n space, control characters, or any of the characters in the tspecials set.\n - The tspecials set contains the characters ()<>@,;:\\\"/[]?.=\n - The subtype in Content-Type is also a token.\n - The optional parameter/s following the subtype are defined as:\n token \"=\" (token / quoted-string)\n - The quoted-string, as defined in RFC 822, is surrounded by double quotes\n and can contain white space plus any character EXCEPT \\, \", and CR.\n It can also contain any single ASCII character as long as it is escaped by \\.", + "pattern": "^(?i)(x-[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+(; *[^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+=([^][ ()\\\\<>@,;:\"/?.=\\x00-\\x1F\\x7F]+|\"(\\\\[\\x00-\\x7F]|[^\\x0D\"\\\\])*\"))*$", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "httpEmptyRequestsPolicy": { + "default": "Respond", + "description": "httpEmptyRequestsPolicy describes how HTTP connections should be\nhandled if the connection times out before a request is received.\nAllowed values for this field are \"Respond\" and \"Ignore\". If the\nfield is set to \"Respond\", the ingress controller sends an HTTP 400\nor 408 response, logs the connection (if access logging is enabled),\nand counts the connection in the appropriate metrics. If the field\nis set to \"Ignore\", the ingress controller closes the connection\nwithout sending a response, logging the connection, or incrementing\nmetrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes\nor Web browsers' speculative connections (\"preconnect\") and can be\nsafely ignored. However, these requests may also be caused by\nnetwork errors, and so setting this field to \"Ignore\" may impede\ndetection and diagnosis of problems. In addition, these requests may\nbe caused by port scans, in which case logging empty requests may aid\nin detecting intrusion attempts.", + "enum": [ + "Respond", + "Ignore" + ], + "type": "string" + }, + "httpErrorCodePages": { + "description": "httpErrorCodePages specifies a configmap with custom error pages.\nThe administrator must create this configmap in the openshift-config namespace.\nThis configmap should have keys in the format \"error-page-.http\",\nwhere is an HTTP error code.\nFor example, \"error-page-503.http\" defines an error page for HTTP 503 responses.\nCurrently only error pages for 503 and 404 responses can be customized.\nEach value in the configmap should be the full response, including HTTP headers.\nEg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http\nIf this field is empty, the ingress controller uses the default error pages.", + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "properties": { + "actions": { + "description": "actions specifies options for modifying headers and their values.\nNote that this option only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). Headers cannot be modified for TLS passthrough\nconnections.\nSetting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security`\nmay only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in\naccordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.\nAny actions defined here are applied after any actions related to the following other fields:\ncache-control, spec.clientTLS,\nspec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,\nand spec.httpHeaders.headerNameCaseAdjustments.\nIn case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after\nthe actions specified in the IngressController's spec.httpHeaders.actions field.\nIn case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be\nexecuted after the actions specified in the Route's spec.httpHeaders.actions field.\nHeaders set using this API cannot be captured for use in access logs.\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController. Please refer to the documentation\nfor that API field for more details.", + "properties": { + "request": { + "description": "request is a list of HTTP request headers to modify.\nActions defined here will modify the request headers of all requests passing through an ingress controller.\nThese actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.\nIngressController actions for request headers will be executed before Route actions.\nCurrently, actions may define to either `Set` or `Delete` headers values.\nActions are applied in sequence as defined in this list.\nA maximum of 20 request header actions may be configured.\nSample fetchers allowed are \"req.hdr\" and \"ssl_c_der\".\nConverters allowed are \"lower\" and \"base64\".\nExample header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "items": { + "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "properties": { + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "properties": { + "set": { + "description": "set specifies how the HTTP header should be set.\nThis field is required when type is Set and forbidden otherwise.", + "properties": { + "value": { + "description": "value specifies a header value.\nDynamic values can be added. The value will be interpreted as an HAProxy format string as defined in\nhttp://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and\notherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.\nThe value of this field must be no more than 16384 characters in length.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController.", + "maxLength": 16384, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "type": { + "description": "type defines the type of the action to be applied on the header.\nPossible values are Set or Delete.\nSet allows you to set HTTP request and response headers.\nDelete allows you to delete HTTP request and response headers.", + "enum": [ + "Set", + "Delete" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "set is required when type is Set, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)" + } + ] + }, + "name": { + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.\nThe name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\".\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nIt must be no more than 255 characters in length.\nHeader name must be unique.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "strict-transport-security header may not be modified via header actions", + "rule": "self.lowerAscii() != 'strict-transport-security'" + }, + { + "message": "proxy header may not be modified via header actions", + "rule": "self.lowerAscii() != 'proxy'" + }, + { + "message": "host header may not be modified via header actions", + "rule": "self.lowerAscii() != 'host'" + }, + { + "message": "cookie header may not be modified via header actions", + "rule": "self.lowerAscii() != 'cookie'" + }, + { + "message": "set-cookie header may not be modified via header actions", + "rule": "self.lowerAscii() != 'set-cookie'" + } + ] + } + }, + "required": [ + "action", + "name" + ], + "type": "object" + }, + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64.", + "rule": "self.all(key, key.action.type == \"Delete\" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\\\{[-+]?[QXE](?:,[-+]?[QXE])*\\\\})?\\\\[(?:req\\\\.hdr\\\\([0-9A-Za-z-]+\\\\)|ssl_c_der)(?:,(?:lower|base64))*\\\\])|[^%[:cntrl:]])+$')))" + } + ] + }, + "response": { + "description": "response is a list of HTTP response headers to modify.\nActions defined here will modify the response headers of all requests passing through an ingress controller.\nThese actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster.\nIngressController actions for response headers will be executed after Route actions.\nCurrently, actions may define to either `Set` or `Delete` headers values.\nActions are applied in sequence as defined in this list.\nA maximum of 20 response header actions may be configured.\nSample fetchers allowed are \"res.hdr\" and \"ssl_c_der\".\nConverters allowed are \"lower\" and \"base64\".\nExample header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "items": { + "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "properties": { + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "properties": { + "set": { + "description": "set specifies how the HTTP header should be set.\nThis field is required when type is Set and forbidden otherwise.", + "properties": { + "value": { + "description": "value specifies a header value.\nDynamic values can be added. The value will be interpreted as an HAProxy format string as defined in\nhttp://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and\notherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.\nThe value of this field must be no more than 16384 characters in length.\nNote that the total size of all net added headers *after* interpolating dynamic values\nmust not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the\nIngressController.", + "maxLength": 16384, + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "type": { + "description": "type defines the type of the action to be applied on the header.\nPossible values are Set or Delete.\nSet allows you to set HTTP request and response headers.\nDelete allows you to delete HTTP request and response headers.", + "enum": [ + "Set", + "Delete" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "set is required when type is Set, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)" + } + ] + }, + "name": { + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.\nThe name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\".\nThe following header names are reserved and may not be modified via this API:\nStrict-Transport-Security, Proxy, Host, Cookie, Set-Cookie.\nIt must be no more than 255 characters in length.\nHeader name must be unique.", + "maxLength": 255, + "minLength": 1, + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "strict-transport-security header may not be modified via header actions", + "rule": "self.lowerAscii() != 'strict-transport-security'" + }, + { + "message": "proxy header may not be modified via header actions", + "rule": "self.lowerAscii() != 'proxy'" + }, + { + "message": "host header may not be modified via header actions", + "rule": "self.lowerAscii() != 'host'" + }, + { + "message": "cookie header may not be modified via header actions", + "rule": "self.lowerAscii() != 'cookie'" + }, + { + "message": "set-cookie header may not be modified via header actions", + "rule": "self.lowerAscii() != 'set-cookie'" + } + ] + } + }, + "required": [ + "action", + "name" + ], + "type": "object" + }, + "maxItems": 20, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64.", + "rule": "self.all(key, key.action.type == \"Delete\" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\\\{[-+]?[QXE](?:,[-+]?[QXE])*\\\\})?\\\\[(?:res\\\\.hdr\\\\([0-9A-Za-z-]+\\\\)|ssl_c_der)(?:,(?:lower|base64))*\\\\])|[^%[:cntrl:]])+$')))" + } + ] + } + }, + "type": "object" + }, + "forwardedHeaderPolicy": { + "description": "forwardedHeaderPolicy specifies when and how the IngressController\nsets the Forwarded, X-Forwarded-For, X-Forwarded-Host,\nX-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version\nHTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "enum": [ + "Append", + "Replace", + "IfNone", + "Never" + ], + "type": "string" + }, + "headerNameCaseAdjustments": { + "description": "headerNameCaseAdjustments specifies case adjustments that can be\napplied to HTTP header names. Each adjustment is specified as an\nHTTP header name with the desired capitalization. For example,\nspecifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\"\nHTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and\nre-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes\nthat have the haproxy.router.openshift.io/h1-adjust-case=true\nannotation. For response headers, these adjustments are applied to\nall HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "items": { + "description": "IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header\n(for example, \"X-Forwarded-For\") in the desired capitalization. The value\nmust be a valid HTTP header name as defined in RFC 2616 section 4.2.", + "maxLength": 1024, + "minLength": 0, + "pattern": "^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "uniqueId": { + "description": "uniqueId describes configuration for a custom HTTP header that the\ningress controller should inject into incoming HTTP requests.\nTypically, this header is configured to have a value that is unique\nto the HTTP request. The header can be used by applications or\nincluded in access logs to facilitate tracing individual HTTP\nrequests.\n\nIf this field is empty, no such header is injected into requests.", + "properties": { + "format": { + "description": "format specifies the format for the injected HTTP header's value.\nThis field has no effect unless name is specified. For the\nHAProxy-based ingress controller implementation, this format uses the\nsame syntax as the HTTP log format. If the field is empty, the\ndefault value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the\ncorresponding HAProxy documentation:\nhttp://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", + "maxLength": 1024, + "minLength": 0, + "pattern": "^(%(%|(\\{[-+]?[QXE](,[-+]?[QXE])*\\})?([A-Za-z]+|\\[[.0-9A-Z_a-z]+(\\([^)]+\\))?(,[.0-9A-Z_a-z]+(\\([^)]+\\))?)*\\]))|[^%[:cntrl:]])*$", + "type": "string" + }, + "name": { + "description": "name specifies the name of the HTTP header (for example, \"unique-id\")\nthat the ingress controller should inject into HTTP requests. The\nfield's value must be a valid HTTP header name as defined in RFC 2616\nsection 4.2. If the field is empty, no header is injected.", + "maxLength": 1024, + "minLength": 0, + "pattern": "^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" }, - "replicas": { - "description": "Number of desired pods. This is a pointer to distinguish between explicit\nzero and not specified. Defaults to 1.", - "format": "int32", - "type": "integer" + "idleConnectionTerminationPolicy": { + "default": "Immediate", + "description": "idleConnectionTerminationPolicy maps directly to HAProxy's\nidle-close-on-response option and controls whether HAProxy\nkeeps idle frontend connections open during a soft stop\n(router reload).\n\nAllowed values for this field are \"Immediate\" and\n\"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed\nimmediately during router reloads. This ensures immediate\npropagation of route changes but may impact clients\nsensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle\nconnections during a soft reload instead of closing them\nimmediately. These connections remain open until any of the\nfollowing occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load\nbalancers that do not properly handle connection resets.\nAdditionally, this option allows you to retain the pre-2.4\nHAProxy behaviour: in HAProxy version 2.2 (OpenShift\nversions < 4.14), maintaining idle connections during a\nsoft reload was the default behaviour, but starting with\nHAProxy 2.4, the default changed to closing idle\nconnections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", + "enum": [ + "Immediate", + "Deferred" + ], + "type": "string" }, - "scaleInStrategy": { - "description": "ScaleInStrategy specifies how the VMPool controller manages scaling in VMs within a VMPool", + "logging": { + "description": "logging defines parameters for what should be logged where. If this\nfield is empty, operational logs are enabled but access logs are\ndisabled.", "properties": { - "proactive": { - "description": "Proactive scale-in by forcing VMs to shutdown during scale-in (Default)", + "access": { + "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", "properties": { - "selectionPolicy": { - "description": "SelectionPolicy defines the priority in which VM instances are selected for proactive scale-in\nDefaults to \"Random\" base policy when no SelectionPolicy is configured", + "destination": { + "description": "destination is where access logs go.", "properties": { - "basePolicy": { - "description": "BasePolicy is a catch-all policy [Random|DescendingOrder]", + "container": { + "description": "container holds parameters for the Container logging destination.\nPresent only if type is Container.", + "properties": { + "maxLength": { + "default": 1024, + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", + "format": "int32", + "maximum": 8192, + "minimum": 480, + "type": "integer" + } + }, + "type": "object" + }, + "syslog": { + "description": "syslog holds parameters for a syslog endpoint. Present only if\ntype is Syslog.", + "oneOf": [ + { + "properties": { + "address": { + "format": "ipv4" + } + } + }, + { + "properties": { + "address": { + "format": "ipv6" + } + } + } + ], + "properties": { + "address": { + "description": "address is the IP address of the syslog endpoint that receives log\nmessages.", + "type": "string" + }, + "facility": { + "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", + "enum": [ + "kern", + "user", + "mail", + "daemon", + "auth", + "syslog", + "lpr", + "news", + "uucp", + "cron", + "auth2", + "ftp", + "ntp", + "audit", + "alert", + "cron2", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7" + ], + "type": "string" + }, + "maxLength": { + "default": 1024, + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", + "format": "int32", + "maximum": 4096, + "minimum": 480, + "type": "integer" + }, + "port": { + "description": "port is the UDP port number of the syslog endpoint that receives log\nmessages.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "address", + "port" + ], + "type": "object" + }, + "type": { + "description": "type is the type of destination for logs. It must be one of the\nfollowing:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on\nthe ingress controller pod and configures the ingress controller to\nwrite logs to the sidecar. The logs are then available as container\nlogs. The expectation is that the administrator configures a custom\nlogging solution that reads logs from this sidecar. Note that using\ncontainer logs means that logs may be dropped if the rate of logs\nexceeds the container runtime's or the custom logging solution's\ncapacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify\nan endpoint that can receive syslog messages. The expectation is\nthat the administrator has configured a custom syslog instance.", "enum": [ - "Random", - "DescendingOrder" + "Container", + "Syslog" ], "type": "string" } }, + "required": [ + "type" + ], + "type": "object" + }, + "httpCaptureCookies": { + "description": "httpCaptureCookies specifies HTTP cookies that should be captured in\naccess logs. If this field is empty, no cookies are captured.", + "items": { + "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be\ncaptured.", + "properties": { + "matchType": { + "description": "matchType specifies the type of match to be performed on the cookie\nname. Allowed values are \"Exact\" for an exact string match and\n\"Prefix\" for a string prefix match. If \"Exact\" is specified, a name\nmust be specified in the name field. If \"Prefix\" is provided, a\nprefix must be specified in the namePrefix field. For example,\nspecifying matchType \"Prefix\" and namePrefix \"foo\" will capture a\ncookie named \"foo\" or \"foobar\" but not one named \"bar\". The first\nmatching cookie is captured.", + "enum": [ + "Exact", + "Prefix" + ], + "type": "string" + }, + "maxLength": { + "description": "maxLength specifies a maximum length of the string that will be\nlogged, which includes the cookie name, cookie value, and\none-character delimiter. If the log entry exceeds this length, the\nvalue will be truncated in the log message. Note that the ingress\ncontroller may impose a separate bound on the total length of HTTP\nheaders in a request.", + "maximum": 1024, + "minimum": 1, + "type": "integer" + }, + "name": { + "description": "name specifies a cookie name. Its value must be a valid HTTP cookie\nname as defined in RFC 6265 section 4.1.", + "maxLength": 1024, + "minLength": 0, + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$", + "type": "string" + }, + "namePrefix": { + "description": "namePrefix specifies a cookie name prefix. Its value must be a valid\nHTTP cookie name as defined in RFC 6265 section 4.1.", + "maxLength": 1024, + "minLength": 0, + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$", + "type": "string" + } + }, + "required": [ + "matchType", + "maxLength" + ], + "type": "object" + }, + "maxItems": 1, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "httpCaptureHeaders": { + "description": "httpCaptureHeaders defines HTTP headers that should be captured in\naccess logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). Headers cannot be captured for TLS passthrough\nconnections.", + "properties": { + "request": { + "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "items": { + "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be\ncaptured.", + "properties": { + "maxLength": { + "description": "maxLength specifies a maximum length for the header value. If a\nheader value exceeds this length, the value will be truncated in the\nlog message. Note that the ingress controller may impose a separate\nbound on the total length of HTTP headers in a request.", + "minimum": 1, + "type": "integer" + }, + "name": { + "description": "name specifies a header name. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.", + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string" + } + }, + "required": [ + "maxLength", + "name" + ], + "type": "object" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "response": { + "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", + "items": { + "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be\ncaptured.", + "properties": { + "maxLength": { + "description": "maxLength specifies a maximum length for the header value. If a\nheader value exceeds this length, the value will be truncated in the\nlog message. Note that the ingress controller may impose a separate\nbound on the total length of HTTP headers in a request.", + "minimum": 1, + "type": "integer" + }, + "name": { + "description": "name specifies a header name. Its value must be a valid HTTP header\nname as defined in RFC 2616 section 4.2.", + "pattern": "^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$", + "type": "string" + } + }, + "required": [ + "maxLength", + "name" + ], + "type": "object" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, "type": "object" + }, + "httpLogFormat": { + "description": "httpLogFormat specifies the format of the log message for an HTTP\nrequest.\n\nIf this field is empty, log messages use the implementation's default\nHTTP log format. For HAProxy's default HTTP log format, see the\nHAProxy documentation:\nhttp://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections\nand to secure HTTP connections for which the ingress controller\nterminates encryption (that is, edge-terminated or reencrypt\nconnections). It does not affect the log format for TLS passthrough\nconnections.", + "type": "string" + }, + "logEmptyRequests": { + "default": "Log", + "description": "logEmptyRequests specifies how connections on which no request is\nreceived should be logged. Typically, these empty requests come from\nload balancers' health probes or Web browsers' speculative\nconnections (\"preconnect\"), in which case logging these requests may\nbe undesirable. However, these requests may also be caused by\nnetwork errors, in which case logging empty requests may be useful\nfor diagnosing the errors. In addition, these requests may be caused\nby port scans, in which case logging empty requests may aid in\ndetecting intrusion attempts. Allowed values for this field are\n\"Log\" and \"Ignore\". The default value is \"Log\".", + "enum": [ + "Log", + "Ignore" + ], + "type": "string" } }, + "required": [ + "destination" + ], "type": "object" } }, "type": "object" }, - "selector": { - "description": "Label selector for pods. Existing Poolss whose pods are\nselected by this will be the ones affected by this deployment.", + "namespaceSelector": { + "description": "namespaceSelector is used to filter the set of namespaces serviced by the\ningress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -283681,3857 +227847,4631 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "virtualMachineTemplate": { - "description": "Template describes the VM that will be created.", + "nodePlacement": { + "description": "nodePlacement enables explicit control over the scheduling of the ingress\ncontroller.\n\nIf unset, defaults are used. See NodePlacement for more details.", "properties": { - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "VirtualMachineSpec contains the VirtualMachine specification.", + "nodeSelector": { + "description": "nodeSelector is the node selector applied to ingress controller\ndeployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement\nfield in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only\nnodeSelector.matchLabels may be used. This is a limitation of the\nKubernetes API: the pod spec does not allow complex expressions for\nnode selectors.", "properties": { - "dataVolumeTemplates": { - "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "nullable": true, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "DataVolumeSpec contains the DataVolume specification.", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" - } - }, - "required": [ - "current", - "previous" - ], - "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" - }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" - }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "type": "object" - }, - "status": { - "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", - "nullable": true, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "spec" + "key", + "operator" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "instancetype": { - "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", - "type": "string" - }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to ingress controller\ndeployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "preference": { - "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "replicas": { + "description": "replicas is the desired number of ingress controller replicas. If unset,\nthe default depends on the value of the defaultPlacement field in the\ncluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the\nInfrastructure CR. If defaultPlacement is set to ControlPlane, the\nchosen field will be controlPlaneTopology. If it is set to Workers the\nchosen field will be infrastructureTopology. Replicas will then be set to 1\nor 2 based whether the chosen field's value is SingleReplica or\nHighlyAvailable, respectively.\n\nThese defaults are subject to change.", + "format": "int32", + "type": "integer" + }, + "routeAdmission": { + "description": "routeAdmission defines a policy for handling new route claims (for example,\nto allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields\nfor details about their defaults.", + "properties": { + "namespaceOwnership": { + "description": "namespaceOwnership describes how host name claims across namespaces should\nbe handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "enum": [ + "InterNamespaceAllowed", + "Strict" + ], + "type": "string" + }, + "wildcardPolicy": { + "description": "wildcardPolicy describes how routes with wildcard policies should\nbe handled for the ingress controller. WildcardPolicy controls use\nof routes [1] exposed by the ingress controller based on the route's\nwildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed\nwill cause admitted routes with a wildcard policy of Subdomain to stop\nworking. These routes must be updated to a wildcard policy of None to be\nreadmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", + "enum": [ + "WildcardsAllowed", + "WildcardsDisallowed" + ], + "type": "string" + } + }, + "type": "object" + }, + "routeSelector": { + "description": "routeSelector is used to filter the set of Routes serviced by the ingress\ncontroller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective\nprofile configuration is subject to change between releases. For example, given\na specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade\nto release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress\ncontroller, resulting in a rollout.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "runStrategy": { - "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], "type": "string" + } + }, + "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" + } + }, + "type": "object" + }, + "tuningOptions": { + "anyOf": [ + { + "properties": { + "maxConnections": { + "enum": [ + -1, + 0 + ] + } + } + }, + { + "properties": { + "maxConnections": { + "format": "int32", + "maximum": 2000000, + "minimum": 2000 + } + } + } + ], + "description": "tuningOptions defines parameters for adjusting the performance of\ningress controller pods. All fields are optional and will use their\nrespective defaults if not set. See specific tuningOptions fields for\nmore details.\n\nSetting fields within tuningOptions is generally not recommended. The\ndefault values are suitable for most configurations.", + "properties": { + "clientFinTimeout": { + "description": "clientFinTimeout defines how long a connection will be held open while\nwaiting for the client response to the server/backend closing the\nconnection.\n\nIf unset, the default timeout is 1s", + "format": "duration", + "type": "string" + }, + "clientTimeout": { + "description": "clientTimeout defines how long a connection will be held open while\nwaiting for a client response.\n\nIf unset, the default timeout is 30s", + "format": "duration", + "type": "string" + }, + "connectTimeout": { + "description": "connectTimeout defines the maximum time to wait for\na connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left\nto choose a reasonable default. This default is subject to change over time.\nThe current default is 5s.", + "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "headerBufferBytes": { + "description": "headerBufferBytes describes how much memory should be reserved\n(in bytes) for IngressController connection sessions.\nNote that this value must be at least 16384 if HTTP/2 is\nenabled for the IngressController (https://tools.ietf.org/html/rfc7540).\nIf this field is empty, the IngressController will use a default value\nof 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes\nvalues that are too small may break the IngressController and\nheaderBufferBytes values that are too large could cause the\nIngressController to use significantly more memory than necessary.", + "format": "int32", + "minimum": 16384, + "type": "integer" + }, + "headerBufferMaxRewriteBytes": { + "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved\n(in bytes) from headerBufferBytes for HTTP header rewriting\nand appending for IngressController connection sessions.\nNote that incoming HTTP requests will be limited to\n(headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning\nheaderBufferBytes must be greater than headerBufferMaxRewriteBytes.\nIf this field is empty, the IngressController will use a default value\nof 8192 bytes.\n\nSetting this field is generally not recommended as\nheaderBufferMaxRewriteBytes values that are too small may break the\nIngressController and headerBufferMaxRewriteBytes values that are too\nlarge could cause the IngressController to use significantly more memory\nthan necessary.", + "format": "int32", + "minimum": 4096, + "type": "integer" + }, + "healthCheckInterval": { + "description": "healthCheckInterval defines how long the router waits between two consecutive\nhealth checks on its configured backends. This value is applied globally as\na default for all routes, but may be overridden per-route by the route annotation\n\"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent\nTCP health checks and accompanying SYN packet storms. Alternatively, setting\nthis too high can result in increased latency, due to backend servers that are no\nlonger available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses\na default, which is subject to change over time.\nCurrently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is\n2147483647ms (24.85 days). Both are subject to change over time.", + "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "httpKeepAliveTimeout": { + "description": "httpKeepAliveTimeout defines the maximum allowed time to wait for\na new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional\nfraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\".\nValid time units are \"ms\", \"s\", \"m\".\nThe allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left\nto choose a reasonable default. This default is subject to change over time.\nThe current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections\nfor each request, leading to reduced connection sharing.\nFor HTTP/2, special care should be taken with low values.\nA few seconds is a reasonable starting point to avoid holding idle connections open\nwhile still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle\nconnections to linger longer.", + "maxLength": 16, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "httpKeepAliveTimeout must be a valid duration string composed of an unsigned integer value, optionally followed by a decimal fraction and a unit suffix (ms, s, m)", + "rule": "self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$')" }, - "running": { - "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", - "type": "boolean" + { + "message": "httpKeepAliveTimeout must be less than or equal to 15 minutes", + "rule": "!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) <= duration('15m')" }, - "template": { - "description": "Template is the direct specification of VirtualMachineInstance", - "properties": { - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", - "properties": { - "accessCredentials": { - "description": "Specifies a set of public keys to inject into the vm guest", - "items": { - "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", - "properties": { - "sshPublicKey": { - "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", - "properties": { - "propagationMethod": { - "description": "PropagationMethod represents how the public key is injected into the vm guest.", - "properties": { - "configDrive": { - "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", - "type": "object" - }, - "noCloud": { - "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", - "type": "object" - }, - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "properties": { - "users": { - "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "required": [ - "users" - ], - "type": "object" - } - }, - "type": "object" - }, - "source": { - "description": "Source represents where the public keys are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "propagationMethod", - "source" - ], - "type": "object" - }, - "userPassword": { - "description": "UserPassword represents the source and method for applying a guest user's\npassword", - "properties": { - "propagationMethod": { - "description": "propagationMethod represents how the user passwords are injected into the vm guest.", - "properties": { - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "type": "object" - } - }, - "type": "object" - }, - "source": { - "description": "Source represents where the user passwords are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "propagationMethod", - "source" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 256, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "affinity": { - "description": "If affinity is specifies, obey all the affinity rules", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + { + "message": "httpKeepAliveTimeout must be greater than or equal to 1 millisecond", + "rule": "!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) >= duration('1ms')" + } + ] + }, + "maxConnections": { + "description": "maxConnections defines the maximum number of simultaneous\nconnections that can be established per HAProxy process.\nIncreasing this value allows each ingress controller pod to\nhandle more connections but at the cost of additional\nsystem resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range\n2000-2000000.\n\nIf this field is empty or 0, the IngressController will use\nthe default value of 50000, but the default is subject to\nchange in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a\nmaximum value based on the available ulimits in the running\ncontainer. Selecting -1 (i.e., auto) will result in a large\nvalue being computed (~520000 on OpenShift >=4.10 clusters)\nand therefore each HAProxy process will incur significant\nmemory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating\nsystem limit will prevent the HAProxy process from\nstarting.\n\nIf you choose a discrete value (e.g., 750000) and the\nrouter pod is migrated to a new node, there's no guarantee\nthat that new node has identical ulimits configured. In\nsuch a scenario the pod would fail to start. If you have\nnodes with different ulimits configured (e.g., different\ntuned profiles) and you choose a discrete value then the\nguidance is to use -1 and let the value be computed\ndynamically at runtime.\n\nYou can monitor memory usage for router containers with the\nfollowing metric:\n'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy\nprocesses in router containers with the following metric:\n'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", + "format": "int32", + "type": "integer" + }, + "reloadInterval": { + "description": "reloadInterval defines the minimum interval at which the router is allowed to reload\nto accept new changes. Increasing this value can prevent the accumulation of\nHAProxy processes, depending on the scenario. Increasing this interval can\nalso lessen load imbalance on a backend's servers when using the roundrobin\nbalancing algorithm. Alternatively, decreasing this value may decrease latency\nsince updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see .\nCurrently, the minimum value allowed is 1s, and the maximum allowed value is\n120s. Minimum and maximum allowed values may change in future versions of OpenShift.\nNote that if a duration outside of these bounds is provided, the value of reloadInterval\nwill be capped/floored and not rejected (e.g. a duration of over 120s will be capped to\n120s; the IngressController will not reject and replace this disallowed value with\nthe default).\n\nA zero value for reloadInterval tells the IngressController to choose the default,\nwhich is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional\nfraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\".\nValid time units are \"ns\", \"us\" (or \"\u00b5s\" U+00B5 or \"\u03bcs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency\nin observing updates to routes and their endpoints. HAProxy's configuration will\nbe reloaded less frequently, and newly created routes will not be served until the\nsubsequent reload.", + "pattern": "^(0|([0-9]+(\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "serverFinTimeout": { + "description": "serverFinTimeout defines how long a connection will be held open while\nwaiting for the server/backend response to the client closing the\nconnection.\n\nIf unset, the default timeout is 1s", + "format": "duration", + "type": "string" + }, + "serverTimeout": { + "description": "serverTimeout defines how long a connection will be held open while\nwaiting for a server/backend response.\n\nIf unset, the default timeout is 30s", + "format": "duration", + "type": "string" + }, + "threadCount": { + "description": "threadCount defines the number of threads created per HAProxy process.\nCreating more threads allows each ingress controller pod to handle more\nconnections, at the cost of more system resources being used. HAProxy\ncurrently supports up to 64 threads. If this field is empty, the\nIngressController will use the default value. The current default is 4\nthreads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number\nof HAProxy threads allows ingress controller pods to utilize more CPU\ntime under load, potentially starving other pods if set too high.\nReducing the number of threads may cause the ingress controller to\nperform poorly.", + "format": "int32", + "maximum": 64, + "minimum": 1, + "type": "integer" + }, + "tlsInspectDelay": { + "description": "tlsInspectDelay defines how long the router can hold data to find a\nmatching route.\n\nSetting this too short can cause the router to fall back to the default\ncertificate for edge-terminated or reencrypt routes even when a better\nmatching certificate could be used.\n\nIf unset, the default inspect delay is 5s", + "format": "duration", + "type": "string" + }, + "tunnelTimeout": { + "description": "tunnelTimeout defines how long a tunnel connection (including\nwebsockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "format": "duration", + "type": "string" + } + }, + "type": "object" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides allows specifying unsupported\nconfiguration options. Its use is unsupported.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the IngressController.", + "properties": { + "availableReplicas": { + "description": "availableReplicas is number of observed available replicas according to the\ningress controller deployment.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and\nservicing route and ingress resources (i.e, .status.availableReplicas\nequals .spec.replicas)\n\nThere are additional conditions which indicate the status of other\ningress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "domain": { + "description": "domain is the actual domain in use.", + "type": "string" + }, + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is the actual strategy in use.", + "properties": { + "hostNetwork": { + "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing\nstrategy. Present only if type is HostNetwork.", + "properties": { + "httpPort": { + "default": 80, + "description": "httpPort is the port on the host which should be used to listen for\nHTTP requests. This field should be set when port 80 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 80.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "httpsPort": { + "default": 443, + "description": "httpsPort is the port on the host which should be used to listen for\nHTTPS requests. This field should be set when port 443 is already in use.\nThe value should not coincide with the NodePort range of the cluster.\nWhen the value is 0 or is not specified it defaults to 443.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + }, + "statsPort": { + "default": 1936, + "description": "statsPort is the port on the host where the stats from the router are\npublished. The value should not coincide with the NodePort range of the\ncluster. If an external load balancer is configured to forward connections\nto this IngressController, the load balancer should use this port for\nhealth checks. The load balancer can send HTTP probes on this port on a\ngiven node, with the path /healthz/ready to determine if the ingress\ncontroller is ready to receive traffic on the node. For proper operation\nthe load balancer must not forward traffic to a node until the health\ncheck reports ready. The load balancer should also stop forwarding requests\nwithin a maximum of 45 seconds after /healthz/ready starts reporting\nnot-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with\na threshold of two successful or failed requests to become healthy or\nunhealthy respectively, are well-tested values. When the value is 0 or\nis not specified it defaults to 1936.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "loadBalancer": { + "description": "loadBalancer holds parameters for the load balancer. Present only if\ntype is LoadBalancerService.", + "properties": { + "allowedSourceRanges": { + "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which\naccess to the load balancer should be restricted. Each range must be\nspecified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is\nspecified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default,\nwhich allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did\nnot have the allowedSourceRanges field, you may set the\nservice.beta.kubernetes.io/load-balancer-source-ranges annotation on\nthe \"router-\" service in the\n\"openshift-ingress\" namespace, and this annotation will take\neffect if allowedSourceRanges is empty on OpenShift 4.12.", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\"\nor \"fd00::/8\").", + "pattern": "(^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dnsManagementPolicy": { + "default": "Managed", + "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record\nassociated with the load balancer service will be managed by\nthe ingress operator. It defaults to Managed.\nValid values are: Managed and Unmanaged.", + "enum": [ + "Managed", + "Unmanaged" + ], + "type": "string" + }, + "providerParameters": { + "description": "providerParameters holds desired load balancer information specific to\nthe underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters\nfields for details about their defaults.", + "properties": { + "aws": { + "description": "aws provides configuration settings that are specific to AWS\nload balancers.\n\nIf empty, defaults will be applied. See specific aws fields for\ndetails about their defaults.", + "properties": { + "classicLoadBalancer": { + "description": "classicLoadBalancerParameters holds configuration parameters for an AWS\nclassic load balancer. Present only if type is Classic.", + "properties": { + "connectionIdleTimeout": { + "description": "connectionIdleTimeout specifies the maximum time period that a\nconnection may be idle before the load balancer closes the\nconnection. The value must be parseable as a time duration value;\nsee . A nil or zero value\nmeans no opinion, in which case a default value is used. The default\nvalue for this field is 60s. This default is subject to change.", + "format": "duration", + "type": "string" + }, + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", + "properties": { + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", + "items": { + "description": "AWSSubnetID is a reference to an AWS subnet ID.", + "maxLength": 24, + "minLength": 24, + "pattern": "^subnet-[0-9A-Za-z]+$", + "type": "string" }, + "maxItems": 10, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet ids cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "names": { + "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "AWSSubnetName is a reference to an AWS subnet name.", + "maxLength": 256, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "subnet name cannot contain a comma", + "rule": "!self.contains(',')" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" + { + "message": "subnet name cannot start with 'subnet-'", + "rule": "!self.startsWith('subnet-')" } - }, - "required": [ - "topologyKey" - ], - "type": "object" + ] }, + "maxItems": 10, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet names cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "the total number of subnets cannot exceed 10", + "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" + }, + { + "message": "must specify at least 1 subnet name or id", + "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" + } + ] } }, "type": "object" }, - "architecture": { - "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", - "type": "string" - }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "networkLoadBalancer": { + "description": "networkLoadBalancerParameters holds configuration parameters for an AWS\nnetwork load balancer. Present only if type is NLB.", "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "eipAllocations": { + "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that\nare assigned to the Network Load Balancer.\nThe following restrictions apply:\n\neipAllocations can only be used with external scope, not internal.\nAn EIP can be allocated to only a single IngressController.\nThe number of EIP allocations must match the number of subnets that are used for the load balancer.\nEach EIP allocation must be unique.\nA maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general\ninformation about configuration, characteristics, and limitations of Elastic IP addresses.", "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" + "description": "EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.\nValues must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.", + "maxLength": 26, + "minLength": 26, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "eipAllocations should start with 'eipalloc-'", + "rule": "self.startsWith('eipalloc-')" }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" + { + "message": "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)", + "rule": "self.split(\"-\", 2)[1].matches('[0-9a-fA-F]{17}$')" } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", - "items": { - "type": "string" + ] }, + "maxItems": 10, "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", - "type": "string" - }, - "domain": { - "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", - "properties": { - "chassis": { - "description": "Chassis specifies the chassis info passed to the domain.", - "properties": { - "asset": { - "type": "string" - }, - "manufacturer": { - "type": "string" - }, - "serial": { - "type": "string" - }, - "sku": { - "type": "string" - }, - "version": { - "type": "string" + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "eipAllocations cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" } - }, - "type": "object" + ] }, - "clock": { - "description": "Clock sets the clock and timers of the vmi.", + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will\nattach. The subnets may be specified by either their\nID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets,\neach subnet must exist, each subnet must be from a different\navailability zone, and the load balancer service must be\nrecreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered\nfor each availability zone. Auto-discovered subnets are not reported\nin the status of the IngressController object.", "properties": { - "timer": { - "description": "Timer specifies whih timers are attached to the vmi.", - "properties": { - "hpet": { - "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "pit": { - "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "rtc": { - "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", - "type": "string" - }, - "track": { - "description": "Track the guest or the wall clock.", - "type": "string" - } - }, - "type": "object" - } + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID.\nSubnet IDs must start with \"subnet-\", consist only\nof alphanumeric characters, must be exactly 24\ncharacters long, must be unique, and the total\nnumber of subnets specified by ids and names\nmust not exceed 10.", + "items": { + "description": "AWSSubnetID is a reference to an AWS subnet ID.", + "maxLength": 24, + "minLength": 24, + "pattern": "^subnet-[0-9A-Za-z]+$", + "type": "string" }, - "type": "object" - }, - "timezone": { - "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", - "type": "string" - }, - "utc": { - "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", - "properties": { - "offsetSeconds": { - "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", - "type": "integer" + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet ids cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "cpu": { - "description": "CPU allow specified the detailed CPU topology inside the vmi.", - "properties": { - "cores": { - "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "dedicatedCpuPlacement": { - "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", - "type": "boolean" + ] }, - "features": { - "description": "Features specifies the CPU features list inside the VMI.", + "names": { + "description": "names specifies a list of AWS subnets by subnet name.\nSubnet names must not start with \"subnet-\", must not\ninclude commas, must be under 256 characters in length,\nmust be unique, and the total number of subnets\nspecified by ids and names must not exceed 10.", "items": { - "description": "CPUFeature allows specifying a CPU feature.", - "properties": { - "name": { - "description": "Name of the CPU feature", - "type": "string" + "description": "AWSSubnetName is a reference to an AWS subnet name.", + "maxLength": 256, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "subnet name cannot contain a comma", + "rule": "!self.contains(',')" }, - "policy": { - "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", - "type": "string" + { + "message": "subnet name cannot start with 'subnet-'", + "rule": "!self.startsWith('subnet-')" } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "isolateEmulatorThread": { - "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", - "type": "boolean" - }, - "maxSockets": { - "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", - "format": "int32", - "type": "integer" - }, - "model": { - "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", - "type": "string" - }, - "numa": { - "description": "NUMA allows specifying settings for the guest NUMA topology", - "properties": { - "guestMappingPassthrough": { - "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", - "type": "object" - } + ] }, - "type": "object" - }, - "realtime": { - "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", - "properties": { - "mask": { - "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", - "type": "string" + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "subnet names cannot contain duplicates", + "rule": "self.all(x, self.exists_one(y, x == y))" } - }, - "type": "object" - }, - "sockets": { - "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "threads": { - "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" + ] } }, - "type": "object" - }, - "devices": { - "description": "Devices allows adding disks, network interfaces, and others", - "properties": { - "autoattachGraphicsDevice": { - "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachInputDevice": { - "description": "Whether to attach an Input Device.\nDefaults to false.", - "type": "boolean" - }, - "autoattachMemBalloon": { - "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", - "type": "boolean" - }, - "autoattachPodInterface": { - "description": "Whether to attach a pod network interface. Defaults to true.", - "type": "boolean" - }, - "autoattachSerialConsole": { - "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachVSOCK": { - "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", - "type": "boolean" - }, - "blockMultiQueue": { - "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", - "type": "boolean" - }, - "clientPassthrough": { - "description": "To configure and access client devices such as redirecting USB", - "type": "object" - }, - "disableHotplug": { - "description": "DisableHotplug disabled the ability to hotplug disks.", - "type": "boolean" - }, - "disks": { - "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", - "items": { - "properties": { - "blockSize": { - "description": "If specified, the virtual disk will be presented with the given block sizes.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", - "type": "integer" - }, - "cache": { - "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", - "type": "string" - }, - "cdrom": { - "description": "Attach a volume as a cdrom to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to true.", - "type": "boolean" - }, - "tray": { - "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", - "type": "string" - } - }, - "type": "object" - }, - "dedicatedIOThread": { - "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", - "type": "boolean" - }, - "disk": { - "description": "Attach a volume as a disk to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", - "type": "string" - }, - "pciAddress": { - "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "errorPolicy": { - "description": "If specified, it can change the default error policy (stop) for the disk", - "type": "string" - }, - "io": { - "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", - "type": "string" - }, - "lun": { - "description": "Attach a volume as a LUN to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - }, - "reservation": { - "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", - "type": "boolean" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "serial": { - "description": "Serial provides the ability to specify a serial number for the disk device.", - "type": "string" - }, - "shareable": { - "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", - "type": "boolean" - }, - "tag": { - "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "downwardMetrics": { - "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", - "type": "object" - }, - "filesystems": { - "description": "Filesystems describes filesystem which is connected to the vmi.", - "items": { - "properties": { - "name": { - "description": "Name is the device name", - "type": "string" - }, - "virtiofs": { - "description": "Virtiofs is supported", - "type": "object" - } - }, - "required": [ - "name", - "virtiofs" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "gpus": { - "description": "Whether to attach a GPU device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "description": "Name of the GPU device as exposed by a device plugin", - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - }, - "virtualGPUOptions": { - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "hostDevices": { - "description": "Whether to attach a host device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "inputs": { - "description": "Inputs describe input devices", - "items": { - "properties": { - "bus": { - "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", - "type": "string" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "type": { - "description": "Type indicated the type of input device.\nSupported values: tablet.", - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "interfaces": { - "description": "Interfaces describe network interfaces which are added to the vmi.", - "items": { - "properties": { - "acpiIndex": { - "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", - "type": "integer" - }, - "binding": { - "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", - "properties": { - "name": { - "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", - "type": "integer" - }, - "bridge": { - "description": "InterfaceBridge connects to a given network via a linux bridge.", - "type": "object" - }, - "dhcpOptions": { - "description": "If specified the network interface will pass additional DHCP options to the VMI", - "properties": { - "bootFileName": { - "description": "If specified will pass option 67 to interface's DHCP server", - "type": "string" - }, - "ntpServers": { - "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", - "items": { - "type": "string" - }, - "type": "array" - }, - "privateOptions": { - "description": "If specified will pass extra DHCP options for private use, range: 224-254", - "items": { - "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", - "properties": { - "option": { - "description": "Option is an Integer value from 224-254\nRequired.", - "type": "integer" - }, - "value": { - "description": "Value is a String value for the Option provided\nRequired.", - "type": "string" - } - }, - "required": [ - "option", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "tftpServerName": { - "description": "If specified will pass option 66 to interface's DHCP server", - "type": "string" - } - }, - "type": "object" - }, - "macAddress": { - "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", - "type": "string" - }, - "macvtap": { - "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "masquerade": { - "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", - "type": "object" - }, - "model": { - "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", - "type": "string" - }, - "name": { - "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", - "type": "string" - }, - "passt": { - "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "pciAddress": { - "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "ports": { - "description": "List of ports to be forwarded to the virtual machine.", - "items": { - "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", - "properties": { - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "port": { - "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "protocol": { - "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array" - }, - "slirp": { - "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", - "type": "object" - }, - "sriov": { - "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", - "type": "object" - }, - "state": { - "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "logSerialConsole": { - "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", - "type": "boolean" - }, - "networkInterfaceMultiqueue": { - "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", - "type": "boolean" - }, - "panicDevices": { - "description": "PanicDevices provides additional crash information when a guest crashes.", - "items": { - "properties": { - "model": { - "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "rng": { - "description": "Whether to have random number generator from host", - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "the total number of subnets cannot exceed 10", + "rule": "has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true" }, - "sound": { - "description": "Whether to emulate a sound device.", + { + "message": "must specify at least 1 subnet name or id", + "rule": "has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.ids) && has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids + self.subnets.names) == size(self.eipAllocations) : true" + }, + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.ids) && !has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids) == size(self.eipAllocations) : true" + }, + { + "message": "number of subnets must be equal to number of eipAllocations", + "rule": "has(self.subnets) && has(self.subnets.names) && !has(self.subnets.ids) && has(self.eipAllocations) ? size(self.subnets.names) == size(self.eipAllocations) : true" + } + ] + }, + "type": { + "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "enum": [ + "Classic", + "NLB" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "gcp": { + "description": "gcp provides configuration settings that are specific to GCP\nload balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for\ndetails about their defaults.", + "properties": { + "clientAccess": { + "description": "clientAccess describes how client access is restricted for internal\nload balancers.\n\nValid values are:\n* \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", + "enum": [ + "Global", + "Local" + ], + "type": "string" + } + }, + "type": "object" + }, + "ibm": { + "description": "ibm provides configuration settings that are specific to IBM Cloud\nload balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for\ndetails about their defaults.", + "properties": { + "protocol": { + "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to\nthe IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features:\n\"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is TCP, without the proxy protocol enabled.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "openstack": { + "description": "openstack provides configuration settings that are specific to OpenStack\nload balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for\ndetails about their defaults.", + "properties": { + "floatingIP": { + "description": "floatingIP specifies the IP address that the load balancer will use.\nWhen not specified, an IP address will be assigned randomly by the OpenStack cloud provider.\nWhen specified, the floating IP has to be pre-created. If the\nspecified value is not a floating IP or is already claimed, the\nOpenStack cloud provider won't be able to provision the load\nbalancer.\nThis field may only be used if the IngressController has External scope.\nThis value must be a valid IPv4 or IPv6 address.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "floatingIP must be a valid IPv4 or IPv6 address", + "rule": "isIP(self)" + } + ] + } + }, + "type": "object" + }, + "type": { + "description": "type is the underlying infrastructure provider for the load balancer.\nAllowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\",\n\"OpenStack\", and \"VSphere\".", + "enum": [ + "AWS", + "Azure", + "BareMetal", + "GCP", + "Nutanix", + "OpenStack", + "VSphere", + "IBM" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "openstack is not permitted when type is not OpenStack", + "rule": "has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)" + } + ] + }, + "scope": { + "description": "scope indicates the scope at which the load balancer is exposed.\nPossible values are \"External\" and \"Internal\".", + "enum": [ + "Internal", + "External" + ], + "type": "string" + } + }, + "required": [ + "dnsManagementPolicy", + "scope" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "eipAllocations are forbidden when the scope is Internal.", + "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)" + }, + { + "message": "cannot specify a floating ip when scope is internal", + "rule": "!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == \"\"" + } + ] + }, + "nodePort": { + "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy.\nPresent only if type is NodePortService.", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "private": { + "description": "private holds parameters for the Private endpoint publishing\nstrategy. Present only if type is Private.", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming\nconnections to use plain TCP or whether the IngressController expects\nPROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to\ncommunicate the source addresses of client connections when\nforwarding those connections to the IngressController. Using PROXY\nprotocol enables the IngressController to report those source\naddresses instead of reporting the load balancer's address in HTTP\nheaders and logs. Note that enabling PROXY protocol on the\nIngressController will cause connections to fail if you are not using\na load balancer that uses PROXY protocol to forward connections to\nthe IngressController. See\nhttp://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for\ninformation about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string.\n* \"TCP\".\n* \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY\nprotocol. Note that the default is subject to change.", + "enum": [ + "", + "TCP", + "PROXY" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the\nLoadBalancer Service's external name. DNS records are managed only in DNS\nzones defined by dns.config.openshift.io/cluster .spec.publicZone and\n.spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure,\nand GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller\nis deployed.\n\nIn this configuration, the ingress controller deployment uses host\nnetworking, bound to node ports 80 and 443. The user is responsible for\nconfiguring an external load balancer to publish the ingress controller via\nthe node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking, and is not explicitly published. The user must manually publish\nthe ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container\nnetworking. A NodePort Service is created to publish the deployment. The\nspecific node ports are dynamically allocated by OpenShift; however, to\nsupport static port allocations, user changes to the node port\nfield of the managed NodePort Service will preserved.", + "enum": [ + "LoadBalancerService", + "HostNetwork", + "Private", + "NodePortService" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "namespaceSelector": { + "description": "namespaceSelector is the actual namespaceSelector in use.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed.", + "format": "int64", + "type": "integer" + }, + "routeSelector": { + "description": "routeSelector is the actual routeSelector in use.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "selector": { + "description": "selector is a label selector, in string format, for ingress controller pods\ncorresponding to the IngressController. The number of matching pods should\nequal the value of availableReplicas.", + "type": "string" + }, + "tlsProfile": { + "description": "tlsProfile is the TLS connection configuration that is in effect.", + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "IngressController", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/IngressControllerList": { + "description": "IngressControllerList is a list of IngressController", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ingresscontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.IngressController" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "IngressControllerList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/InsightsOperator": { + "description": "InsightsOperator holds cluster-wide information about the Insights Operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Insights.", + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the Insights operator.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gatherStatus": { + "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", + "properties": { + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "items": { + "description": "gathererStatus represents information about a particular data gatherer.", + "properties": { + "conditions": { + "description": "conditions provide details on the status of each gatherer.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "lastGatherDuration": { + "description": "lastGatherDuration represents the time spent gathering.", + "pattern": "^(([0-9]+(?:\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "name": { + "description": "name is the name of the gatherer.", + "maxLength": 256, + "minLength": 5, + "type": "string" + } + }, + "required": [ + "conditions", + "lastGatherDuration", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "lastGatherDuration": { + "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", + "pattern": "^(0|([0-9]+(?:\\.[0-9]+)?(ns|us|\u00b5s|\u03bcs|ms|s|m|h))+)$", + "type": "string" + }, + "lastGatherTime": { + "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", + "properties": { + "downloadedAt": { + "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "format": "date-time", + "type": "string" + }, + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", + "items": { + "description": "healthCheck represents an Insights health check attributes.", + "properties": { + "advisorURI": { + "description": "advisorURI provides the URL link to the Insights Advisor.", + "pattern": "^https:\\/\\/\\S+", + "type": "string" + }, + "description": { + "description": "description provides basic description of the healtcheck.", + "maxLength": 2048, + "minLength": 10, + "type": "string" + }, + "state": { + "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string" + }, + "totalRisk": { + "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "format": "int32", + "maximum": 4, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "advisorURI", + "description", + "state", + "totalRisk" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "InsightsOperator", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/InsightsOperatorList": { + "description": "InsightsOperatorList is a list of InsightsOperator", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of insightsoperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.InsightsOperator" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "InsightsOperatorList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeAPIServer": { + "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes API Server", + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Force)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes API Server", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "items": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "properties": { + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer" + }, + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", + "type": "string" + }, + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "format": "int32", + "type": "integer" + }, + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "format": "date-time", + "type": "string" + }, + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer" + }, + "nodeName": { + "description": "nodeName is the name of the node", + "type": "string" + }, + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "nodeName" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "fieldPath": ".currentRevision", + "message": "cannot be unset once set", + "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" + }, + { + "fieldPath": ".currentRevision", + "message": "currentRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.currentRevision)" + }, + { + "fieldPath": ".targetRevision", + "message": "targetRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.targetRevision)" + } + ] + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "no more than 1 node status may have a nonzero targetRevision", + "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "serviceAccountIssuers": { + "description": "serviceAccountIssuers tracks history of used service account issuers.\nThe item without expiration time represents the currently used service account issuer.\nThe other items represents service account issuers that were used previously and are still being trusted.\nThe default expiration for the items is set by the platform and it defaults to 24h.\nsee: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", + "items": { + "properties": { + "expirationTime": { + "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list\nof service account issuers.", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "name is the name of the service account issuer", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeAPIServer", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeAPIServerList": { + "description": "KubeAPIServerList is a list of KubeAPIServer", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of kubeapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.KubeAPIServer" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeAPIServerList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeControllerManager": { + "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Force)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "useMoreSecureServiceCA": { + "default": false, + "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only\nenough certificates to validate service serving certificates.\nOnce set to true, it cannot be set to false.\nEven if someone finds a way to set it back to false, the service-ca.crt files that previously existed will\nonly have the more secure content.", + "type": "boolean" + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes Controller Manager", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "items": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "properties": { + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer" + }, + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", + "type": "string" + }, + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "format": "int32", + "type": "integer" + }, + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "format": "date-time", + "type": "string" + }, + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer" + }, + "nodeName": { + "description": "nodeName is the name of the node", + "type": "string" + }, + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "nodeName" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "fieldPath": ".currentRevision", + "message": "cannot be unset once set", + "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" + }, + { + "fieldPath": ".currentRevision", + "message": "currentRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.currentRevision)" + }, + { + "fieldPath": ".targetRevision", + "message": "targetRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.targetRevision)" + } + ] + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "no more than 1 node status may have a nonzero targetRevision", + "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeControllerManager", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeControllerManagerList": { + "description": "KubeControllerManagerList is a list of KubeControllerManager", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of kubecontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.KubeControllerManager" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeControllerManagerList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeScheduler": { + "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Force)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes Scheduler", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "items": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "properties": { + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment.\nCan not be set on creation of a nodeStatus. Updates must only increase the value.", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer" + }, + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", + "type": "string" + }, + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "format": "int32", + "type": "integer" + }, + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "format": "date-time", + "type": "string" + }, + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer" + }, + "nodeName": { + "description": "nodeName is the name of the node", + "type": "string" + }, + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply.\nCan not be set on creation of a nodeStatus.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "nodeName" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "fieldPath": ".currentRevision", + "message": "cannot be unset once set", + "rule": "has(self.currentRevision) || !has(oldSelf.currentRevision)" + }, + { + "fieldPath": ".currentRevision", + "message": "currentRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.currentRevision)" + }, + { + "fieldPath": ".targetRevision", + "message": "targetRevision can not be set on creation of a nodeStatus", + "optionalOldSelf": true, + "rule": "oldSelf.hasValue() || !has(self.targetRevision)" + } + ] + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "no more than 1 node status may have a nonzero targetRevision", + "rule": "size(self.filter(status, status.?targetRevision.orValue(0) != 0)) <= 1" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeScheduler", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeSchedulerList": { + "description": "KubeSchedulerList is a list of KubeScheduler", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of kubeschedulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.KubeScheduler" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeSchedulerList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeStorageVersionMigrator": { + "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeStorageVersionMigrator", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/KubeStorageVersionMigratorList": { + "description": "KubeStorageVersionMigratorList is a list of KubeStorageVersionMigrator", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of kubestorageversionmigrators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.KubeStorageVersionMigrator" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "KubeStorageVersionMigratorList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/MachineConfiguration": { + "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Machine Config Operator", + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string.\nThis provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work\nthis time instead of failing again on the same config.", + "type": "string" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managedBootImages": { + "description": "managedBootImages allows configuration for the management of boot images for machine\nresources within the cluster. This configuration allows users to select resources that should\nbe updated to the latest boot images during cluster upgrades, ensuring that new machines\nalways boot with the current cluster version's boot image. When omitted, this means no opinion\nand the platform is left to choose a reasonable default, which is subject to change over time.\nThe default for each machine manager mode is All for GCP and AWS platforms, and None for all\nother platforms.", + "properties": { + "machineManagers": { + "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator\nwill watch for changes to this list. Only one entry is permitted per type of machine management resource.", + "items": { + "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information\nsuch as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "properties": { + "apiGroup": { + "description": "apiGroup is name of the APIGroup that the machine management resource belongs to.\nThe only current valid value is machine.openshift.io.\nmachine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "enum": [ + "machine.openshift.io" + ], + "type": "string" + }, + "resource": { + "description": "resource is the machine management resource's type.\nThe only current valid value is machinesets.\nmachinesets means that the machine manager will only register resources of the kind MachineSet.", + "enum": [ + "machinesets" + ], + "type": "string" + }, + "selection": { + "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", + "properties": { + "mode": { + "description": "mode determines how machine managers will be selected for updates.\nValid values are All and Partial.\nAll means that every resource matched by the machine manager will be updated.\nPartial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.\nNone means that every resource matched by the machine manager will not be updated.", + "enum": [ + "All", + "Partial", + "None" + ], + "type": "string" + }, + "partial": { + "description": "partial provides label selector(s) that can be used to match machine management resources.\nOnly permitted when mode is set to \"Partial\".", + "properties": { + "machineResourceSelector": { + "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "model": { - "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", - "type": "string" - }, - "name": { - "description": "User's defined name for this sound device", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "tpm": { - "description": "Whether to emulate a TPM device.", - "properties": { - "enabled": { - "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", - "type": "boolean" }, - "persistent": { - "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "useVirtioTransitional": { - "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", - "type": "boolean" - }, - "video": { - "description": "Video describes the video device configuration for the vmi.", - "properties": { - "type": { - "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" - } - }, - "type": "object" - }, - "watchdog": { - "description": "Watchdog describes a watchdog device which can be added to the vmi.", - "properties": { - "diag288": { - "description": "diag288 watchdog device (specific to s390x architecture).", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } - }, - "type": "object" }, - "i6300esb": { - "description": "i6300esb watchdog device.", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "type": "object" - }, - "name": { - "description": "Name of the watchdog.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" - } - }, - "type": "object" - }, - "features": { - "description": "Features like acpi, apic, hyperv, smm.", - "properties": { - "acpi": { - "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "apic": { - "description": "Defaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "endOfInterrupt": { - "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Defaults to the machine type setting.", - "properties": { - "evmcs": { - "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "frequencies": { - "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "ipi": { - "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reenlightenment": { - "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "relaxed": { - "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reset": { - "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "runtime": { - "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "spinlocks": { - "description": "Spinlocks allows to configure the spinlock retry attempts.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "spinlocks": { - "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "synic": { - "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "synictimer": { - "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", - "properties": { - "direct": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "tlbflush": { - "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vapic": { - "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vendorid": { - "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "vendorid": { - "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", - "type": "string" - } - }, - "type": "object" - }, - "vpindex": { - "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hypervPassthrough": { - "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "Configure how KVM presence is exposed to the guest.", - "properties": { - "hidden": { - "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "pvspinlock": { - "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" }, - "smm": { - "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "firmware": { - "description": "Firmware.", - "properties": { - "acpi": { - "description": "Information that can be set in the ACPI table", - "properties": { - "msdmNameRef": { - "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", - "type": "string" - }, - "slicNameRef": { - "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", - "type": "string" - } - }, - "type": "object" - }, - "bootloader": { - "description": "Settings to control the bootloader that is used.", - "properties": { - "bios": { - "description": "If set (default), BIOS will be used.", - "properties": { - "useSerial": { - "description": "If set, the BIOS output will be transmitted over serial", - "type": "boolean" - } - }, - "type": "object" - }, - "efi": { - "description": "If set, EFI will be used instead of BIOS.", - "properties": { - "persistent": { - "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", - "type": "boolean" - }, - "secureBoot": { - "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "kernelBoot": { - "description": "Settings to set the kernel for booting.", - "properties": { - "container": { - "description": "Container defines the container that containes kernel artifacts", - "properties": { - "image": { - "description": "Image that contains initrd / kernel files.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "initrdPath": { - "description": "the fully-qualified path to the ramdisk image in the host OS", - "type": "string" - }, - "kernelPath": { - "description": "The fully-qualified path to the kernel image in the host OS", - "type": "string" - } - }, - "required": [ - "image" - ], - "type": "object" - }, - "kernelArgs": { - "description": "Arguments to be passed to the kernel at boot time", - "type": "string" - } - }, - "type": "object" - }, - "serial": { - "description": "The system-serial-number in SMBIOS", + "matchLabels": { + "additionalProperties": { "type": "string" }, - "uuid": { - "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", - "type": "string" - } - }, - "type": "object" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "ioThreads": { - "description": "IOThreads specifies the IOThreads options.", - "properties": { - "supplementalPoolThreadCount": { - "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "machineResourceSelector" + ], + "type": "object" + } + }, + "required": [ + "mode" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Partial is required when type is partial, and forbidden otherwise", + "rule": "has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)" + } + ] + } + }, + "required": [ + "apiGroup", + "resource", + "selection" + ], + "type": "object" + }, + "maxItems": 5, + "type": "array", + "x-kubernetes-list-map-keys": [ + "resource", + "apiGroup" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "nodeDisruptionPolicy": { + "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for\nMachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow\nfor less downtime when doing small configuration updates to the cluster. This configuration\nhas no effect on cluster upgrades which will still incur node disruption where required.", + "properties": { + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths\nThis list supports a maximum of 50 entries.", + "items": { + "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } - }, - "type": "object" - }, - "ioThreadsPolicy": { - "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", - "type": "string" - }, - "launchSecurity": { - "description": "Launch Security setting of the vmi.", - "properties": { - "sev": { - "description": "AMD Secure Encrypted Virtualization (SEV).", - "properties": { - "attestation": { - "description": "If specified, run the attestation process for a vmi.", - "type": "object" - }, - "dhCert": { - "description": "Base64 encoded guest owner's Diffie-Hellman key.", - "type": "string" - }, - "policy": { - "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", - "properties": { - "encryptedState": { - "description": "SEV-ES is required.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "session": { - "description": "Base64 encoded session blob.", - "type": "string" - } - }, - "type": "object" + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + }, + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + }, + "path": { + "description": "path is the location of a file being managed through a MachineConfig.\nThe Actions in the policy will apply to changes to the file at this path.", + "type": "string" + } + }, + "required": [ + "actions", + "path" + ], + "type": "object" + }, + "maxItems": 50, + "type": "array", + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" + }, + "sshkey": { + "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this\nwill apply to all sshkey changes in the cluster", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, - "type": "object" - }, - "machine": { - "description": "Machine type.", - "properties": { - "type": { - "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", - "type": "string" - } + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, - "type": "object" - }, - "memory": { - "description": "Memory allow specifying the VMI memory features.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + }, + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services\nThis list supports a maximum of 50 entries.", + "items": { + "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, - "hugepages": { - "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload and None.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + }, + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + }, + "name": { + "description": "name represents the service name of a systemd service managed through a MachineConfig\nActions specified will be applied for changes to the named service.\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "actions", + "name" + ], + "type": "object" + }, + "maxItems": 50, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api\n-1 = unlimited, 0 or unset = 5 (default)", + "format": "int32", + "type": "integer" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status is the most recently observed status of the Machine Config Operator", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "managedBootImagesStatus": { + "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is\nand will be used by Machine Config Controller while performing boot image updates.", + "properties": { + "machineManagers": { + "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator\nwill watch for changes to this list. Only one entry is permitted per type of machine management resource.", + "items": { + "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information\nsuch as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "properties": { + "apiGroup": { + "description": "apiGroup is name of the APIGroup that the machine management resource belongs to.\nThe only current valid value is machine.openshift.io.\nmachine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "enum": [ + "machine.openshift.io" + ], + "type": "string" + }, + "resource": { + "description": "resource is the machine management resource's type.\nThe only current valid value is machinesets.\nmachinesets means that the machine manager will only register resources of the kind MachineSet.", + "enum": [ + "machinesets" + ], + "type": "string" + }, + "selection": { + "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", + "properties": { + "mode": { + "description": "mode determines how machine managers will be selected for updates.\nValid values are All and Partial.\nAll means that every resource matched by the machine manager will be updated.\nPartial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.\nNone means that every resource matched by the machine manager will not be updated.", + "enum": [ + "All", + "Partial", + "None" + ], + "type": "string" + }, + "partial": { + "description": "partial provides label selector(s) that can be used to match machine management resources.\nOnly permitted when mode is set to \"Partial\".", + "properties": { + "machineResourceSelector": { + "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "pageSize": { - "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" - } - }, - "type": "object" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" - } - ], - "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "resources": { - "description": "Resources describes the Compute Resources required by this vmi.", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - }, - "overcommitGuestOverhead": { - "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "devices" - ], - "type": "object" - }, - "evictionStrategy": { - "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", - "type": "string" - }, - "hostname": { - "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", - "type": "string" - }, - "livenessProbe": { - "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } + }, + "required": [ + "key", + "operator" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "matchLabels": { + "additionalProperties": { "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "networks": { - "description": "List of networks that can be attached to a vm's virtual interface.", - "items": { - "description": "Network represents a network type and a resource that should be connected to the vm.", - "properties": { - "multus": { - "description": "Represents the multus cni network.", - "properties": { - "default": { - "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", - "type": "boolean" - }, - "networkName": { - "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", - "type": "string" - } - }, - "required": [ - "networkName" - ], - "type": "object" - }, - "name": { - "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "pod": { - "description": "Represents the stock pod network interface.", - "properties": { - "vmIPv6NetworkCIDR": { - "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", - "type": "string" - }, - "vmNetworkCIDR": { - "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", - "type": "string" - } - }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "readinessProbe": { - "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "required": [ + "machineResourceSelector" + ], + "type": "object" + } + }, + "required": [ + "mode" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Partial is required when type is partial, and forbidden otherwise", + "rule": "has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)" + } + ] + } + }, + "required": [ + "apiGroup", + "resource", + "selection" + ], + "type": "object" + }, + "maxItems": 5, + "type": "array", + "x-kubernetes-list-map-keys": [ + "resource", + "apiGroup" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + }, + "nodeDisruptionPolicyStatus": { + "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are,\nand will be used by the Machine Config Daemon during future node updates.", + "properties": { + "clusterPolicies": { + "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", + "properties": { + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "items": { + "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ { - "type": "integer" + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, { - "type": "string" + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" + ] } }, "required": [ - "port" + "serviceName" ], "type": "object" }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ { - "type": "integer" + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, { - "type": "string" + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + ] } }, "required": [ - "port" + "serviceName" ], "type": "object" }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None", + "Special" + ], + "type": "string" } }, - "type": "object" - }, - "resourceClaims": { - "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", - "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", - "type": "string" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "required": [ + "type" ], - "x-kubernetes-list-type": "map" - }, - "schedulerName": { - "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", - "type": "string" - }, - "startStrategy": { - "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", - "type": "string" - }, - "subdomain": { - "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If toleration is specified, obey all the toleration rules.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] }, - "volumes": { - "description": "List of volumes that can be mounted by disks belonging to the vmi.", - "items": { - "description": "Volume represents a named volume in a vmi.", - "properties": { - "cloudInitConfigDrive": { - "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", - "properties": { - "networkData": { - "description": "NetworkData contains config drive inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains config drive inline cloud-init userdata.", - "type": "string" - }, - "userDataBase64": { - "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", - "type": "string" - } - }, - "type": "object" - }, - "cloudInitNoCloud": { - "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", - "properties": { - "networkData": { - "description": "NetworkData contains NoCloud inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains NoCloud inline cloud-init userdata.", - "type": "string" - }, - "userDataBase64": { - "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", - "type": "string" - } - }, - "type": "object" - }, - "configMap": { - "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or it's keys must be defined", - "type": "boolean" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "containerDisk": { - "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", - "properties": { - "image": { - "description": "Image is the name of the image with the embedded disk.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "path": { - "description": "Path defines the path to disk file in the container", - "type": "string" - } - }, - "required": [ - "image" - ], - "type": "object" - }, - "dataVolume": { - "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", - "properties": { - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "name": { - "description": "Name of both the DataVolume and the PVC in the same namespace.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "downwardAPI": { - "description": "DownwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "fields": { - "description": "Fields is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } - }, - "type": "object" - }, - "downwardMetrics": { - "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", - "type": "object" - }, - "emptyDisk": { - "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", - "properties": { - "capacity": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Capacity of the sparse disk.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "capacity" - ], - "type": "object" - }, - "ephemeral": { - "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", - "properties": { - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - } - }, - "type": "object" - }, - "hostDisk": { - "description": "HostDisk represents a disk created on the cluster level", - "properties": { - "capacity": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Capacity of the sparse disk", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "path": { - "description": "The path to HostDisk image located on the cluster", - "type": "string" - }, - "shared": { - "description": "Shared indicate whether the path is shared between nodes", - "type": "boolean" + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + }, + "path": { + "description": "path is the location of a file being managed through a MachineConfig.\nThe Actions in the policy will apply to changes to the file at this path.", + "type": "string" + } + }, + "required": [ + "actions", + "path" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array", + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" + }, + "sshkey": { + "description": "sshkey is the overall sshkey MachineConfig definition", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, - "type": { - "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", - "type": "string" + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } - }, - "required": [ - "path", - "type" - ], - "type": "object" - }, - "memoryDump": { - "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" } - }, - "required": [ - "claimName" - ], - "type": "object" + ] + } + }, + "required": [ + "serviceName" + ], + "type": "object" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None", + "Special" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + }, + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + } + }, + "required": [ + "actions" + ], + "type": "object" + }, + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "items": { + "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at\nthe corresponding file path. Actions will be applied in the order that\nthey are set in this list. If there are other incoming changes to other MachineConfig\nentries in the same update that require a reboot, the reboot will supercede these actions.\nValid actions are Reboot, Drain, Reload, DaemonReload and None.\nThe Reboot action and the None action cannot be used in conjunction with any of the other actions.\nThis list supports a maximum of 10 entries.", + "items": { + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } }, - "name": { - "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "required": [ + "serviceName" + ], + "type": "object" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } }, - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } + "required": [ + "serviceName" + ], + "type": "object" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed\nValid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special.\nreload/restart requires a corresponding service target specified in the reload/restart field.\nOther values require no further configuration", + "enum": [ + "Reboot", + "Drain", + "Reload", + "Restart", + "DaemonReload", + "None", + "Special" + ], + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "reload is required when type is Reload, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)" + }, + { + "message": "restart is required when type is Restart, and forbidden otherwise", + "rule": "has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)" + } + ] + }, + "maxItems": 10, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Reboot action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='Reboot') ? size(self) == 1 : true" + }, + { + "message": "None action can only be specified standalone, as it will override any other actions", + "rule": "self.exists(x, x.type=='None') ? size(self) == 1 : true" + } + ] + }, + "name": { + "description": "name represents the service name of a systemd service managed through a MachineConfig\nActions specified will be applied for changes to the named service.\nService names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long.\n${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\".\n${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "maxLength": 255, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\".", + "rule": "self.matches('\\\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')" + }, + { + "message": "Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"", + "rule": "self.matches('^[a-zA-Z0-9:._\\\\\\\\-]+\\\\..')" + } + ] + } + }, + "required": [ + "actions", + "name" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "MachineConfiguration", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/MachineConfigurationList": { + "description": "MachineConfigurationList is a list of MachineConfiguration", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of machineconfigurations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.MachineConfiguration" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "MachineConfigurationList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/Network": { + "description": "Network describes the cluster's desired network configuration. It is\nconsumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "NetworkSpec is the top-level network configuration object.", + "properties": { + "additionalNetworks": { + "description": "additionalNetworks is a list of extra networks to make available to pods\nwhen multiple networks are enabled.", + "items": { + "description": "AdditionalNetworkDefinition configures an extra network that is available but not\ncreated by default. Instead, pods must request them by name.\ntype must be specified, along with exactly one \"Config\" that matches the type.", + "properties": { + "name": { + "description": "name is the name of the network. This will be populated in the resulting CRD\nThis must be unique.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the network. This will be populated in the resulting CRD\nIf not given the network will be created in the default namespace.", + "type": "string" + }, + "rawCNIConfig": { + "description": "rawCNIConfig is the raw CNI configuration json to create in the\nNetworkAttachmentDefinition CRD", + "type": "string" + }, + "simpleMacvlanConfig": { + "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", + "properties": { + "ipamConfig": { + "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", + "properties": { + "staticIPAMConfig": { + "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", + "properties": { + "addresses": { + "description": "addresses configures IP address for the interface", + "items": { + "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", + "properties": { + "address": { + "description": "address is the IP address in CIDR format", + "type": "string" }, - "required": [ - "claimName" - ], - "type": "object" + "gateway": { + "description": "gateway is IP inside of subnet to designate as the gateway", + "type": "string" + } }, - "secret": { - "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", - "properties": { - "optional": { - "description": "Specify whether the Secret or it's keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } - }, - "type": "object" + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dns": { + "description": "dns configures DNS for the interface", + "properties": { + "domain": { + "description": "domain configures the domainname the local domain used for short hostname lookups", + "type": "string" }, - "serviceAccount": { - "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "properties": { - "serviceAccountName": { - "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - } + "nameservers": { + "description": "nameservers points DNS servers for IP lookup", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "sysprep": { - "description": "Represents a Sysprep volume source.", - "properties": { - "configMap": { - "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "search": { + "description": "search configures priority ordered search domains for short hostname lookups", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "name" - ], "type": "object" }, - "maxItems": 256, - "type": "array" + "routes": { + "description": "routes configures IP routes for the interface", + "items": { + "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", + "properties": { + "destination": { + "description": "destination points the IP route destination", + "type": "string" + }, + "gateway": { + "description": "gateway is the route's next-hop IP address\nIf unset, a default gateway is assumed (as determined by the CNI plugin).", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "type": { + "description": "type is the type of IPAM module will be used for IP Address Management(IPAM).\nThe supported values are IPAMTypeDHCP, IPAMTypeStatic", + "type": "string" + } + }, + "type": "object" + }, + "master": { + "description": "master is the host interface to create the macvlan interface from.\nIf not specified, it will be default route interface", + "type": "string" + }, + "mode": { + "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", + "type": "string" + }, + "mtu": { + "description": "mtu is the mtu to use for the macvlan interface. if unset, host's\nkernel will select the value.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "type": { + "description": "type is the type of network\nThe supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "additionalRoutingCapabilities": { + "description": "additionalRoutingCapabilities describes components and relevant\nconfiguration providing additional routing capabilities. When set, it\nenables such components and the usage of the routing capabilities they\nprovide for the machine network. Upstream operators, like MetalLB\noperator, requiring these capabilities may rely on, or automatically set\nthis attribute. Network plugins may leverage advanced routing\ncapabilities acquired through the enablement of these components but may\nrequire specific configuration on their side to do so; refer to their\nrespective documentation and configuration options.", + "properties": { + "providers": { + "description": "providers is a set of enabled components that provide additional routing\ncapabilities. Entries on this list must be unique. The only valid value\nis currrently \"FRR\" which provides FRR routing capabilities through the\ndeployment of FRR.", + "items": { + "description": "RoutingCapabilitiesProvider is a component providing routing capabilities.", + "enum": [ + "FRR" + ], + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-validations": [ + { + "rule": "self.all(x, self.exists_one(y, x == y))" + } + ] + } + }, + "required": [ + "providers" + ], + "type": "object" + }, + "clusterNetwork": { + "description": "clusterNetwork is the IP address pool to use for pod IPs.\nSome network providers support multiple ClusterNetworks.\nOthers only support one. This is equivalent to the cluster-cidr.", + "items": { + "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size\nHostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If\nthe HostPrefix field is not used by the plugin, it can be left unset.\nNot all network providers support multiple ClusterNetworks", + "properties": { + "cidr": { + "type": "string" + }, + "hostPrefix": { + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "defaultNetwork": { + "description": "defaultNetwork is the \"default\" network that all pods will receive", + "properties": { + "openshiftSDNConfig": { + "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin.\nDEPRECATED: OpenShift SDN is no longer supported.", + "properties": { + "enableUnidling": { + "description": "enableUnidling controls whether or not the service proxy will support idling\nand unidling of services. By default, unidling is enabled.", + "type": "boolean" + }, + "mode": { + "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", + "type": "string" + }, + "mtu": { + "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset.\nThis must be 50 bytes smaller than the machine's uplink.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "useExternalOpenvswitch": { + "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS\nDaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always\nrun as a system service, and this flag is ignored.", + "type": "boolean" + }, + "vxlanPort": { + "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "ovnKubernetesConfig": { + "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", + "properties": { + "egressIPConfig": { + "description": "egressIPConfig holds the configuration for EgressIP options.", + "properties": { + "reachabilityTotalTimeoutSeconds": { + "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds.\nIf the EgressIP node cannot be reached within this timeout, the node is declared down.\nSetting a large value may cause the EgressIP feature to react slowly to node changes.\nIn particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable.\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time.\nThe current default is 1 second.\nA value of 0 disables the EgressIP node's reachability check.", + "format": "int32", + "maximum": 60, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "gatewayConfig": { + "description": "gatewayConfig holds the configuration for node gateway options.", + "properties": { + "ipForwarding": { + "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex).\nBy default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other\nIP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across\nOVN-Kubernetes managed interfaces, then set this field to \"Global\".\nThe supported values are \"Restricted\" and \"Global\".", + "type": "string" + }, + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default\nconfiguration is used. Check individual members fields within ipv4 for details of default values.", + "properties": { + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by\novn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these\naddresses, as well as the shared gateway bridge interface. The values can be changed after\ninstallation. The subnet chosen should not overlap with other networks specified for\nOVN-Kubernetes as well as other networks used on the host. Additionally the subnet must\nbe large enough to accommodate 6 IPs (maximum prefix length /29).\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.\nThe current default subnet is 169.254.0.0/17\nThe value must be in proper IPV4 CIDR format", + "maxLength": 18, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV4 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 4" + }, + { + "message": "subnet must be in the range /0 to /29 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 29" + }, + { + "message": "first IP address octet must not be 0", + "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" + } + ] + } + }, + "type": "object" + }, + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default\nconfiguration is used. Check individual members fields within ipv6 for details of default values.", + "properties": { + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by\novn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these\naddresses, as well as the shared gateway bridge interface. The values can be changed after\ninstallation. The subnet chosen should not overlap with other networks specified for\nOVN-Kubernetes as well as other networks used on the host. Additionally the subnet must\nbe large enough to accommodate 6 IPs (maximum prefix length /125).\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time.\nThe current default subnet is fd69::/112\nNote that IPV6 dual addresses are not permitted", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV6 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 6" + }, + { + "message": "subnet must be in the range /0 to /125 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" + } + ] + } + }, + "type": "object" + }, + "routingViaHost": { + "default": false, + "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port\ninto the host before sending it out. If this is not set, traffic will always egress directly\nfrom OVN to outside without touching the host stack. Setting this to true means hardware\noffload will not be supported. Default is false if GatewayConfig is specified.", + "type": "boolean" + } + }, + "type": "object" + }, + "genevePort": { + "description": "geneve port is the UDP port to be used by geneve encapulation.\nDefault is 6081", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "hybridOverlayConfig": { + "description": "hybridOverlayConfig configures an additional overlay network for peers that are\nnot using OVN.", + "properties": { + "hybridClusterNetwork": { + "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", + "items": { + "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size\nHostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If\nthe HostPrefix field is not used by the plugin, it can be left unset.\nNot all network providers support multiple ClusterNetworks", + "properties": { + "cidr": { + "type": "string" + }, + "hostPrefix": { + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "hybridOverlayVXLANPort": { + "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network.\nDefault is 4789", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "ipsecConfig": { + "default": { + "mode": "Disabled" + }, + "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the\ncluster.", + "properties": { + "full": { + "description": "full defines configuration parameters for the IPsec `Full` mode.\nThis is permitted only when mode is configured with `Full`,\nand forbidden otherwise.", + "minProperties": 1, + "properties": { + "encapsulation": { + "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes\nare encapsulated to handle NAT traversal. When configured it uses UDP port 4500\nfor the encapsulation.\nValid values are Always, Auto and omitted.\nAlways means enable UDP encapsulation regardless of whether NAT is detected.\nAuto means enable UDP encapsulation based on the detection of NAT.\nWhen omitted, this means no opinion and the platform is left to choose a reasonable\ndefault, which is subject to change over time. The current default is Auto.", + "enum": [ + "Always", + "Auto" + ], + "type": "string" } }, - "required": [ - "domain" - ], "type": "object" + }, + "mode": { + "description": "mode defines the behaviour of the ipsec configuration within the platform.\nValid values are `Disabled`, `External` and `Full`.\nWhen 'Disabled', ipsec will not be enabled at the node level.\nWhen 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters.\nThis mode is for external secure communications and the configuration can be done using the k8s-nmstate operator.\nWhen 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured.\nNote with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays),\nthis is left to the user to configure.", + "enum": [ + "Disabled", + "External", + "Full" + ], + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "ipsecConfig.mode is required", + "rule": "self == oldSelf || has(self.mode)" + }, + { + "message": "full is forbidden when mode is not Full", + "rule": "has(self.mode) && self.mode == 'Full' ? true : !has(self.full)" + } + ] + }, + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted,\nthis means no opinions and the default configuration is used. Check individual\nfields within ipv4 for details of default values.", + "properties": { + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes.\nThe current default value is 100.64.0.0/16\nThe subnet must be large enough to accommodate one IP per node in your cluster\nThe value must be in proper IPV4 CIDR format", + "maxLength": 18, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV4 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 4" + }, + { + "message": "subnet must be in the range /0 to /30 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 30" + }, + { + "message": "first IP address octet must not be 0", + "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" + } + ] + }, + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally\nby OVN-Kubernetes for the distributed transit switch in the OVN Interconnect\narchitecture that connects the cluster routers on each node together to enable\neast west traffic. The subnet chosen should not overlap with other networks\nspecified for OVN-Kubernetes as well as other networks used on the host.\nWhen ommitted, this means no opinion and the platform is left to choose a reasonable\ndefault which is subject to change over time.\nThe current default subnet is 100.88.0.0/16\nThe subnet must be large enough to accommodate one IP per node in your cluster\nThe value must be in proper IPV4 CIDR format", + "maxLength": 18, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV4 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 4" + }, + { + "message": "subnet must be in the range /0 to /30 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 30" + }, + { + "message": "first IP address octet must not be 0", + "rule": "isCIDR(self) && int(self.split('.')[0]) > 0" + } + ] + } + }, + "type": "object" + }, + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted,\nthis means no opinions and the default configuration is used. Check individual\nfields within ipv4 for details of default values.", + "properties": { + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes.\nThe subnet must be large enough to accommodate one IP per node in your cluster\nThe current default value is fd98::/64\nThe value must be in proper IPV6 CIDR format\nNote that IPV6 dual addresses are not permitted", + "maxLength": 48, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV6 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 6" + }, + { + "message": "subnet must be in the range /0 to /125 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" + } + ] + }, + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally\nby OVN-Kubernetes for the distributed transit switch in the OVN Interconnect\narchitecture that connects the cluster routers on each node together to enable\neast west traffic. The subnet chosen should not overlap with other networks\nspecified for OVN-Kubernetes as well as other networks used on the host.\nWhen ommitted, this means no opinion and the platform is left to choose a reasonable\ndefault which is subject to change over time.\nThe subnet must be large enough to accommodate one IP per node in your cluster\nThe current default subnet is fd97::/64\nThe value must be in proper IPV6 CIDR format\nNote that IPV6 dual addresses are not permitted", + "maxLength": 48, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Subnet must be in valid IPV6 CIDR format", + "rule": "isCIDR(self) && cidr(self).ip().family() == 6" + }, + { + "message": "subnet must be in the range /0 to /125 inclusive", + "rule": "isCIDR(self) && cidr(self).prefixLength() <= 125" + } + ] + } + }, + "type": "object" + }, + "mtu": { + "description": "mtu is the MTU to use for the tunnel interface. This must be 100\nbytes smaller than the uplink mtu.\nDefault is 1400", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "policyAuditConfig": { + "description": "policyAuditConfig is the configuration for network policy audit events. If unset,\nreported defaults are used.", + "properties": { + "destination": { + "default": "null", + "description": "destination is the location for policy log messages.\nRegardless of this config, persistent logs will always be dumped to the host\nat /var/log/ovn/ however\nAdditionally syslog output may be configured as follows.\nValid values are:\n- \"libc\" -> to use the libc syslog() function of the host node's journdald process\n- \"udp:host:port\" -> for sending syslog over UDP\n- \"unix:file\" -> for using the UNIX domain socket directly\n- \"null\" -> to discard all messages logged to syslog\nThe default is \"null\"", + "type": "string" + }, + "maxFileSize": { + "default": 50, + "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs\nUnits are in MB and the Default is 50MB", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "maxLogFiles": { + "default": 5, + "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "rateLimit": { + "default": 20, + "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If\nunset the default of 20 msg/sec is used.", + "format": "int32", + "minimum": 1, + "type": "integer" + }, + "syslogFacility": { + "default": "local0", + "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", + "type": "string" + } + }, + "type": "object" + }, + "routeAdvertisements": { + "description": "routeAdvertisements determines if the functionality to advertise cluster\nnetwork routes through a dynamic routing protocol, such as BGP, is\nenabled or not. This functionality is configured through the\novn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing\ncapability provider to be enabled as an additional routing capability.\nAllowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this\nmeans the user has no opinion and the platform is left to choose\nreasonable defaults. These defaults are subject to change over time. The\ncurrent default is \"Disabled\".", + "enum": [ + "", + "Enabled", + "Disabled" + ], + "type": "string" + }, + "v4InternalSubnet": { + "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes.\nDefault is 100.64.0.0/16", + "type": "string" + }, + "v6InternalSubnet": { + "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the\ndefault one is being already used by something else. It must not overlap with\nany other subnet being used by OpenShift or by the node network. The size of the\nsubnet must be larger than the number of nodes.\nDefault is fd98::/64", + "type": "string" + } + }, + "type": "object" + }, + "type": { + "description": "type is the type of network\nAll NetworkTypes are supported except for NetworkTypeRaw", + "type": "string" + } + }, + "type": "object" + }, + "deployKubeProxy": { + "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should\nbe deployed by the operator. Some network providers include kube-proxy\nor similar functionality. If unset, the plugin will attempt to select\nthe correct value, which is false when ovn-kubernetes is used and true\notherwise.", + "type": "boolean" + }, + "disableMultiNetwork": { + "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability.\ndisableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD,\nthat enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins,\nbut these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", + "type": "boolean" + }, + "disableNetworkDiagnostics": { + "default": false, + "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck\nCRs from a test pod to every node, apiserver and LB should be disabled or not.\nIf unset, this property defaults to 'false' and network diagnostics is enabled.\nSetting this to 'true' would reduce the additional load of the pods performing the checks.", + "type": "boolean" + }, + "exportNetworkFlows": { + "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network\nby using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin.\nIf unset, flows will not be exported to any collector.", + "properties": { + "ipfix": { + "description": "ipfix defines IPFIX configuration.", + "properties": { + "collectors": { + "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", + "items": { + "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "netFlow": { + "description": "netFlow defines the NetFlow configuration.", + "properties": { + "collectors": { + "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS.\nIt is a list of strings formatted as ip:port with a maximum of ten items", + "items": { + "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "sFlow": { + "description": "sFlow defines the SFlow configuration.", + "properties": { + "collectors": { + "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", + "items": { + "pattern": "^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", + "type": "string" + }, + "maxItems": 10, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "kubeProxyConfig": { + "description": "kubeProxyConfig lets us configure desired proxy configuration, if\ndeployKubeProxy is true. If not specified, sensible defaults will be chosen by\nOpenShift directly.", + "properties": { + "bindAddress": { + "description": "The address to \"bind\" on\nDefaults to 0.0.0.0", + "type": "string" + }, + "iptablesSyncPeriod": { + "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted\nin large clusters for performance reasons, but this is no longer necessary, and there is no reason\nto change this from the default value.\nDefault: 30s", + "type": "string" + }, + "proxyArguments": { + "additionalProperties": { + "description": "ProxyArgumentList is a list of arguments to pass to the kubeproxy process", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "description": "Any additional arguments to pass to the kubeproxy process", + "type": "object" + } + }, + "type": "object" + }, + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "migration": { + "description": "migration enables and configures cluster network migration, for network changes\nthat cannot be made instantly.", + "properties": { + "features": { + "description": "features was previously used to configure which network plugin features\nwould be migrated in a network type migration.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", + "properties": { + "egressFirewall": { + "default": true, + "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "egressIP": { + "default": true, + "description": "egressIP specified whether or not the Egress IP configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "multicast": { + "default": true, + "description": "multicast specified whether or not the multicast configuration was migrated.\nDEPRECATED: network type migration is no longer supported.", + "type": "boolean" + } + }, + "type": "object" + }, + "mode": { + "description": "mode indicates the mode of network type migration.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", + "enum": [ + "Live", + "Offline", + "" + ], + "type": "string" + }, + "mtu": { + "description": "mtu contains the MTU migration configuration. Set this to allow changing\nthe MTU values for the default network. If unset, the operation of\nchanging the MTU for the default network will be rejected.", + "properties": { + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink.\nNeeds to be migrated along with the default network MTU unless the\ncurrent uplink MTU already accommodates the default network MTU.", + "properties": { + "from": { + "description": "from is the MTU to migrate from.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "to": { + "description": "to is the MTU to migrate to.", + "format": "int32", + "minimum": 0, + "type": "integer" } }, "type": "object" }, - "updateVolumesStrategy": { - "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", - "type": "string" + "network": { + "description": "network contains information about MTU migration for the default network.\nMigrations are only allowed to MTU values lower than the machine's uplink\nMTU by the minimum appropriate offset.", + "properties": { + "from": { + "description": "from is the MTU to migrate from.", + "format": "int32", + "minimum": 0, + "type": "integer" + }, + "to": { + "description": "to is the MTU to migrate to.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" } }, - "required": [ - "template" - ], "type": "object" + }, + "networkType": { + "description": "networkType was previously used when changing the default network type.\nDEPRECATED: network type migration is no longer supported, and setting\nthis to a non-empty value will result in the network operator rejecting\nthe configuration.", + "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration", + "rule": "!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'" + } + ] + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "serviceNetwork": { + "description": "serviceNetwork is the ip address pool to use for Service IPs\nCurrently, all existing network providers only support a single value\nhere, but this is an array to allow for growth.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "useMultiNetworkPolicy": { + "description": "useMultiNetworkPolicy enables a controller which allows for\nMultiNetworkPolicy objects to be used on additional networks as\ncreated by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy\nobjects, but NetworkPolicy objects only apply to the primary interface.\nWith MultiNetworkPolicy, you can control the traffic that a pod can receive\nover the secondary interfaces. If unset, this property defaults to 'false'\nand MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is\n'true' then the value of this field is ignored.", + "type": "boolean" } }, - "required": [ - "selector", - "virtualMachineTemplate" - ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available", + "rule": "(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'" + }, + { + "message": "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'", + "rule": "!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'" + } + ] }, "status": { + "description": "NetworkStatus is detailed operator status, which is distilled\nup to the Network clusteroperator object.", "properties": { "conditions": { + "description": "conditions is a list of conditions and their status", "items": { + "description": "OperatorCondition is just the standard condition fields.", "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", - "nullable": true, "type": "string" }, "message": { @@ -287541,51 +232481,123 @@ "type": "string" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ + "lastTransitionTime", "status", "type" ], "type": "object" }, "type": "array", - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "labelSelector": { - "description": "Canonical form of the label selector for HPA which consumes it through the scale subresource.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "readyReplicas": { + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", "type": "integer" }, - "replicas": { + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "format": "int32", "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } }, "type": "object" } }, - "required": [ - "spec" - ], + "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "pool.kubevirt.io", - "kind": "VirtualMachinePool", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "Network", + "version": "v1" } ] }, - "pool.kubevirt.io/v1alpha1/VirtualMachinePoolList": { - "description": "VirtualMachinePoolList is a list of VirtualMachinePool", + "operator.openshift.io/v1/NetworkList": { + "description": "NetworkList is a list of Network", "namespaced": true, "properties": { "apiVersion": { @@ -287593,9 +232605,9 @@ "type": "string" }, "items": { - "description": "List of virtualmachinepools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of networks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.pool.v1alpha1.VirtualMachinePool" + "$ref": "#/components/schemas/io.openshift.operator.v1.Network" }, "type": "array" }, @@ -287618,15 +232630,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "pool.kubevirt.io", - "kind": "VirtualMachinePoolList", - "version": "v1alpha1" + "group": "operator.openshift.io", + "kind": "NetworkList", + "version": "v1" } ] }, - "postgresql.cnpg.noobaa.io/v1/Backup": { - "description": "Backup is the Schema for the backups API", - "namespaced": true, + "operator.openshift.io/v1/OLM": { + "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -287645,432 +232657,657 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the backup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec holds user settable values for configuration", "properties": { - "cluster": { - "description": "The cluster to backup", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "method": { - "default": "barmanObjectStore", - "description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.", + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", "enum": [ - "barmanObjectStore", - "volumeSnapshot", - "plugin" + "", + "Normal", + "Debug", + "Trace", + "TraceAll" ], "type": "string" }, - "online": { - "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'", - "type": "boolean" - }, - "onlineConfiguration": { - "description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza", - "properties": { - "immediateCheckpoint": { - "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", - "type": "boolean" - }, - "waitForArchive": { - "default": true, - "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", - "type": "boolean" - } - }, - "type": "object" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" }, - "pluginConfiguration": { - "description": "Configuration parameters passed to the plugin managing this backup", - "properties": { - "name": { - "description": "Name is the name of the plugin managing this backup", - "type": "string" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup", - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "target": { - "description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.", + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", "enum": [ - "primary", - "prefer-standby" + "", + "Normal", + "Debug", + "Trace", + "TraceAll" ], "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "cluster" - ], "type": "object" }, "status": { - "description": "Most recently observed status of the backup. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status holds observed values from the cluster. They may not be overridden.", "properties": { - "azureCredentials": { - "description": "The credentials to use to upload data to Azure Blob Storage", - "properties": { - "connectionString": { - "description": "The connection string to be used", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromAzureAD": { - "description": "Use the Azure AD based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "storageAccount": { - "description": "The storage account where to upload data", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "message": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageKey": { - "description": "The storage account key to be used in conjunction\nwith the storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "reason": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageSasToken": { - "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - } + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - "type": "object" - }, - "backupId": { - "description": "The ID of the Barman backup", - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "backupLabelFile": { - "description": "Backup label file content as returned by Postgres in case of online (hot) backups", - "format": "byte", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "backupName": { - "description": "The Name of the Barman backup", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] }, - "beginLSN": { - "description": "The starting xlog", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" }, - "beginWal": { - "description": "The starting WAL", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" }, - "commandError": { - "description": "The backup command output in case of error", + "version": { + "description": "version is the level this availability applies to", "type": "string" - }, - "commandOutput": { - "description": "Unused. Retained for compatibility with old versions.", + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "OLM", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/OLMList": { + "description": "OLMList is a list of OLM", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of olms. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.OLM" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "OLMList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/OpenShiftAPIServer": { + "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the OpenShift API Server.", + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], "type": "string" }, - "destinationPath": { - "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data. This may not be populated in case of errors.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", "type": "string" }, - "encryption": { - "description": "Encryption method required to S3 API", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "endLSN": { - "description": "The ending xlog", + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], "type": "string" }, - "endWal": { - "description": "The ending WAL", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status defines the observed status of the OpenShift API Server.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "endpointCA": { - "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive.", - "properties": { - "key": { - "description": "The key to select", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" }, - "required": [ - "key", + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], - "type": "object" + "x-kubernetes-list-type": "map" }, - "endpointURL": { - "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "OpenShiftAPIServer", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/OpenShiftAPIServerList": { + "description": "OpenShiftAPIServerList is a list of OpenShiftAPIServer", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of openshiftapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.OpenShiftAPIServer" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "OpenShiftAPIServerList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/OpenShiftControllerManager": { + "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], "type": "string" }, - "error": { - "description": "The detected error", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", "type": "string" }, - "googleCredentials": { - "description": "The credentials to use to upload data to Google Cloud Storage", - "properties": { - "applicationCredentials": { - "description": "The secret containing the Google Cloud Storage JSON file with the credentials", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "gkeEnvironment": { - "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", - "type": "boolean" - } - }, - "type": "object" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "instanceID": { - "description": "Information to identify the instance where the backup has been taken from", - "properties": { - "ContainerID": { - "description": "The container ID", - "type": "string" + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } }, - "podName": { - "description": "The pod name", - "type": "string" - } - }, - "type": "object" - }, - "method": { - "description": "The backup method being used", - "type": "string" - }, - "online": { - "description": "Whether the backup was online/hot (`true`) or offline/cold (`false`)", - "type": "boolean" - }, - "phase": { - "description": "The last backup status", - "type": "string" - }, - "pluginMetadata": { - "additionalProperties": { - "type": "string" + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" }, - "description": "A map containing the plugin metadata", - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "s3Credentials": { - "description": "The credentials to use to upload data to S3", - "properties": { - "accessKeyId": { - "description": "The reference to the access key id", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromIAMRole": { - "description": "Use the role based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "region": { - "description": "The reference to the secret containing the region name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "secretAccessKey": { - "description": "The reference to the secret access key", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "sessionToken": { - "description": "The references to the session key", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - } + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" }, - "type": "object" - }, - "serverName": { - "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "snapshotBackupStatus": { - "description": "Status of the volumeSnapshot backup", - "properties": { - "elements": { - "description": "The elements list, populated with the gathered volume snapshots", - "items": { - "description": "BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup", - "properties": { - "name": { - "description": "Name is the snapshot resource name", - "type": "string" - }, - "tablespaceName": { - "description": "TablespaceName is the name of the snapshotted tablespace. Only set\nwhen type is PG_TABLESPACE", - "type": "string" - }, - "type": { - "description": "Type is tho role of the snapshot in the cluster, such as PG_DATA, PG_WAL and PG_TABLESPACE", - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" } - }, - "type": "object" + ] }, - "startedAt": { - "description": "When the backup was started", - "format": "date-time", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" }, - "stoppedAt": { - "description": "When the backup was terminated", - "format": "date-time", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" }, - "tablespaceMapFile": { - "description": "Tablespace map file content as returned by Postgres in case of online (hot) backups", - "format": "byte", + "version": { + "description": "version is the level this availability applies to", "type": "string" } }, @@ -288078,20 +233315,19 @@ } }, "required": [ - "metadata", "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Backup", + "group": "operator.openshift.io", + "kind": "OpenShiftControllerManager", "version": "v1" } ] }, - "postgresql.cnpg.noobaa.io/v1/BackupList": { - "description": "BackupList is a list of Backup", + "operator.openshift.io/v1/OpenShiftControllerManagerList": { + "description": "OpenShiftControllerManagerList is a list of OpenShiftControllerManager", "namespaced": true, "properties": { "apiVersion": { @@ -288099,9 +233335,9 @@ "type": "string" }, "items": { - "description": "List of backups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of openshiftcontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Backup" + "$ref": "#/components/schemas/io.openshift.operator.v1.OpenShiftControllerManager" }, "type": "array" }, @@ -288124,15 +233360,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "postgresql.cnpg.noobaa.io", - "kind": "BackupList", + "group": "operator.openshift.io", + "kind": "OpenShiftControllerManagerList", "version": "v1" } ] }, - "postgresql.cnpg.noobaa.io/v1/Cluster": { - "description": "Cluster is the Schema for the PostgreSQL API", - "namespaced": true, + "operator.openshift.io/v1/ServiceCA": { + "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -288151,5619 +233387,10780 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired behavior of the cluster.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec holds user settable values for configuration", "properties": { - "affinity": { - "description": "Affinity/Anti-affinity rules for Pods", - "properties": { - "additionalPodAffinity": { - "description": "AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "additionalPodAntiAffinity": { - "description": "AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated\nby the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "enablePodAntiAffinity": { - "description": "Activates anti-affinity for the pods. The operator will define pods\nanti-affinity unless this field is explicitly set to false", - "type": "boolean" - }, - "nodeAffinity": { - "description": "NodeAffinity describes node affinity scheduling rules for the pod.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" }, - "type": "object" + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } }, - "nodeSelector": { - "additionalProperties": { + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", "type": "string" }, - "description": "NodeSelector is map of key-value pairs used to define the nodes on which\nthe pods can run.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } }, - "podAntiAffinityType": { - "description": "PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be\nconsidered a strong requirement during scheduling or not. Allowed values are: \"preferred\" (default if empty) or\n\"required\". Setting it to \"required\", could lead to instances remaining pending until new kubernetes nodes are\nadded if all the existing nodes don't match the required pod anti-affinity rule.\nMore info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity", - "type": "string" + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "ServiceCA", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/ServiceCAList": { + "description": "ServiceCAList is a list of ServiceCA", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of servicecas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.ServiceCA" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "ServiceCAList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/Storage": { + "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "properties": { + "logLevel": { + "default": "Normal", + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because\nit is an input to the level for the operator", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operatorLogLevel": { + "default": "Normal", + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a\nsimple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\".\nDefaults to \"Normal\".", + "enum": [ + "", + "Normal", + "Debug", + "Trace", + "TraceAll" + ], + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator.\nRed Hat does not support the use of this field.\nMisuse of this field could lead to unexpected behavior or conflict with other configuration options.\nSeek guidance from the Red Hat support before using this field.\nUse of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "vsphereStorageDriver": { + "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters.\nOnce this field is set to CSIWithMigrationDriver, it can not be changed.\nIf this is empty, the platform will choose a good default,\nwhich may change over time without notice.\nThe current default is CSIWithMigrationDriver and may not be changed.\nDEPRECATED: This field will be removed in a future release.", + "enum": [ + "", + "LegacyDeprecatedInTreeDriver", + "CSIWithMigrationDriver" + ], + "type": "string", + "x-kubernetes-validations": [ + { + "message": "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver", + "rule": "self != \"LegacyDeprecatedInTreeDriver\"" + } + ] + } + }, + "type": "object" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "items": { + "description": "OperatorCondition is just the standard condition fields.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } }, - "tolerations": { - "description": "Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run\non tainted nodes.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string" + }, + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string" + } + }, + "required": [ + "group", + "name", + "namespace", + "resource" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "format": "int32", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "must only increase", + "rule": "self >= oldSelf" + } + ] + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "format": "int32", + "type": "integer" + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "Storage", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1/StorageList": { + "description": "StorageList is a list of Storage", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of storages. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1.Storage" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "StorageList", + "version": "v1" + } + ] + }, + "operator.openshift.io/v1alpha1/ImageContentSourcePolicy": { + "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules.\nWhen multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "properties": { + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be\npulled from alternative mirrored repository locations. The image pull specification\nprovided to the pod will be compared to the source locations described in RepositoryDigestMirrors\nand the image may be pulled down from any of the mirrors in the list instead of the\nspecified repository allowing administrators to choose a potentially faster mirror.\nOnly image pull specifications that have an image digest will have this behavior applied\nto them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach \u201csource\u201d repository is treated independently; configurations for different \u201csource\u201d\nrepositories don\u2019t interact.\n\nWhen multiple policies are defined for the same \u201csource\u201d repository, the sets of defined\nmirrors will be merged together, preserving the relative order of the mirrors, if possible.\nFor example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the\nmirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict\n(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "items": { + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config.\nNote: the mirrors only work when pulling the images that are referenced by their digests.", + "properties": { + "mirrors": { + "description": "mirrors is one or more repositories that may also contain the same images.\nThe order of mirrors in this list is treated as the user's desired priority, while source\nis by default considered lower priority than all mirrors. Other cluster configuration,\nincluding (but not limited to) other repositoryDigestMirrors objects,\nmay impact the exact order mirrors are contacted in, or some mirrors may be contacted\nin parallel, so this should be considered a preference rather than a guarantee of ordering.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "type": "array" + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "type": "string" + } }, - "topologyKey": { - "description": "TopologyKey to use for anti-affinity configuration. See k8s documentation\nfor more info on that", + "required": [ + "source" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "ImageContentSourcePolicy", + "version": "v1alpha1" + } + ] + }, + "operator.openshift.io/v1alpha1/ImageContentSourcePolicyList": { + "description": "ImageContentSourcePolicyList is a list of ImageContentSourcePolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of imagecontentsourcepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.operator.v1alpha1.ImageContentSourcePolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operator.openshift.io", + "kind": "ImageContentSourcePolicyList", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1/OLMConfig": { + "description": "OLMConfig is a resource responsible for configuring OLM.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OLMConfigSpec is the spec for an OLMConfig resource.", + "properties": { + "features": { + "description": "Features contains the list of configurable OLM features.", + "properties": { + "disableCopiedCSVs": { + "description": "DisableCopiedCSVs is used to disable OLM's \"Copied CSV\" feature\nfor operators installed at the cluster scope, where a cluster\nscoped operator is one that has been installed in an\nOperatorGroup that targets all namespaces.\nWhen reenabled, OLM will recreate the \"Copied CSVs\" for each\ncluster scoped operator.", + "type": "boolean" + }, + "packageServerSyncInterval": { + "description": "PackageServerSyncInterval is used to define the sync interval for\npackagerserver pods. Packageserver pods periodically check the\nstatus of CatalogSources; this specifies the period using duration\nformat (e.g. \"60m\"). For this parameter, only hours (\"h\"), minutes\n(\"m\"), and seconds (\"s\") may be specified. When not specified, the\nperiod defaults to the value specified within the packageserver.", + "pattern": "^([0-9]+(\\.[0-9]+)?(s|m|h))+$", "type": "string" } }, "type": "object" - }, - "backup": { - "description": "The configuration to be used for backups", + } + }, + "type": "object" + }, + "status": { + "description": "OLMConfigStatus is the status for an OLMConfig resource.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OLMConfig", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OLMConfigList": { + "description": "OLMConfigList is a list of OLMConfig", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of olmconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1.OLMConfig" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OLMConfigList", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/Operator": { + "description": "Operator represents a cluster operator.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OperatorSpec defines the desired state of Operator", + "type": "object" + }, + "status": { + "description": "OperatorStatus defines the observed state of an Operator and its components", + "properties": { + "components": { + "description": "Components describes resources that compose the operator.", "properties": { - "barmanObjectStore": { - "description": "The configuration for the barman-cloud tool suite", + "labelSelector": { + "description": "LabelSelector is a label query over a set of resources used to select the operator's components", "properties": { - "azureCredentials": { - "description": "The credentials to use to upload data to Azure Blob Storage", - "properties": { - "connectionString": { - "description": "The connection string to be used", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromAzureAD": { - "description": "Use the Azure AD based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "storageAccount": { - "description": "The storage account where to upload data", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageKey": { - "description": "The storage account key to be used in conjunction\nwith the storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageSasToken": { - "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "data": { - "description": "The configuration to be used to backup the data files\nWhen not defined, base backups files will be stored uncompressed and may\nbe unencrypted in the object store, according to the bucket default\npolicy.", - "properties": { - "additionalCommandArgs": { - "description": "AdditionalCommandArgs represents additional arguments that can be appended\nto the 'barman-cloud-backup' command-line invocation. These arguments\nprovide flexibility to customize the backup process further according to\nspecific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-backup' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array" - }, - "compression": { - "description": "Compress a backup file (a tar file per tablespace) while streaming it\nto the object store. Available options are empty string (no\ncompression, default), `gzip`, `bzip2` or `snappy`.", - "enum": [ - "gzip", - "bzip2", - "snappy" - ], - "type": "string" - }, - "encryption": { - "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", - "enum": [ - "AES256", - "aws:kms" - ], - "type": "string" - }, - "immediateCheckpoint": { - "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", - "type": "boolean" - }, - "jobs": { - "description": "The number of parallel jobs to be used to upload the backup, defaults\nto 2", - "format": "int32", - "minimum": 1, - "type": "integer" - } - }, - "type": "object" - }, - "destinationPath": { - "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data", - "minLength": 1, - "type": "string" - }, - "endpointCA": { - "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "endpointURL": { - "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", - "type": "string" - }, - "googleCredentials": { - "description": "The credentials to use to upload data to Google Cloud Storage", - "properties": { - "applicationCredentials": { - "description": "The secret containing the Google Cloud Storage JSON file with the credentials", - "properties": { - "key": { - "description": "The key to select", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "gkeEnvironment": { - "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", - "type": "boolean" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "historyTags": { + "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "HistoryTags is a list of key value pairs that will be passed to the\nBarman --history-tags option.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "s3Credentials": { - "description": "The credentials to use to upload data to S3", - "properties": { - "accessKeyId": { - "description": "The reference to the access key id", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromIAMRole": { - "description": "Use the role based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "region": { - "description": "The reference to the secret containing the region name", + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "refs": { + "description": "Refs are a set of references to the operator's component resources, selected with LabelSelector.", + "items": { + "description": "RichReference is a reference to a resource, enriched with its status conditions.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "conditions": { + "description": "Conditions represents the latest state of the component.", + "items": { + "description": "Condition represent the latest available observations of an component's state.", "properties": { - "key": { - "description": "The key to select", + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "name": { - "description": "Name of the referent.", + "lastUpdateTime": { + "description": "Last time the condition was probed", + "format": "date-time", "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "secretAccessKey": { - "description": "The reference to the secret access key", - "properties": { - "key": { - "description": "The key to select", + }, + "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, - "name": { - "description": "Name of the referent.", + "reason": { + "description": "The reason for the condition's last transition.", "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "sessionToken": { - "description": "The references to the session key", - "properties": { - "key": { - "description": "The key to select", + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, - "name": { - "description": "Name of the referent.", + "type": { + "description": "Type of condition.", "type": "string" } }, "required": [ - "key", - "name" + "status", + "type" ], "type": "object" - } - }, - "type": "object" - }, - "serverName": { - "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "Tags is a list of key value pairs that will be passed to the\nBarman --tags option.", - "type": "object" - }, - "wal": { - "description": "The configuration for the backup of the WAL stream.\nWhen not defined, WAL files will be stored uncompressed and may be\nunencrypted in the object store, according to the bucket default policy.", - "properties": { - "archiveAdditionalCommandArgs": { - "description": "Additional arguments that can be appended to the 'barman-cloud-wal-archive'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL archive process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { - "type": "string" - }, - "type": "array" - }, - "compression": { - "description": "Compress a WAL file before sending it to the object store. Available\noptions are empty string (no compression, default), `gzip`, `bzip2` or `snappy`.", - "enum": [ - "gzip", - "bzip2", - "snappy" - ], - "type": "string" - }, - "encryption": { - "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", - "enum": [ - "AES256", - "aws:kms" - ], - "type": "string" - }, - "maxParallel": { - "description": "Number of WAL files to be either archived in parallel (when the\nPostgreSQL instance is archiving to a backup object store) or\nrestored in parallel (when a PostgreSQL standby is fetching WAL\nfiles from a recovery object store). If not specified, WAL files\nwill be processed one at a time. It accepts a positive integer as a\nvalue - with 1 being the minimum accepted value.", - "minimum": 1, - "type": "integer" }, - "restoreAdditionalCommandArgs": { - "description": "Additional arguments that can be appended to the 'barman-cloud-wal-restore'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL restore process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { - "type": "string" - }, - "type": "array" - } + "type": "array" }, - "type": "object" - } - }, - "required": [ - "destinationPath" - ], - "type": "object" - }, - "retentionPolicy": { - "description": "RetentionPolicy is the retention policy to be used for backups\nand WALs (i.e. '60d'). The retention policy is expressed in the form\nof `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -\ndays, weeks, months.\nIt's currently only applicable when using the BarmanObjectStore method.", - "pattern": "^[1-9][0-9]*[dwm]$", - "type": "string" - }, - "target": { - "default": "prefer-standby", - "description": "The policy to decide which instance should perform backups. Available\noptions are empty string, which will default to `prefer-standby` policy,\n`primary` to have backups run always on primary instances, `prefer-standby`\nto have backups run preferably on the most updated standby, if available.", - "enum": [ - "primary", - "prefer-standby" - ], - "type": "string" - }, - "volumeSnapshot": { - "description": "VolumeSnapshot provides the configuration for the execution of volume snapshot backups.", - "properties": { - "annotations": { - "additionalProperties": { + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", "type": "string" }, - "description": "Annotations key-value pairs that will be added to .metadata.annotations snapshot resources.", - "type": "object" - }, - "className": { - "description": "ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim.\nIt is the default class for the other types if no specific class is present", - "type": "string" - }, - "labels": { - "additionalProperties": { + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "description": "Labels are key-value pairs that will be added to .metadata.labels snapshot resources.", - "type": "object" - }, - "online": { - "default": true, - "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)", - "type": "boolean" - }, - "onlineConfiguration": { - "default": { - "immediateCheckpoint": false, - "waitForArchive": true + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "description": "Configuration parameters to control the online/hot backup with volume snapshots", - "properties": { - "immediateCheckpoint": { - "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", - "type": "boolean" - }, - "waitForArchive": { - "default": true, - "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", - "type": "boolean" - } + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" }, - "type": "object" - }, - "snapshotOwnerReference": { - "default": "none", - "description": "SnapshotOwnerReference indicates the type of owner reference the snapshot should have", - "enum": [ - "none", - "cluster", - "backup" - ], - "type": "string" - }, - "tablespaceClassName": { - "additionalProperties": { + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, - "description": "TablespaceClassName specifies the Snapshot Class to be used for the tablespaces.\ndefaults to the PGDATA Snapshot Class, if set", - "type": "object" + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } }, - "walClassName": { - "description": "WalClassName specifies the Snapshot Class to be used for the PG_WAL PersistentVolumeClaim.", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" + "type": "array" } }, + "required": [ + "labelSelector" + ], "type": "object" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "Operator", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OperatorCondition": { + "description": "OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator.", + "properties": { + "deployments": { + "items": { + "type": "string" + }, + "type": "array" }, - "bootstrap": { - "description": "Instructions to bootstrap this cluster", + "overrides": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "serviceAccounts": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual\nstate of a system.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorCondition", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OperatorConditionList": { + "description": "OperatorConditionList is a list of OperatorCondition", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operatorconditions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1.OperatorCondition" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorConditionList", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OperatorGroup": { + "description": "OperatorGroup is the unit of multitenancy for OLM managed operators.\nIt constrains the installation of operators in its namespace to a specified set of target namespaces.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "default": { + "upgradeStrategy": "Default" + }, + "description": "OperatorGroupSpec is the spec for an OperatorGroup resource.", + "properties": { + "selector": { + "description": "Selector selects the OperatorGroup's target namespaces.", "properties": { - "initdb": { - "description": "Bootstrap the cluster via initdb", - "properties": { - "builtinLocale": { - "description": "Specifies the locale name when the builtin provider is used.\nThis option requires `localeProvider` to be set to `builtin`.\nAvailable from PostgreSQL 17.", - "type": "string" - }, - "dataChecksums": { - "description": "Whether the `-k` option should be passed to initdb,\nenabling checksums on data pages (default: `false`)", - "type": "boolean" - }, - "database": { - "description": "Name of the database used by the application. Default: `app`.", - "type": "string" - }, - "encoding": { - "description": "The value to be passed as option `--encoding` for initdb (default:`UTF8`)", - "type": "string" - }, - "icuLocale": { - "description": "Specifies the ICU locale when the ICU provider is used.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 15.", - "type": "string" - }, - "icuRules": { - "description": "Specifies additional collation rules to customize the behavior of the default collation.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 16.", - "type": "string" - }, - "import": { - "description": "Bootstraps the new cluster by importing data from an existing PostgreSQL\ninstance using logical backup (`pg_dump` and `pg_restore`)", - "properties": { - "databases": { - "description": "The databases to import", - "items": { - "type": "string" - }, - "type": "array" - }, - "pgDumpExtraOptions": { - "description": "List of custom options to pass to the `pg_dump` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design.", - "items": { - "type": "string" - }, - "type": "array" - }, - "pgRestoreExtraOptions": { - "description": "List of custom options to pass to the `pg_restore` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design.", - "items": { - "type": "string" - }, - "type": "array" - }, - "postImportApplicationSQL": { - "description": "List of SQL queries to be executed as a superuser in the application\ndatabase right after is imported - to be used with extreme care\n(by default empty). Only available in microservice type.", - "items": { - "type": "string" - }, - "type": "array" - }, - "roles": { - "description": "The roles to import", - "items": { - "type": "string" - }, - "type": "array" - }, - "schemaOnly": { - "description": "When set to true, only the `pre-data` and `post-data` sections of\n`pg_restore` are invoked, avoiding data import. Default: `false`.", - "type": "boolean" - }, - "source": { - "description": "The source of the import", - "properties": { - "externalCluster": { - "description": "The name of the externalCluster used for import", - "type": "string" - } - }, - "required": [ - "externalCluster" - ], - "type": "object" - }, - "type": { - "description": "The import type. Can be `microservice` or `monolith`.", - "enum": [ - "microservice", - "monolith" - ], - "type": "string" - } - }, - "required": [ - "databases", - "source", - "type" - ], - "type": "object" - }, - "locale": { - "description": "Sets the default collation order and character classification in the new database.", - "type": "string" - }, - "localeCType": { - "description": "The value to be passed as option `--lc-ctype` for initdb (default:`C`)", - "type": "string" - }, - "localeCollate": { - "description": "The value to be passed as option `--lc-collate` for initdb (default:`C`)", - "type": "string" - }, - "localeProvider": { - "description": "This option sets the locale provider for databases created in the new cluster.\nAvailable from PostgreSQL 16.", - "type": "string" - }, - "options": { - "description": "The list of options that must be passed to initdb when creating the cluster.\nDeprecated: This could lead to inconsistent configurations,\nplease use the explicit provided parameters instead.\nIf defined, explicit values will be ignored.", - "items": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array" - }, - "owner": { - "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", - "type": "string" - }, - "postInitApplicationSQL": { - "description": "List of SQL queries to be executed as a superuser in the application\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "postInitApplicationSQLRefs": { - "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the application database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the admin specified service account which will be\nused to deploy operator(s) in this operator group.", + "type": "string" + }, + "staticProvidedAPIs": { + "description": "Static tells OLM not to update the OperatorGroup's providedAPIs annotation", + "type": "boolean" + }, + "targetNamespaces": { + "description": "TargetNamespaces is an explicit set of namespaces to target.\nIf it is set, Selector is ignored.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "upgradeStrategy": { + "default": "Default", + "description": "UpgradeStrategy defines the upgrade strategy for operators in the namespace.\nThere are currently two supported upgrade strategies:\n\nDefault: OLM will only allow clusterServiceVersions to move to the replacing\nphase from the succeeded phase. This effectively means that OLM will not\nallow operators to move to the next version if an installation or upgrade\nhas failed.\n\nTechPreviewUnsafeFailForward: OLM will allow clusterServiceVersions to move to the\nreplacing phase from the succeeded phase or from the failed phase.\nAdditionally, OLM will generate new installPlans when a subscription references\na failed installPlan and the catalog has been updated with a new upgrade for\nthe existing set of operators.\n\nWARNING: The TechPreviewUnsafeFailForward upgrade strategy is unsafe and may result\nin unexpected behavior or unrecoverable data loss unless you have deep\nunderstanding of the set of operators being managed in the namespace.", + "enum": [ + "Default", + "TechPreviewUnsafeFailForward" + ], + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "OperatorGroupStatus is the status for an OperatorGroupResource.", + "properties": { + "conditions": { + "description": "Conditions is an array of the OperatorGroup's conditions.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "lastUpdated": { + "description": "LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated.", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces is the set of target namespaces for the OperatorGroup.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "serviceAccountRef": { + "description": "ServiceAccountRef references the service account object specified.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "lastUpdated" + ], + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorGroup", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OperatorGroupList": { + "description": "OperatorGroupList is a list of OperatorGroup", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operatorgroups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1.OperatorGroup" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorGroupList", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1/OperatorList": { + "description": "OperatorList is a list of Operator", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1.Operator" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorList", + "version": "v1" + } + ] + }, + "operators.coreos.com/v1alpha1/CatalogSource": { + "description": "CatalogSource is a repository of CSVs, CRDs, and operator packages.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "properties": { + "address": { + "description": "Address is a host that OLM can use to connect to a pre-existing registry.\nFormat: :\nOnly used when SourceType = SourceTypeGrpc.\nIgnored when the Image field is set.", + "type": "string" + }, + "configMap": { + "description": "ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry.\nOnly used when SourceType = SourceTypeConfigmap or SourceTypeInternal.", + "type": "string" + }, + "description": { + "type": "string" + }, + "displayName": { + "description": "Metadata", + "type": "string" + }, + "grpcPodConfig": { + "description": "GrpcPodConfig exposes different overrides for the pod spec of the CatalogSource Pod.\nOnly used when SourceType = SourceTypeGrpc and Image is set.", + "properties": { + "affinity": { + "description": "Affinity is the catalog source's pod's affinity.", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "configMapRefs": { - "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { - "key": { - "description": "The key to select", - "type": "string" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the referent.", - "type": "string" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "key", - "name" + "preference", + "weight" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secretRefs": { - "description": "SecretRefs holds a list of references to Secrets", - "items": { - "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", - "properties": { - "key": { - "description": "The key to select", - "type": "string" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "array" + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "postInitSQL": { - "description": "List of SQL queries to be executed as a superuser in the `postgres`\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", - "items": { - "type": "string" - }, - "type": "array" - }, - "postInitSQLRefs": { - "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the `postgres` database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "configMapRefs": { - "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "key": { - "description": "The key to select", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "name": { - "description": "Name of the referent.", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "key", - "name" + "podAffinityTerm", + "weight" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secretRefs": { - "description": "SecretRefs holds a list of references to Secrets", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "key": { - "description": "The key to select", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the referent.", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "key", - "name" + "topologyKey" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "postInitTemplateSQL": { - "description": "List of SQL queries to be executed as a superuser in the `template1`\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", - "items": { - "type": "string" - }, - "type": "array" - }, - "postInitTemplateSQLRefs": { - "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the `template1` database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "configMapRefs": { - "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "key": { - "description": "The key to select", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "name": { - "description": "Name of the referent.", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "key", - "name" + "podAffinityTerm", + "weight" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secretRefs": { - "description": "SecretRefs holds a list of references to Secrets", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "key": { - "description": "The key to select", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the referent.", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "key", - "name" + "topologyKey" ], "type": "object" }, - "type": "array" - } - }, - "type": "object" - }, - "secret": { - "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "name" - ], "type": "object" - }, - "walSegmentSize": { - "description": "The value in megabytes (1 to 1024) to be passed to the `--wal-segsize`\noption for initdb (default: empty, resulting in PostgreSQL default: 16MB)", - "maximum": 1024, - "minimum": 1, - "type": "integer" } }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "builtinLocale is only available when localeProvider is set to `builtin`", - "rule": "!has(self.builtinLocale) || self.localeProvider == 'builtin'" - }, - { - "message": "icuLocale is only available when localeProvider is set to `icu`", - "rule": "!has(self.icuLocale) || self.localeProvider == 'icu'" - }, - { - "message": "icuRules is only available when localeProvider is set to `icu`", - "rule": "!has(self.icuRules) || self.localeProvider == 'icu'" - } - ] + "type": "object" }, - "pg_basebackup": { - "description": "Bootstrap the cluster taking a physical backup of another compatible\nPostgreSQL instance", + "extractContent": { + "description": "ExtractContent configures the gRPC catalog Pod to extract catalog metadata from the provided index image and\nuse a well-known version of the `opm` server to expose it. The catalog index image that this CatalogSource is\nconfigured to use *must* be using the file-based catalogs in order to utilize this feature.", "properties": { - "database": { - "description": "Name of the database used by the application. Default: `app`.", - "type": "string" - }, - "owner": { - "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", + "cacheDir": { + "description": "CacheDir is the (optional) directory storing the pre-calculated API cache.", "type": "string" }, - "secret": { - "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "source": { - "description": "The name of the server of which we need to take a physical backup", - "minLength": 1, + "catalogDir": { + "description": "CatalogDir is the directory storing the file-based catalog contents.", "type": "string" } }, "required": [ - "source" + "catalogDir" ], "type": "object" }, - "recovery": { - "description": "Bootstrap the cluster from a backup", - "properties": { - "backup": { - "description": "The backup object containing the physical base backup from which to\ninitiate the recovery procedure.\nMutually exclusive with `source` and `volumeSnapshots`.", - "properties": { - "endpointCA": { - "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive.", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "database": { - "description": "Name of the database used by the application. Default: `app`.", - "type": "string" + "memoryTarget": { + "anyOf": [ + { + "type": "integer" }, - "owner": { - "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", + { "type": "string" - }, - "recoveryTarget": { - "description": "By default, the recovery process applies all the available\nWAL files in the archive (full recovery). However, you can also\nend the recovery as soon as a consistent state is reached or\nrecover to a point-in-time (PITR) by specifying a `RecoveryTarget` object,\nas expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...).\nMore info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET", - "properties": { - "backupID": { - "description": "The ID of the backup from which to start the recovery process.\nIf empty (default) the operator will automatically detect the backup\nbased on targetTime or targetLSN if specified. Otherwise use the\nlatest available backup in chronological order.", - "type": "string" - }, - "exclusive": { - "description": "Set the target to be exclusive. If omitted, defaults to false, so that\nin Postgres, `recovery_target_inclusive` will be true", - "type": "boolean" - }, - "targetImmediate": { - "description": "End recovery as soon as a consistent state is reached", - "type": "boolean" - }, - "targetLSN": { - "description": "The target LSN (Log Sequence Number)", - "type": "string" - }, - "targetName": { - "description": "The target name (to be previously created\nwith `pg_create_restore_point`)", - "type": "string" - }, - "targetTLI": { - "description": "The target timeline (\"latest\" or a positive integer)", - "type": "string" - }, - "targetTime": { - "description": "The target time as a timestamp in the RFC3339 standard", - "type": "string" - }, - "targetXID": { - "description": "The target transaction ID", - "type": "string" - } + } + ], + "description": "MemoryTarget configures the $GOMEMLIMIT value for the gRPC catalog Pod. This is a soft memory limit for the server,\nwhich the runtime will attempt to meet but makes no guarantees that it will do so. If this value is set, the Pod\nwill have the following modifications made to the container running the server:\n- the $GOMEMLIMIT environment variable will be set to this value in bytes\n- the memory request will be set to this value\n\nThis field should be set if it's desired to reduce the footprint of a catalog server as much as possible, or if\na catalog being served is very large and needs more than the default allocation. If your index image has a file-\nsystem cache, determine a good approximation for this value by doubling the size of the package cache at\n/tmp/cache/cache/packages.json in the index image.\n\nThis field is best-effort; if unset, no default will be used and no Pod memory limit or $GOMEMLIMIT value will be set.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.", + "type": "object" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", + "type": "string" + }, + "securityContextConfig": { + "description": "SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the\nright pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod\nSecurity Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be\nrun in PSA `baseline` or `privileged` namespaces. If the SecurityContextConfig is unspecified, the mode will be\ndetermined by the namespace's PSA configuration. If the namespace is enforcing `restricted` mode, then the pod\nwill be configured as if `restricted` was specified. Otherwise, it will be configured as if `legacy` was\nspecified. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older\ncatalog images, which can not run in `restricted` mode, the SecurityContextConfig should be set to `legacy`.\n\nMore information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/", + "enum": [ + "legacy", + "restricted" + ], + "type": "string" + }, + "tolerations": { + "description": "Tolerations are the catalog source's pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" }, - "type": "object" - }, - "secret": { - "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } }, - "source": { - "description": "The external cluster whose backup we will restore. This is also\nused as the name of the folder under which the backup is stored,\nso it must be set to the name of the source cluster\nMutually exclusive with `backup`.", + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "icon": { + "properties": { + "base64data": { + "type": "string" + }, + "mediatype": { + "type": "string" + } + }, + "required": [ + "base64data", + "mediatype" + ], + "type": "object" + }, + "image": { + "description": "Image is an operator-registry container image to instantiate a registry-server with.\nOnly used when SourceType = SourceTypeGrpc.\nIf present, the address field is ignored.", + "type": "string" + }, + "priority": { + "description": "Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver.\nUsage:\nHigher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution.\nThe range of the priority value can go from positive to negative in the range of int32.\nThe default value to a catalog source with unassigned priority would be 0.\nThe catalog source with the same priority values will be ranked lexicographically based on its name.", + "type": "integer" + }, + "publisher": { + "type": "string" + }, + "runAsRoot": { + "description": "RunAsRoot allows admins to indicate that they wish to run the CatalogSource pod in a privileged\npod as root. This should only be enabled when running older catalog images which could not be run as non-root.", + "type": "boolean" + }, + "secrets": { + "description": "Secrets represent set of secrets that can be used to access the contents of the catalog.\nIt is best to keep this list small, since each will need to be tried for every catalog entry.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceType": { + "description": "SourceType is the type of source", + "type": "string" + }, + "updateStrategy": { + "description": "UpdateStrategy defines how updated catalog source images can be discovered\nConsists of an interval that defines polling duration and an embedded strategy type", + "properties": { + "registryPoll": { + "properties": { + "interval": { + "description": "Interval is used to determine the time interval between checks of the latest catalog source version.\nThe catalog operator polls to see if a new version of the catalog source is available.\nIf available, the latest image is pulled and gRPC traffic is directed to the latest catalog source.", "type": "string" - }, - "volumeSnapshots": { - "description": "The static PVC data source(s) from which to initiate the\nrecovery procedure. Currently supporting `VolumeSnapshot`\nand `PersistentVolumeClaim` resources that map an existing\nPVC group, compatible with CloudNativePG, and taken with\na cold backup copy on a fenced Postgres instance (limitation\nwhich will be removed in the future when online backup\nwill be implemented).\nMutually exclusive with `backup`.", - "properties": { - "storage": { - "description": "Configuration of the storage of the instances", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "tablespaceStorage": { - "additionalProperties": { - "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "description": "Configuration of the storage for PostgreSQL tablespaces", - "type": "object" - }, - "walStorage": { - "description": "Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "storage" - ], - "type": "object" } }, - "type": "object" - } + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "sourceType" + ], + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "description": "Represents the state of a CatalogSource. Note that Message and Reason represent the original\nstatus information, which may be migrated to be conditions based in the future. Any new features\nintroduced will use conditions.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "certificates": { - "description": "The configuration for the CA and related certificates", + "configMapReference": { + "description": "ConfigMapReference (deprecated) is the reference to the ConfigMap containing the catalog source's configuration, when the catalog source is a ConfigMap", "properties": { - "clientCASecret": { - "description": "The secret containing the Client CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate all the client certificates.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the client certificates,\nused as `ssl_ca_file` of all the instances.
\n- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,\nthis can be omitted.
", + "lastUpdateTime": { + "format": "date-time", "type": "string" }, - "replicationTLSSecret": { - "description": "The secret of type kubernetes.io/tls containing the client certificate to authenticate as\nthe `streaming_replica` user.\nIf not defined, ClientCASecret must provide also `ca.key`, and a new secret will be\ncreated using the provided CA.", + "name": { "type": "string" }, - "serverAltDNSNames": { - "description": "The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.", - "items": { - "type": "string" - }, - "type": "array" + "namespace": { + "type": "string" }, - "serverCASecret": { - "description": "The secret containing the Server CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the server certificate,\nused as `sslrootcert` in client connection strings.
\n- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,\nthis can be omitted.
", + "resourceVersion": { "type": "string" }, - "serverTLSSecret": { - "description": "The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as\n`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.\nIf not defined, ServerCASecret must provide also `ca.key` and a new secret will be\ncreated using the provided CA.", + "uid": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, + "required": [ + "name", + "namespace" + ], "type": "object" }, - "description": { - "description": "Description of this PostgreSQL cluster", + "connectionState": { + "description": "ConnectionState represents the current state of the CatalogSource's connection to the registry", + "properties": { + "address": { + "type": "string" + }, + "lastConnect": { + "format": "date-time", + "type": "string" + }, + "lastObservedState": { + "type": "string" + } + }, + "required": [ + "lastObservedState" + ], + "type": "object" + }, + "latestImageRegistryPoll": { + "description": "The last time the CatalogSource image registry has been polled to ensure the image is up-to-date", + "format": "date-time", "type": "string" }, - "enablePDB": { - "default": true, - "description": "Manage the `PodDisruptionBudget` resources within the cluster. When\nconfigured as `true` (default setting), the pod disruption budgets\nwill safeguard the primary node from being terminated. Conversely,\nsetting it to `false` will result in the absence of any\n`PodDisruptionBudget` resource, permitting the shutdown of all nodes\nhosting the PostgreSQL cluster. This latter configuration is\nadvisable for any PostgreSQL cluster employed for\ndevelopment/staging purposes.", - "type": "boolean" + "message": { + "description": "A human readable message indicating details about why the CatalogSource is in this condition.", + "type": "string" }, - "enableSuperuserAccess": { - "default": false, - "description": "When this option is enabled, the operator will use the `SuperuserSecret`\nto update the `postgres` user password (if the secret is\nnot present, the operator will automatically create one). When this\noption is disabled, the operator will ignore the `SuperuserSecret` content, delete\nit when automatically created, and then blank the password of the `postgres`\nuser by setting it to `NULL`. Disabled by default.", - "type": "boolean" + "reason": { + "description": "Reason is the reason the CatalogSource was transitioned to its current state.", + "type": "string" }, - "env": { - "description": "Env follows the Env format to pass environment variables\nto the pods created in the cluster", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } + "registryService": { + "description": "RegistryService represents the current state of the GRPC service used to serve the catalog", + "properties": { + "createdAt": { + "format": "date-time", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "envFrom": { - "description": "EnvFrom follows the EnvFrom format to pass environment variables\nsources to the pods to be used by Env", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "port": { + "type": "string" }, - "type": "object" + "protocol": { + "type": "string" + }, + "serviceName": { + "type": "string" + }, + "serviceNamespace": { + "type": "string" + } }, - "type": "array" + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "CatalogSource", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha1/CatalogSourceList": { + "description": "CatalogSourceList is a list of CatalogSource", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of catalogsources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.CatalogSource" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "CatalogSourceList", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha1/ClusterServiceVersion": { + "description": "ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "ClusterServiceVersionSpec declarations tell OLM how to install an operator\nthat can manage apps for a given version.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata.", + "type": "object" }, - "ephemeralVolumeSource": { - "description": "EphemeralVolumeSource allows the user to configure the source of ephemeral volumes.", + "apiservicedefinitions": { + "description": "APIServiceDefinitions declares all of the extension apis managed or required by\nan operator being ran by ClusterServiceVersion.", "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", - "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "owned": { + "items": { + "description": "APIServiceDescription provides details to OLM about apis provided via aggregation", + "properties": { + "actionDescriptors": { + "items": { + "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "description": { "type": "string" }, - "kind": { - "description": "Kind is the type of resource being referenced", + "displayName": { "type": "string" }, - "name": { - "description": "Name is the name of resource being referenced", + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "kind", - "name" + "path" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "array" + }, + "containerPort": { + "format": "int32", + "type": "integer" + }, + "deploymentName": { + "type": "string" + }, + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "resources": { + "items": { + "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, "kind": { - "description": "Kind is the type of resource being referenced", + "description": "Kind of the referenced resource type.", "type": "string" }, "name": { - "description": "Name is the name of resource being referenced", + "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "version": { + "description": "API Version of the referenced resource type.", "type": "string" } }, "required": [ "kind", - "name" + "name", + "version" ], "type": "object" }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "type": "array" + }, + "specDescriptors": { + "items": { + "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "description": { + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "type": "array" } }, + "required": [ + "path" + ], "type": "object" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", + "type": "array" + }, + "statusDescriptors": { + "items": { + "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "type": "array" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "required": [ + "path" + ], + "type": "object" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } + "type": "array" }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "ephemeralVolumesSizeLimit": { - "description": "EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral\nvolumes", - "properties": { - "shm": { - "anyOf": [ - { - "type": "integer" + "version": { + "type": "string" + } }, - { - "type": "string" - } - ], - "description": "Shm is the size limit of the shared memory volume", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "group", + "kind", + "name", + "version" + ], + "type": "object" + }, + "type": "array" }, - "temporaryData": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "TemporaryData is the size limit of the temporary data volume", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "externalClusters": { - "description": "The list of external clusters which are used in the configuration", - "items": { - "description": "ExternalCluster represents the connection parameters to an\nexternal cluster which is used in the other sections of the configuration", - "properties": { - "barmanObjectStore": { - "description": "The configuration for the barman-cloud tool suite", + "required": { + "items": { + "description": "APIServiceDescription provides details to OLM about apis provided via aggregation", "properties": { - "azureCredentials": { - "description": "The credentials to use to upload data to Azure Blob Storage", - "properties": { - "connectionString": { - "description": "The connection string to be used", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromAzureAD": { - "description": "Use the Azure AD based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "storageAccount": { - "description": "The storage account where to upload data", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "actionDescriptors": { + "items": { + "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", + "properties": { + "description": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageKey": { - "description": "The storage account key to be used in conjunction\nwith the storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "displayName": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "storageSasToken": { - "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "path": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "data": { - "description": "The configuration to be used to backup the data files\nWhen not defined, base backups files will be stored uncompressed and may\nbe unencrypted in the object store, according to the bucket default\npolicy.", - "properties": { - "additionalCommandArgs": { - "description": "AdditionalCommandArgs represents additional arguments that can be appended\nto the 'barman-cloud-backup' command-line invocation. These arguments\nprovide flexibility to customize the backup process further according to\nspecific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-backup' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", "type": "string" }, - "type": "array" - }, - "compression": { - "description": "Compress a backup file (a tar file per tablespace) while streaming it\nto the object store. Available options are empty string (no\ncompression, default), `gzip`, `bzip2` or `snappy`.", - "enum": [ - "gzip", - "bzip2", - "snappy" - ], - "type": "string" - }, - "encryption": { - "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", - "enum": [ - "AES256", - "aws:kms" - ], - "type": "string" - }, - "immediateCheckpoint": { - "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", - "type": "boolean" + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } }, - "jobs": { - "description": "The number of parallel jobs to be used to upload the backup, defaults\nto 2", - "format": "int32", - "minimum": 1, - "type": "integer" - } + "required": [ + "path" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "destinationPath": { - "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data", - "minLength": 1, + "containerPort": { + "format": "int32", + "type": "integer" + }, + "deploymentName": { "type": "string" }, - "endpointCA": { - "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" + "description": { + "type": "string" }, - "endpointURL": { - "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", + "displayName": { "type": "string" }, - "googleCredentials": { - "description": "The credentials to use to upload data to Google Cloud Storage", - "properties": { - "applicationCredentials": { - "description": "The secret containing the Google Cloud Storage JSON file with the credentials", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "resources": { + "items": { + "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", + "properties": { + "kind": { + "description": "Kind of the referenced resource type.", + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" + "name": { + "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", + "type": "string" + }, + "version": { + "description": "API Version of the referenced resource type.", + "type": "string" + } }, - "gkeEnvironment": { - "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "historyTags": { - "additionalProperties": { - "type": "string" + "required": [ + "kind", + "name", + "version" + ], + "type": "object" }, - "description": "HistoryTags is a list of key value pairs that will be passed to the\nBarman --history-tags option.", - "type": "object" + "type": "array" }, - "s3Credentials": { - "description": "The credentials to use to upload data to S3", - "properties": { - "accessKeyId": { - "description": "The reference to the access key id", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "specDescriptors": { + "items": { + "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", + "properties": { + "description": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "inheritFromIAMRole": { - "description": "Use the role based authentication without providing explicitly the keys.", - "type": "boolean" - }, - "region": { - "description": "The reference to the secret containing the region name", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "displayName": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "secretAccessKey": { - "description": "The reference to the secret access key", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } + "path": { + "type": "string" }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "sessionToken": { - "description": "The references to the session key", - "properties": { - "key": { - "description": "The key to select", + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { "type": "string" }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "serverName": { - "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", - "type": "string" - }, - "tags": { - "additionalProperties": { - "type": "string" + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" }, - "description": "Tags is a list of key value pairs that will be passed to the\nBarman --tags option.", - "type": "object" + "type": "array" }, - "wal": { - "description": "The configuration for the backup of the WAL stream.\nWhen not defined, WAL files will be stored uncompressed and may be\nunencrypted in the object store, according to the bucket default policy.", - "properties": { - "archiveAdditionalCommandArgs": { - "description": "Additional arguments that can be appended to the 'barman-cloud-wal-archive'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL archive process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { + "statusDescriptors": { + "items": { + "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", + "properties": { + "description": { "type": "string" }, - "type": "array" - }, - "compression": { - "description": "Compress a WAL file before sending it to the object store. Available\noptions are empty string (no compression, default), `gzip`, `bzip2` or `snappy`.", - "enum": [ - "gzip", - "bzip2", - "snappy" - ], - "type": "string" - }, - "encryption": { - "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", - "enum": [ - "AES256", - "aws:kms" - ], - "type": "string" - }, - "maxParallel": { - "description": "Number of WAL files to be either archived in parallel (when the\nPostgreSQL instance is archiving to a backup object store) or\nrestored in parallel (when a PostgreSQL standby is fetching WAL\nfiles from a recovery object store). If not specified, WAL files\nwill be processed one at a time. It accepts a positive integer as a\nvalue - with 1 being the minimum accepted value.", - "minimum": 1, - "type": "integer" - }, - "restoreAdditionalCommandArgs": { - "description": "Additional arguments that can be appended to the 'barman-cloud-wal-restore'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL restore process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended\nbehavior during execution.", - "items": { + "displayName": { "type": "string" }, - "type": "array" - } + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" }, - "type": "object" + "type": "array" + }, + "version": { + "type": "string" } }, "required": [ - "destinationPath" + "group", + "kind", + "name", + "version" ], "type": "object" }, - "connectionParameters": { - "additionalProperties": { - "type": "string" - }, - "description": "The list of connection parameters, such as dbname, host, username, etc", - "type": "object" - }, - "name": { - "description": "The server name, required", - "type": "string" - }, - "password": { - "description": "The reference to the password to be used to connect to the server.\nIf a password is provided, CloudNativePG creates a PostgreSQL\npassfile at `/controller/external/NAME/pass` (where \"NAME\" is the\ncluster's name). This passfile is automatically referenced in the\nconnection string when establishing a connection to the remote\nPostgreSQL server from the current PostgreSQL `Cluster`. This ensures\nsecure and efficient password management for external clusters.", + "type": "array" + } + }, + "type": "object" + }, + "cleanup": { + "description": "Cleanup specifies the cleanup behaviour when the CSV gets deleted", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "customresourcedefinitions": { + "description": "CustomResourceDefinitions declares all of the CRDs managed or required by\nan operator being ran by ClusterServiceVersion.\n\nIf the CRD is present in the Owned list, it is implicitly required.", + "properties": { + "owned": { + "items": { + "description": "CRDDescription provides details to OLM about the CRDs", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "actionDescriptors": { + "items": { + "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "description": { "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "displayName": { "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "plugin": { - "description": "The configuration of the plugin that is taking care\nof WAL archiving and backups for this external cluster", - "properties": { - "enabled": { - "default": true, - "description": "Enabled is true if this plugin will be used", - "type": "boolean" + "kind": { + "type": "string" }, "name": { - "description": "Name is the plugin name", "type": "string" }, - "parameters": { - "additionalProperties": { - "type": "string" + "resources": { + "items": { + "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", + "properties": { + "kind": { + "description": "Kind of the referenced resource type.", + "type": "string" + }, + "name": { + "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", + "type": "string" + }, + "version": { + "description": "API Version of the referenced resource type.", + "type": "string" + } + }, + "required": [ + "kind", + "name", + "version" + ], + "type": "object" }, - "description": "Parameters is the configuration of the plugin", - "type": "object" + "type": "array" + }, + "specDescriptors": { + "items": { + "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "statusDescriptors": { + "items": { + "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" } }, "required": [ - "name" + "kind", + "name", + "version" ], "type": "object" }, - "sslCert": { - "description": "The reference to an SSL certificate to be used to connect to this\ninstance", + "type": "array" + }, + "required": { + "items": { + "description": "CRDDescription provides details to OLM about the CRDs", "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "actionDescriptors": { + "items": { + "description": "ActionDescriptor describes a declarative action that can be performed on a custom resource instance", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "description": { "type": "string" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "displayName": { "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslKey": { - "description": "The reference to an SSL private key to be used to connect to this\ninstance", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "kind": { "type": "string" }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslRootCert": { - "description": "The reference to an SSL CA public key to be used to connect to this\ninstance", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" + "resources": { + "items": { + "description": "APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.", + "properties": { + "kind": { + "description": "Kind of the referenced resource type.", + "type": "string" + }, + "name": { + "description": "Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.", + "type": "string" + }, + "version": { + "description": "API Version of the referenced resource type.", + "type": "string" + } + }, + "required": [ + "kind", + "name", + "version" + ], + "type": "object" + }, + "type": "array" }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "specDescriptors": { + "items": { + "description": "SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "statusDescriptors": { + "items": { + "description": "StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "path": { + "type": "string" + }, + "value": { + "description": "RawMessage is a raw encoded JSON value.\nIt implements [Marshaler] and [Unmarshaler] and can\nbe used to delay JSON decoding or precompute a JSON encoding.", + "format": "byte", + "type": "string" + }, + "x-descriptors": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" } }, "required": [ - "key" + "kind", + "name", + "version" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "failoverDelay": { - "default": 0, - "description": "The amount of time (in seconds) to wait before triggering a failover\nafter the primary PostgreSQL instance in the cluster was detected\nto be unhealthy", - "format": "int32", - "type": "integer" - }, - "imageCatalogRef": { - "description": "Defines the major PostgreSQL version we want to use within an ImageCatalog", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "major": { - "description": "The major version of PostgreSQL we want to use from the ImageCatalog", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "Major is immutable", - "rule": "self == oldSelf" - } - ] - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "type": "object" + }, + "type": "array" } }, - "required": [ - "kind", - "major", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "Only image catalogs are supported", - "rule": "self.kind == 'ImageCatalog' || self.kind == 'ClusterImageCatalog'" - }, - { - "message": "Only image catalogs are supported", - "rule": "self.apiGroup == 'postgresql.cnpg.noobaa.io'" - } - ] + "type": "object" }, - "imageName": { - "description": "Name of the container image, supporting both tags (`:`)\nand digests for deterministic and repeatable deployments\n(`:@sha256:`)", + "description": { + "description": "Description of the operator. Can include the features, limitations or use-cases of the\noperator.", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of `Always`, `Never` or `IfNotPresent`.\nIf not defined, it defaults to `IfNotPresent`.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "displayName": { + "description": "The name of the operator in display format.", "type": "string" }, - "imagePullSecrets": { - "description": "The list of pull secrets to be used to pull the images", + "icon": { + "description": "The icon for this operator.", "items": { - "description": "LocalObjectReference contains enough information to let you locate a\nlocal object with a known type inside the same namespace", "properties": { - "name": { - "description": "Name of the referent.", + "base64data": { + "type": "string" + }, + "mediatype": { "type": "string" } }, "required": [ - "name" + "base64data", + "mediatype" ], "type": "object" }, "type": "array" }, - "inheritedMetadata": { - "description": "Metadata that will be inherited by all objects related to the Cluster", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object" - }, - "instances": { - "default": 1, - "description": "Number of instances required in the cluster", - "minimum": 1, - "type": "integer" - }, - "livenessProbeTimeout": { - "description": "LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance\nto successfully respond to the liveness probe (default 30).\nThe Liveness probe failure threshold is derived from this value using the formula:\nceiling(livenessProbe / 10).", - "format": "int32", - "type": "integer" - }, - "logLevel": { - "default": "info", - "description": "The instances' log level, one of the following values: error, warning, info (default), debug, trace", - "enum": [ - "error", - "warning", - "info", - "debug", - "trace" - ], - "type": "string" - }, - "managed": { - "description": "The configuration that is used by the portions of PostgreSQL that are managed by the instance manager", + "install": { + "description": "NamedInstallStrategy represents the block of an ClusterServiceVersion resource\nwhere the install strategy is specified.", "properties": { - "roles": { - "description": "Database roles managed by the `Cluster`", - "items": { - "description": "RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role\nwith the additional field Ensure specifying whether to ensure the presence or\nabsence of the role in the database\n\nThe defaults of the CREATE ROLE command are applied\nReference: https://www.postgresql.org/docs/current/sql-createrole.html", - "properties": { - "bypassrls": { - "description": "Whether a role bypasses every row-level security (RLS) policy.\nDefault is `false`.", - "type": "boolean" - }, - "comment": { - "description": "Description of the role", - "type": "string" - }, - "connectionLimit": { - "default": -1, - "description": "If the role can log in, this specifies how many concurrent\nconnections the role can make. `-1` (the default) means no limit.", - "format": "int64", - "type": "integer" - }, - "createdb": { - "description": "When set to `true`, the role being defined will be allowed to create\nnew databases. Specifying `false` (default) will deny a role the\nability to create databases.", - "type": "boolean" - }, - "createrole": { - "description": "Whether the role will be permitted to create, alter, drop, comment\non, change the security label for, and grant or revoke membership in\nother roles. Default is `false`.", - "type": "boolean" - }, - "disablePassword": { - "description": "DisablePassword indicates that a role's password should be set to NULL in Postgres", - "type": "boolean" - }, - "ensure": { - "default": "present", - "description": "Ensure the role is `present` or `absent` - defaults to \"present\"", - "enum": [ - "present", - "absent" - ], - "type": "string" - }, - "inRoles": { - "description": "List of one or more existing roles to which this role will be\nimmediately added as a new member. Default empty.", - "items": { - "type": "string" - }, - "type": "array" - }, - "inherit": { - "default": true, - "description": "Whether a role \"inherits\" the privileges of roles it is a member of.\nDefaults is `true`.", - "type": "boolean" - }, - "login": { - "description": "Whether the role is allowed to log in. A role having the `login`\nattribute can be thought of as a user. Roles without this attribute\nare useful for managing database privileges, but are not users in\nthe usual sense of the word. Default is `false`.", - "type": "boolean" - }, - "name": { - "description": "Name of the role", - "type": "string" - }, - "passwordSecret": { - "description": "Secret containing the password of the role (if present)\nIf null, the password will be ignored unless DisablePassword is set", + "spec": { + "description": "StrategyDetailsDeployment represents the parsed details of a Deployment\nInstallStrategy.", + "properties": { + "clusterPermissions": { + "items": { + "description": "StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy", "properties": { - "name": { - "description": "Name of the referent.", + "rules": { + "items": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to.", + "properties": { + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "verbs" + ], + "type": "object" + }, + "type": "array" + }, + "serviceAccountName": { "type": "string" } }, "required": [ - "name" + "rules", + "serviceAccountName" ], "type": "object" }, - "replication": { - "description": "Whether a role is a replication role. A role must have this\nattribute (or be a superuser) in order to be able to connect to the\nserver in replication mode (physical or logical replication) and in\norder to be able to create or drop replication slots. A role having\nthe `replication` attribute is a very highly privileged role, and\nshould only be used on roles actually used for replication. Default\nis `false`.", - "type": "boolean" - }, - "superuser": { - "description": "Whether the role is a `superuser` who can override all access\nrestrictions within the database - superuser status is dangerous and\nshould be used only when really needed. You must yourself be a\nsuperuser to create a new superuser. Defaults is `false`.", - "type": "boolean" - }, - "validUntil": { - "description": "Date and time after which the role's password is no longer valid.\nWhen omitted, the password will never expire (default).", - "format": "date-time", - "type": "string" - } + "type": "array" }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "services": { - "description": "Services roles managed by the `Cluster`", - "properties": { - "additional": { - "description": "Additional is a list of additional managed services specified by the user.", + "deployments": { "items": { - "description": "ManagedService represents a specific service managed by the cluster.\nIt includes the type of service and its associated template specification.", + "description": "StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create", "properties": { - "selectorType": { - "description": "SelectorType specifies the type of selectors that the service will have.\nValid values are \"rw\", \"r\", and \"ro\", representing read-write, read, and read-only services.", - "enum": [ - "rw", - "r", - "ro" - ], + "label": { + "additionalProperties": { + "type": "string" + }, + "description": "Set is a map of label:value. It implements Labels.", + "type": "object" + }, + "name": { "type": "string" }, - "serviceTemplate": { - "description": "ServiceTemplate is the template specification for the service.", + "spec": { + "description": "DeploymentSpec is the specification of the desired behavior of the Deployment.", "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing, for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)", + "format": "int32", + "type": "integer" + }, + "paused": { + "description": "Indicates that the deployment is paused.", + "type": "boolean" + }, + "progressDeadlineSeconds": { + "description": "The maximum time in seconds for a deployment to make progress before it\nis considered to be failed. The deployment controller will continue to\nprocess failed deployments and a condition with a ProgressDeadlineExceeded\nreason will be surfaced in the deployment status. Note that progress will\nnot be estimated during the time a deployment is paused. Defaults to 600s.", + "format": "int32", + "type": "integer" + }, + "replicas": { + "description": "Number of desired pods. This is a pointer to distinguish between explicit\nzero and not specified. Defaults to 1.", + "format": "int32", + "type": "integer" + }, + "revisionHistoryLimit": { + "description": "The number of old ReplicaSets to retain to allow rollback.\nThis is a pointer to distinguish between explicit zero and not specified.\nDefaults to 10.", + "format": "int32", + "type": "integer" + }, + "selector": { + "description": "Label selector for pods. Existing ReplicaSets whose pods are\nselected by this will be the ones affected by this deployment.\nIt must match the pod template's labels.", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "labels": { + "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "name": { - "description": "The name of the resource. Only supported for certain types", - "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "spec": { - "description": "Specification of the desired behavior of the service.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "strategy": { + "description": "The deployment strategy to use to replace existing pods with new ones.", "properties": { - "allocateLoadBalancerNodePorts": { - "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type.", - "type": "boolean" - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "clusterIPs": { - "description": "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "externalName": { - "description": "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set.", - "format": "int32", - "type": "integer" - }, - "internalTrafficPolicy": { - "description": "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features).", - "type": "string" - }, - "ipFamilies": { - "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field.", - "items": { - "description": "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).", - "type": "string" + "rollingUpdate": { + "description": "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.", + "properties": { + "maxSurge": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods.", + "x-kubernetes-int-or-string": true + }, + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods.", + "x-kubernetes-int-or-string": true + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ipFamilyPolicy": { - "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName.", - "type": "string" - }, - "loadBalancerClass": { - "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", - "type": "string" + "type": "object" }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available.", + "type": { + "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", "type": "string" + } + }, + "type": "object" + }, + "template": { + "description": "Template describes the pods that will be created.\nThe only allowed template.spec.restartPolicy value is \"Always\".", + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ports": { - "description": "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "items": { - "description": "ServicePort contains information on service's port.", - "properties": { - "appProtocol": { - "description": "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol.", - "type": "string" + "spec": { + "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "affinity": { + "description": "If specified, the pod's scheduling constraints", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" + }, + "containers": { + "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is this DNS resolver option's name.\nRequired.", + "type": "string" + }, + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "string" + }, + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", + "type": "boolean" + }, + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", + "items": { + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", + "type": "string" + }, + "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", + "type": "string" + }, + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", + "type": "string" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", + "items": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "hostIPC": { + "description": "Use the host's ipc namespace.\nOptional: Default to false.", + "type": "boolean" + }, + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", + "type": "boolean" + }, + "hostPID": { + "description": "Use the host's pid namespace.\nOptional: Default to false.", + "type": "boolean" + }, + "hostUsers": { + "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "initContainers": { + "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nthat value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service.", + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "format": "int32", - "type": "integer" + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "os": { + "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", + "properties": { + "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", + "type": "string" + } }, - "port": { - "description": "The port that will be exposed by this service.", - "format": "int32", - "type": "integer" + "required": [ + "name" + ], + "type": "object" + }, + "overhead": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "protocol": { - "default": "TCP", - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP.", - "type": "string" + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object" + }, + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", + "type": "string" + }, + "priority": { + "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", + "format": "int32", + "type": "integer" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", + "type": "string" + }, + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "items": { + "description": "PodReadinessGate contains the reference to a pod condition", + "properties": { + "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "type": "string" + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "items": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "resources": { + "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", + "type": "string" + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "type": "string" + }, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", + "type": "string" + }, + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "items": { + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "properties": { + "name": { + "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", + "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", + "type": "string" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + }, + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" }, - "targetPort": { - "anyOf": [ - { - "type": "integer" + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", + "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "properties": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "properties": { + "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "properties": { + "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "description": "secret information about the secret data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "port", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior.", - "type": "boolean" - }, - "selector": { - "additionalProperties": { - "type": "string" - }, - "description": "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "sessionAffinityConfig": { - "description": "sessionAffinityConfig contains the configurations of session affinity.", - "properties": { - "clientIP": { - "description": "clientIP contains the configurations of Client IP based session affinity.", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours).", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "trafficDistribution": { - "description": "TrafficDistribution offers a way to express preferences for how traffic is\ndistributed to Service endpoints. Implementations can use this field as a\nhint, but are not required to guarantee strict adherence. If the field is\nnot set, the implementation will apply its default routing strategy. If set\nto \"PreferClose\", implementations should prioritize endpoints that are\ntopologically close (e.g., same zone).\nThis is a beta field and requires enabling ServiceTrafficDistribution feature.", - "type": "string" - }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "updateStrategy": { - "default": "patch", - "description": "UpdateStrategy describes how the service differences should be reconciled", - "enum": [ - "patch", - "replace" - ], - "type": "string" - } - }, - "required": [ - "selectorType", - "serviceTemplate" - ], - "type": "object" - }, - "type": "array" - }, - "disabledDefaultServices": { - "description": "DisabledDefaultServices is a list of service types that are disabled by default.\nValid values are \"r\", and \"ro\", representing read, and read-only services.", - "items": { - "description": "ServiceSelectorType describes a valid value for generating the service selectors.\nIt indicates which type of service the selector applies to, such as read-write, read, or read-only", - "enum": [ - "rw", - "r", - "ro" - ], - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "maxSyncReplicas": { - "default": 0, - "description": "The target value for the synchronous replication quorum, that can be\ndecreased if the number of ready standbys is lower than this.\nUndefined or 0 disable synchronous replication.", - "minimum": 0, - "type": "integer" - }, - "minSyncReplicas": { - "default": 0, - "description": "Minimum number of instances required in synchronous replication with the\nprimary. Undefined or 0 allow writes to complete when no standby is\navailable.", - "minimum": 0, - "type": "integer" - }, - "monitoring": { - "description": "The configuration of the monitoring infrastructure of this cluster", - "properties": { - "customQueriesConfigMap": { - "description": "The list of config maps containing the custom queries", - "items": { - "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "customQueriesSecret": { - "description": "The list of secrets containing the custom queries", - "items": { - "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", - "properties": { - "key": { - "description": "The key to select", - "type": "string" - }, - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "key", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "disableDefaultQueries": { - "default": false, - "description": "Whether the default queries should be injected.\nSet it to `true` if you don't want to inject default queries into the cluster.\nDefault: false.", - "type": "boolean" - }, - "enablePodMonitor": { - "default": false, - "description": "Enable or disable the `PodMonitor`", - "type": "boolean" - }, - "podMonitorMetricRelabelings": { - "description": "The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "podMonitorRelabelings": { - "description": "The list of relabelings for the `PodMonitor`. Applied to samples before scraping.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" - }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "tls": { - "description": "Configure TLS communication for the metrics endpoint.\nChanging tls.enabled option will force a rollout of all instances.", - "properties": { - "enabled": { - "default": false, - "description": "Enable TLS for the monitoring endpoint.\nChanging this option will force a rollout of all instances.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeMaintenanceWindow": { - "description": "Define a maintenance window for the Kubernetes nodes", - "properties": { - "inProgress": { - "default": false, - "description": "Is there a node maintenance activity in progress?", - "type": "boolean" - }, - "reusePVC": { - "default": true, - "description": "Reuse the existing PVC (wait for the node to come\nup again) or not (recreate it elsewhere - when `instances` >1)", - "type": "boolean" - } - }, - "type": "object" - }, - "plugins": { - "description": "The plugins configuration, containing\nany plugin to be loaded with the corresponding configuration", - "items": { - "description": "PluginConfiguration specifies a plugin that need to be loaded for this\ncluster to be reconciled", - "properties": { - "enabled": { - "default": true, - "description": "Enabled is true if this plugin will be used", - "type": "boolean" - }, - "name": { - "description": "Name is the plugin name", - "type": "string" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is the configuration of the plugin", - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "postgresGID": { - "default": 26, - "description": "The GID of the `postgres` user inside the image, defaults to `26`", - "format": "int64", - "type": "integer" - }, - "postgresUID": { - "default": 26, - "description": "The UID of the `postgres` user inside the image, defaults to `26`", - "format": "int64", - "type": "integer" - }, - "postgresql": { - "description": "Configuration of the PostgreSQL server", - "properties": { - "enableAlterSystem": { - "description": "If this parameter is true, the user will be able to invoke `ALTER SYSTEM`\non this CloudNativePG Cluster.\nThis should only be used for debugging and troubleshooting.\nDefaults to false.", - "type": "boolean" - }, - "ldap": { - "description": "Options to specify LDAP configuration", - "properties": { - "bindAsAuth": { - "description": "Bind as authentication configuration", - "properties": { - "prefix": { - "description": "Prefix for the bind authentication option", - "type": "string" - }, - "suffix": { - "description": "Suffix for the bind authentication option", - "type": "string" - } - }, - "type": "object" - }, - "bindSearchAuth": { - "description": "Bind+Search authentication configuration", - "properties": { - "baseDN": { - "description": "Root DN to begin the user search", - "type": "string" - }, - "bindDN": { - "description": "DN of the user to bind to the directory", - "type": "string" - }, - "bindPassword": { - "description": "Secret with the password for the user to bind to the directory", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "searchAttribute": { - "description": "Attribute to match against the username", - "type": "string" - }, - "searchFilter": { - "description": "Search filter to use when doing the search+bind authentication", - "type": "string" - } - }, - "type": "object" - }, - "port": { - "description": "LDAP server port", - "type": "integer" - }, - "scheme": { - "description": "LDAP schema to be used, possible options are `ldap` and `ldaps`", - "enum": [ - "ldap", - "ldaps" - ], - "type": "string" - }, - "server": { - "description": "LDAP hostname or IP address", - "type": "string" - }, - "tls": { - "description": "Set to 'true' to enable LDAP over TLS. 'false' is default", - "type": "boolean" - } - }, - "type": "object" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "PostgreSQL configuration options (postgresql.conf)", - "type": "object" - }, - "pg_hba": { - "description": "PostgreSQL Host Based Authentication rules (lines to be appended\nto the pg_hba.conf file)", - "items": { - "type": "string" - }, - "type": "array" - }, - "pg_ident": { - "description": "PostgreSQL User Name Maps rules (lines to be appended\nto the pg_ident.conf file)", - "items": { - "type": "string" - }, - "type": "array" - }, - "promotionTimeout": { - "description": "Specifies the maximum number of seconds to wait when promoting an instance to primary.\nDefault value is 40000000, greater than one year in seconds,\nbig enough to simulate an infinite timeout", - "format": "int32", - "type": "integer" - }, - "shared_preload_libraries": { - "description": "Lists of shared preload libraries to add to the default ones", - "items": { - "type": "string" - }, - "type": "array" - }, - "syncReplicaElectionConstraint": { - "description": "Requirements to be met by sync replicas. This will affect how the \"synchronous_standby_names\" parameter will be\nset up.", - "properties": { - "enabled": { - "description": "This flag enables the constraints for sync replicas", - "type": "boolean" - }, - "nodeLabelsAntiAffinity": { - "description": "A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "synchronous": { - "description": "Configuration of the PostgreSQL synchronous replication feature", - "properties": { - "dataDurability": { - "default": "required", - "description": "If set to \"required\", data durability is strictly enforced. Write operations\nwith synchronous commit settings (`on`, `remote_write`, or `remote_apply`) will\nblock if there are insufficient healthy replicas, ensuring data persistence.\nIf set to \"preferred\", data durability is maintained when healthy replicas\nare available, but the required number of instances will adjust dynamically\nif replicas become unavailable. This setting relaxes strict durability enforcement\nto allow for operational continuity. This setting is only applicable if both\n`standbyNamesPre` and `standbyNamesPost` are unset (empty).", - "enum": [ - "required", - "preferred" - ], - "type": "string" - }, - "maxStandbyNamesFromCluster": { - "description": "Specifies the maximum number of local cluster pods that can be\nautomatically included in the `synchronous_standby_names` option in\nPostgreSQL.", - "type": "integer" - }, - "method": { - "description": "Method to select synchronous replication standbys from the listed\nservers, accepting 'any' (quorum-based synchronous replication) or\n'first' (priority-based synchronous replication) as values.", - "enum": [ - "any", - "first" - ], - "type": "string" - }, - "number": { - "description": "Specifies the number of synchronous standby servers that\ntransactions must wait for responses from.", - "type": "integer", - "x-kubernetes-validations": [ - { - "message": "The number of synchronous replicas should be greater than zero", - "rule": "self > 0" - } - ] - }, - "standbyNamesPost": { - "description": "A user-defined list of application names to be added to\n`synchronous_standby_names` after local cluster pods (the order is\nonly useful for priority-based synchronous replication).", - "items": { - "type": "string" - }, - "type": "array" - }, - "standbyNamesPre": { - "description": "A user-defined list of application names to be added to\n`synchronous_standby_names` before local cluster pods (the order is\nonly useful for priority-based synchronous replication).", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "method", - "number" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "dataDurability set to 'preferred' requires empty 'standbyNamesPre' and empty 'standbyNamesPost'", - "rule": "self.dataDurability!='preferred' || ((!has(self.standbyNamesPre) || self.standbyNamesPre.size()==0) && (!has(self.standbyNamesPost) || self.standbyNamesPost.size()==0))" - } - ] - } - }, - "type": "object" - }, - "primaryUpdateMethod": { - "default": "restart", - "description": "Method to follow to upgrade the primary server during a rolling\nupdate procedure, after all replicas have been successfully updated:\nit can be with a switchover (`switchover`) or in-place (`restart` - default)", - "enum": [ - "switchover", - "restart" - ], - "type": "string" - }, - "primaryUpdateStrategy": { - "default": "unsupervised", - "description": "Deployment strategy to follow to upgrade the primary server during a rolling\nupdate procedure, after all replicas have been successfully updated:\nit can be automated (`unsupervised` - default) or manual (`supervised`)", - "enum": [ - "unsupervised", - "supervised" - ], - "type": "string" - }, - "priorityClassName": { - "description": "Name of the priority class which will be used in every generated Pod, if the PriorityClass\nspecified does not exist, the pod will not be able to schedule. Please refer to\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass\nfor more information", - "type": "string" - }, - "probes": { - "description": "The configuration of the probes to be injected\nin the PostgreSQL Pods.", - "properties": { - "liveness": { - "description": "The liveness probe configuration", - "properties": { - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "readiness": { - "description": "The readiness probe configuration", - "properties": { - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "startup": { - "description": "The startup probe configuration", - "properties": { - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "projectedVolumeTemplate": { - "description": "Template to be used to define projected volumes, projected volumes will be mounted\nunder `/projected` base folder", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", - "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", - "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "properties": { + "group": { + "description": "group to map volume access to\nDefault is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "required": [ + "containers" + ], + "type": "object" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" + "required": [ + "selector", + "template" + ], + "type": "object" } }, "required": [ - "path" + "name", + "spec" ], "type": "object" }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", + "type": "array" + }, + "permissions": { + "items": { + "description": "StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy", "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", + "rules": { "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "description": "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to.", "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "items": { + "type": "string" }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "items": { + "type": "string" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "replica": { - "description": "Replica cluster configuration", - "properties": { - "enabled": { - "description": "If replica mode is enabled, this cluster will be a replica of an\nexisting cluster. Replica cluster can be created from a recovery\nobject store or via streaming through pg_basebackup.\nRefer to the Replica clusters page of the documentation for more information.", - "type": "boolean" - }, - "minApplyDelay": { - "description": "When replica mode is enabled, this parameter allows you to replay\ntransactions only when the system time is at least the configured\ntime past the commit time. This provides an opportunity to correct\ndata loss errors. Note that when this parameter is set, a promotion\ntoken cannot be used.", - "type": "string" - }, - "primary": { - "description": "Primary defines which Cluster is defined to be the primary in the distributed PostgreSQL cluster, based on the\ntopology specified in externalClusters", - "type": "string" - }, - "promotionToken": { - "description": "A demotion token generated by an external cluster used to\ncheck if the promotion requirements are met.", - "type": "string" - }, - "self": { - "description": "Self defines the name of this cluster. It is used to determine if this is a primary\nor a replica cluster, comparing it with `primary`", - "type": "string" - }, - "source": { - "description": "The name of the external cluster which is the replication origin", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "replicationSlots": { - "default": { - "highAvailability": { - "enabled": true - } - }, - "description": "Replication slots management configuration", - "properties": { - "highAvailability": { - "default": { - "enabled": true - }, - "description": "Replication slots for high availability configuration", - "properties": { - "enabled": { - "default": true, - "description": "If enabled (default), the operator will automatically manage replication slots\non the primary instance and use them in streaming replication\nconnections with all the standby instances that are part of the HA\ncluster. If disabled, the operator will not take advantage\nof replication slots in streaming connections with the replicas.\nThis feature also controls replication slots in replica cluster,\nfrom the designated primary to its cascading replicas.", - "type": "boolean" - }, - "slotPrefix": { - "default": "_cnpg_", - "description": "Prefix for replication slots managed by the operator for HA.\nIt may only contain lower case letters, numbers, and the underscore character.\nThis can only be set at creation time. By default set to `_cnpg_`.", - "pattern": "^[0-9a-z_]*$", - "type": "string" - } - }, - "type": "object" - }, - "synchronizeReplicas": { - "description": "Configures the synchronization of the user defined physical replication slots", - "properties": { - "enabled": { - "default": true, - "description": "When set to true, every replication slot that is on the primary is synchronized on each standby", - "type": "boolean" - }, - "excludePatterns": { - "description": "List of regular expression patterns to match the names of replication slots to be excluded (by default empty)", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "updateInterval": { - "default": 30, - "description": "Standby will update the status of the local replication slots\nevery `updateInterval` seconds (default 30).", - "minimum": 1, - "type": "integer" - } - }, - "type": "object" - }, - "resources": { - "description": "Resources requirements of every generated Pod. Please refer to\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\nfor more information.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified Kubernetes\nscheduler. If not specified, the pod will be dispatched by the default\nscheduler. More info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/", - "type": "string" - }, - "seccompProfile": { - "description": "The SeccompProfile applied to every Pod and Container.\nDefaults to: `RuntimeDefault`", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "serviceAccountTemplate": { - "description": "Configure the generation of the service account", - "properties": { - "metadata": { - "description": "Metadata are the metadata to be used for the generated\nservice account", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "The name of the resource. Only supported for certain types", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "metadata" - ], - "type": "object" - }, - "smartShutdownTimeout": { - "default": 180, - "description": "The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete.\nMake sure you reserve enough time for the operator to request a fast shutdown of Postgres\n(that is: `stopDelay` - `smartShutdownTimeout`).", - "format": "int32", - "type": "integer" - }, - "startDelay": { - "default": 3600, - "description": "The time in seconds that is allowed for a PostgreSQL instance to\nsuccessfully start up (default 3600).\nThe startup probe failure threshold is derived from this value using the formula:\nceiling(startDelay / 10).", - "format": "int32", - "type": "integer" - }, - "stopDelay": { - "default": 1800, - "description": "The time in seconds that is allowed for a PostgreSQL instance to\ngracefully shutdown (default 1800)", - "format": "int32", - "type": "integer" - }, - "storage": { - "description": "Configuration of the storage of the instances", - "properties": { - "pvcTemplate": { - "description": "Template to be used to generate the Persistent Volume Claim", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "resizeInUseVolumes": { - "default": true, - "description": "Resize existent PVCs, defaults to true", - "type": "boolean" - }, - "size": { - "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", - "type": "string" - }, - "storageClass": { - "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", - "type": "string" - } - }, - "type": "object" - }, - "superuserSecret": { - "description": "The secret containing the superuser password. If not defined a new\nsecret will be created with a randomly generated password", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "switchoverDelay": { - "default": 3600, - "description": "The time in seconds that is allowed for a primary PostgreSQL instance\nto gracefully shutdown during a switchover.\nDefault value is 3600 seconds (1 hour).", - "format": "int32", - "type": "integer" - }, - "tablespaces": { - "description": "The tablespaces configuration", - "items": { - "description": "TablespaceConfiguration is the configuration of a tablespace, and includes\nthe storage specification for the tablespace", - "properties": { - "name": { - "description": "The name of the tablespace", - "type": "string" - }, - "owner": { - "description": "Owner is the PostgreSQL user owning the tablespace", - "properties": { - "name": { - "type": "string" - } - }, - "type": "object" - }, - "storage": { - "description": "The storage configuration for the tablespace", - "properties": { - "pvcTemplate": { - "description": "Template to be used to generate the Persistent Volume Claim", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "items": { + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "verbs" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "type": "array" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "serviceAccountName": { "type": "string" } }, + "required": [ + "rules", + "serviceAccountName" + ], "type": "object" }, - "resizeInUseVolumes": { - "default": true, - "description": "Resize existent PVCs, defaults to true", - "type": "boolean" - }, - "size": { - "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", - "type": "string" - }, - "storageClass": { - "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", - "type": "string" - } - }, - "type": "object" + "type": "array" + } }, - "temporary": { - "default": false, - "description": "When set to true, the tablespace will be added as a `temp_tablespaces`\nentry in PostgreSQL, and will be available to automatically house temp\ndatabase objects, or other temporary files. Please refer to PostgreSQL\ndocumentation for more information on the `temp_tablespaces` GUC.", - "type": "boolean" - } + "required": [ + "deployments" + ], + "type": "object" }, - "required": [ - "name", - "storage" - ], - "type": "object" + "strategy": { + "type": "string" + } }, - "type": "array" + "required": [ + "strategy" + ], + "type": "object" }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology.\nMore info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/", + "installModes": { + "description": "InstallModes specify supported installation types", "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "description": "InstallMode associates an InstallModeType with a flag representing if the CSV supports it", "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" + "supported": { + "type": "boolean" }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": { + "description": "InstallModeType is a supported type of install mode for CSV installation", "type": "string" } }, "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" + "supported", + "type" ], "type": "object" }, "type": "array" }, - "walStorage": { - "description": "Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)", - "properties": { - "pvcTemplate": { - "description": "Template to be used to generate the Persistent Volume Claim", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "resizeInUseVolumes": { - "default": true, - "description": "Resize existent PVCs, defaults to true", - "type": "boolean" - }, - "size": { - "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", - "type": "string" - }, - "storageClass": { - "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", - "type": "string" - } + "keywords": { + "description": "A list of keywords describing the operator.", + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.", "type": "object" - } - }, - "required": [ - "instances" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "imageName and imageCatalogRef are mutually exclusive", - "rule": "!(has(self.imageCatalogRef) && has(self.imageName))" - } - ] - }, - "status": { - "description": "Most recently observed status of the cluster. This data may not be up\nto date. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "availableArchitectures": { - "description": "AvailableArchitectures reports the available architectures of a cluster", + }, + "links": { + "description": "A list of links related to the operator.", "items": { - "description": "AvailableArchitecture represents the state of a cluster's architecture", "properties": { - "goArch": { - "description": "GoArch is the name of the executable architecture", + "name": { "type": "string" }, - "hash": { - "description": "Hash is the hash of the executable", + "url": { "type": "string" } }, - "required": [ - "goArch", - "hash" - ], "type": "object" }, "type": "array" }, - "azurePVCUpdateEnabled": { - "description": "AzurePVCUpdateEnabled shows if the PVC online upgrade is enabled for this cluster", - "type": "boolean" - }, - "certificates": { - "description": "The configuration for the CA and related certificates, initialized with defaults.", - "properties": { - "clientCASecret": { - "description": "The secret containing the Client CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate all the client certificates.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the client certificates,\nused as `ssl_ca_file` of all the instances.
\n- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,\nthis can be omitted.
", - "type": "string" - }, - "expirations": { - "additionalProperties": { + "maintainers": { + "description": "A list of organizational entities maintaining the operator.", + "items": { + "properties": { + "email": { "type": "string" }, - "description": "Expiration dates for all certificates.", - "type": "object" - }, - "replicationTLSSecret": { - "description": "The secret of type kubernetes.io/tls containing the client certificate to authenticate as\nthe `streaming_replica` user.\nIf not defined, ClientCASecret must provide also `ca.key`, and a new secret will be\ncreated using the provided CA.", - "type": "string" - }, - "serverAltDNSNames": { - "description": "The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.", - "items": { + "name": { "type": "string" - }, - "type": "array" - }, - "serverCASecret": { - "description": "The secret containing the Server CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the server certificate,\nused as `sslrootcert` in client connection strings.
\n- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,\nthis can be omitted.
", - "type": "string" + } }, - "serverTLSSecret": { - "description": "The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as\n`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.\nIf not defined, ServerCASecret must provide also `ca.key` and a new secret will be\ncreated using the provided CA.", - "type": "string" - } + "type": "object" }, - "type": "object" + "type": "array" }, - "cloudNativePGCommitHash": { - "description": "The commit hash number of which this operator running", + "maturity": { "type": "string" }, - "cloudNativePGOperatorHash": { - "description": "The hash of the binary of the operator", + "minKubeVersion": { "type": "string" }, - "conditions": { - "description": "Conditions for cluster object", + "nativeAPIs": { "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion\nto avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "group": { "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], + "kind": { "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "version": { "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" + "group", + "kind", + "version" ], "type": "object" }, "type": "array" }, - "configMapResourceVersion": { - "description": "The list of resource versions of the configmaps,\nmanaged by the operator. Every change here is done in the\ninterest of the instance manager, which will refresh the\nconfigmap data", + "provider": { + "description": "The publishing entity behind the operator.", "properties": { - "metrics": { - "additionalProperties": { - "type": "string" - }, - "description": "A map with the versions of all the config maps used to pass metrics.\nMap keys are the config map names, map values are the versions", - "type": "object" + "name": { + "type": "string" + }, + "url": { + "type": "string" } }, "type": "object" }, - "currentPrimary": { - "description": "Current primary instance", - "type": "string" - }, - "currentPrimaryFailingSinceTimestamp": { - "description": "The timestamp when the primary was detected to be unhealthy\nThis field is reported when `.spec.failoverDelay` is populated or during online upgrades", - "type": "string" - }, - "currentPrimaryTimestamp": { - "description": "The timestamp when the last actual promotion to primary has occurred", - "type": "string" - }, - "danglingPVC": { - "description": "List of all the PVCs created by this cluster and still available\nwhich are not attached to a Pod", - "items": { - "type": "string" - }, - "type": "array" - }, - "demotionToken": { - "description": "DemotionToken is a JSON token containing the information\nfrom pg_controldata such as Database system identifier, Latest checkpoint's\nTimeLineID, Latest checkpoint's REDO location, Latest checkpoint's REDO\nWAL file, and Time of latest checkpoint", - "type": "string" - }, - "firstRecoverabilityPoint": { - "description": "The first recoverability point, stored as a date in RFC3339 format.\nThis field is calculated from the content of FirstRecoverabilityPointByMethod", - "type": "string" - }, - "firstRecoverabilityPointByMethod": { - "additionalProperties": { - "format": "date-time", - "type": "string" - }, - "description": "The first recoverability point, stored as a date in RFC3339 format, per backup method type", - "type": "object" - }, - "healthyPVC": { - "description": "List of all the PVCs not dangling nor initializing", - "items": { - "type": "string" - }, - "type": "array" - }, - "image": { - "description": "Image contains the image name used by the pods", - "type": "string" - }, - "initializingPVC": { - "description": "List of all the PVCs that are being initialized by this cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "instanceNames": { - "description": "List of instance names in the cluster", + "relatedImages": { + "description": "List any related images, or other container images that your Operator might require to perform their functions.\nThis list should also include operand images as well. All image references should be specified by\ndigest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime.", "items": { - "type": "string" - }, - "type": "array" - }, - "instances": { - "description": "The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods.", - "type": "integer" - }, - "instancesReportedState": { - "additionalProperties": { - "description": "InstanceReportedState describes the last reported state of an instance during a reconciliation loop", "properties": { - "isPrimary": { - "description": "indicates if an instance is the primary one", - "type": "boolean" + "image": { + "type": "string" }, - "timeLineID": { - "description": "indicates on which TimelineId the instance is", - "type": "integer" + "name": { + "type": "string" } }, "required": [ - "isPrimary" + "image", + "name" ], "type": "object" }, - "description": "The reported state of the instances during the last reconciliation loop", - "type": "object" - }, - "instancesStatus": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "InstancesStatus indicates in which status the instances are", - "type": "object" - }, - "jobCount": { - "description": "How many Jobs have been created by this cluster", - "format": "int32", - "type": "integer" - }, - "lastFailedBackup": { - "description": "Stored as a date in RFC3339 format", - "type": "string" - }, - "lastPromotionToken": { - "description": "LastPromotionToken is the last verified promotion token that\nwas used to promote a replica cluster", - "type": "string" + "type": "array" }, - "lastSuccessfulBackup": { - "description": "Last successful backup, stored as a date in RFC3339 format\nThis field is calculated from the content of LastSuccessfulBackupByMethod", + "replaces": { + "description": "The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV.", "type": "string" }, - "lastSuccessfulBackupByMethod": { - "additionalProperties": { - "format": "date-time", - "type": "string" - }, - "description": "Last successful backup, stored as a date in RFC3339 format, per backup method type", - "type": "object" - }, - "latestGeneratedNode": { - "description": "ID of the latest generated node (used to avoid node name clashing)", - "type": "integer" - }, - "managedRolesStatus": { - "description": "ManagedRolesStatus reports the state of the managed roles in the cluster", + "selector": { + "description": "Label selector for related resources.", "properties": { - "byStatus": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "ByStatus gives the list of roles in each state", - "type": "object" - }, - "cannotReconcile": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "CannotReconcile lists roles that cannot be reconciled in PostgreSQL,\nwith an explanation of the cause", - "type": "object" - }, - "passwordStatus": { - "additionalProperties": { - "description": "PasswordState represents the state of the password of a managed RoleConfiguration", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "resourceVersion": { - "description": "the resource version of the password secret", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "transactionID": { - "description": "the last transaction ID to affect the role definition in PostgreSQL", - "format": "int64", - "type": "integer" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "description": "PasswordStatus gives the last transaction id and password secret version for each managed role", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" - }, - "onlineUpdateEnabled": { - "description": "OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster", - "type": "boolean" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "phase": { - "description": "Current phase of the cluster", - "type": "string" + "skips": { + "description": "The name(s) of one or more CSV(s) that should be skipped in the upgrade graph.\nShould match the `metadata.Name` field of the CSV that should be skipped.\nThis field is only used during catalog creation and plays no part in cluster runtime.", + "items": { + "type": "string" + }, + "type": "array" }, - "phaseReason": { - "description": "Reason for the current phase", + "version": { "type": "string" }, - "pluginStatus": { - "description": "PluginStatus is the status of the loaded plugins", + "webhookdefinitions": { "items": { - "description": "PluginStatus is the status of a loaded plugin", + "description": "WebhookDescription provides details to OLM about required webhooks", "properties": { - "backupCapabilities": { - "description": "BackupCapabilities are the list of capabilities of the\nplugin regarding the Backup management", + "admissionReviewVersions": { "items": { "type": "string" }, "type": "array" }, - "capabilities": { - "description": "Capabilities are the list of capabilities of the\nplugin", + "containerPort": { + "default": 443, + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "conversionCRDs": { "items": { "type": "string" }, "type": "array" }, - "name": { - "description": "Name is the name of the plugin", + "deploymentName": { "type": "string" }, - "operatorCapabilities": { - "description": "OperatorCapabilities are the list of capabilities of the\nplugin regarding the reconciler", - "items": { - "type": "string" + "failurePolicy": { + "description": "FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.", + "type": "string" + }, + "generateName": { + "type": "string" + }, + "matchPolicy": { + "description": "MatchPolicyType specifies the type of match policy.", + "type": "string" + }, + "objectSelector": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "type": "array" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "restoreJobHookCapabilities": { - "description": "RestoreJobHookCapabilities are the list of capabilities of the\nplugin regarding the RestoreJobHook management", + "reinvocationPolicy": { + "description": "ReinvocationPolicyType specifies what type of policy the admission hook uses.", + "type": "string" + }, + "rules": { "items": { - "type": "string" + "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make\nsure that all the tuple expansions are valid.", + "properties": { + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions.\nIf '*' is present, the length of the slice must be one.\nRequired.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *\nfor all of those operations and any future admission operations that are added.\nIf '*' is present, the length of the slice must be one.\nRequired.", + "items": { + "description": "OperationType specifies an operation for a request.", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example:\n'pods' means pods.\n'pods/log' means the log subresource of pods.\n'*' means all resources, but not subresources.\n'pods/*' means all subresources of pods.\n'*/scale' means all scale subresources.\n'*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not\noverlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed.\nRequired.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "scope": { + "description": "scope specifies the scope of this rule.\nValid values are \"Cluster\", \"Namespaced\", and \"*\"\n\"Cluster\" means that only cluster-scoped resources will match this rule.\nNamespace API objects are cluster-scoped.\n\"Namespaced\" means that only namespaced resources will match this rule.\n\"*\" means that there are no scope restrictions.\nSubresources match the scope of their parent resource.\nDefault is \"*\".", + "type": "string" + } + }, + "type": "object" }, "type": "array" }, - "status": { - "description": "Status contain the status reported by the plugin through the SetStatusInCluster interface", + "sideEffects": { + "description": "SideEffectClass specifies the types of side effects a webhook may have.", "type": "string" }, - "version": { - "description": "Version is the version of the plugin loaded by the\nlatest reconciliation loop", + "targetPort": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + }, + "type": { + "description": "WebhookAdmissionType is the type of admission webhooks supported by OLM", + "enum": [ + "ValidatingAdmissionWebhook", + "MutatingAdmissionWebhook", + "ConversionWebhook" + ], "type": "string" }, - "walCapabilities": { - "description": "WALCapabilities are the list of capabilities of the\nplugin regarding the WAL management", - "items": { - "type": "string" - }, - "type": "array" + "webhookPath": { + "type": "string" } }, "required": [ - "name", - "version" + "admissionReviewVersions", + "generateName", + "sideEffects", + "type" ], "type": "object" }, "type": "array" - }, - "poolerIntegrations": { - "description": "The integration needed by poolers referencing the cluster", - "properties": { - "pgBouncerIntegration": { - "description": "PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster", - "properties": { - "secrets": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "pvcCount": { - "description": "How many PVCs have been created by this cluster", - "format": "int32", - "type": "integer" - }, - "readService": { - "description": "Current list of read pods", + } + }, + "required": [ + "displayName", + "install" + ], + "type": "object" + }, + "status": { + "description": "ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual\nstate of a system.", + "properties": { + "certsLastUpdated": { + "description": "Last time the owned APIService certs were updated", + "format": "date-time", "type": "string" }, - "readyInstances": { - "description": "The total number of ready instances in the cluster. It is equal to the number of ready instance pods.", - "type": "integer" - }, - "resizingPVC": { - "description": "List of all the PVCs that have ResizingPVC condition.", - "items": { - "type": "string" - }, - "type": "array" + "certsRotateAt": { + "description": "Time the owned APIService certs will rotate next", + "format": "date-time", + "type": "string" }, - "secretsResourceVersion": { - "description": "The list of resource versions of the secrets\nmanaged by the operator. Every change here is done in the\ninterest of the instance manager, which will refresh the\nsecret data", + "cleanup": { + "description": "CleanupStatus represents information about the status of cleanup while a CSV is pending deletion", "properties": { - "applicationSecretVersion": { - "description": "The resource version of the \"app\" user secret", - "type": "string" - }, - "barmanEndpointCA": { - "description": "The resource version of the Barman Endpoint CA if provided", - "type": "string" - }, - "caSecretVersion": { - "description": "Unused. Retained for compatibility with old versions.", - "type": "string" - }, - "clientCaSecretVersion": { - "description": "The resource version of the PostgreSQL client-side CA secret version", - "type": "string" - }, - "externalClusterSecretVersion": { - "additionalProperties": { - "type": "string" - }, - "description": "The resource versions of the external cluster secrets", - "type": "object" - }, - "managedRoleSecretVersion": { - "additionalProperties": { - "type": "string" - }, - "description": "The resource versions of the managed roles secrets", - "type": "object" - }, - "metrics": { - "additionalProperties": { - "type": "string" + "pendingDeletion": { + "description": "PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers.\nThis indicates the progress of cleanup that is blocking CSV deletion or operator uninstall.", + "items": { + "description": "ResourceList represents a list of resources which are of the same Group/Kind", + "properties": { + "group": { + "type": "string" + }, + "instances": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "description": "Namespace can be empty for cluster-scoped resources", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "kind": { + "type": "string" + } + }, + "required": [ + "group", + "instances", + "kind" + ], + "type": "object" }, - "description": "A map with the versions of all the secrets used to pass metrics.\nMap keys are the secret names, map values are the versions", - "type": "object" - }, - "replicationSecretVersion": { - "description": "The resource version of the \"streaming_replica\" user secret", - "type": "string" - }, - "serverCaSecretVersion": { - "description": "The resource version of the PostgreSQL server-side CA secret version", - "type": "string" - }, - "serverSecretVersion": { - "description": "The resource version of the PostgreSQL server-side secret version", - "type": "string" - }, - "superuserSecretVersion": { - "description": "The resource version of the \"postgres\" user secret", - "type": "string" - } - }, - "type": "object" - }, - "switchReplicaClusterStatus": { - "description": "SwitchReplicaClusterStatus is the status of the switch to replica cluster", - "properties": { - "inProgress": { - "description": "InProgress indicates if there is an ongoing procedure of switching a cluster to a replica cluster.", - "type": "boolean" + "type": "array" } }, "type": "object" - }, - "tablespacesStatus": { - "description": "TablespacesStatus reports the state of the declarative tablespaces in the cluster", + }, + "conditions": { + "description": "List of conditions, a history of state transitions", "items": { - "description": "TablespaceState represents the state of a tablespace in a cluster", + "description": "Conditions appear in the status as a record of state transitions on the ClusterServiceVersion", "properties": { - "error": { - "description": "Error is the reconciliation error, if any", + "lastTransitionTime": { + "description": "Last time the status transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "name": { - "description": "Name is the name of the tablespace", + "lastUpdateTime": { + "description": "Last time we updated the status", + "format": "date-time", "type": "string" }, - "owner": { - "description": "Owner is the PostgreSQL user owning the tablespace", + "message": { + "description": "A human readable message indicating details about why the ClusterServiceVersion is in this condition.", "type": "string" }, - "state": { - "description": "State is the latest reconciliation state", + "phase": { + "description": "Condition of the ClusterServiceVersion", + "type": "string" + }, + "reason": { + "description": "A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state.\ne.g. 'RequirementsNotMet'", "type": "string" } }, - "required": [ - "name", - "state" - ], "type": "object" }, "type": "array" }, - "targetPrimary": { - "description": "Target primary instance, this is different from the previous one\nduring a switchover or a failover", + "lastTransitionTime": { + "description": "Last time the status transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "targetPrimaryTimestamp": { - "description": "The timestamp when the last request for a new primary has occurred", + "lastUpdateTime": { + "description": "Last time we updated the status", + "format": "date-time", "type": "string" }, - "timelineID": { - "description": "The timeline of the Postgres cluster", - "type": "integer" - }, - "topology": { - "description": "Instances topology.", - "properties": { - "instances": { - "additionalProperties": { - "additionalProperties": { - "type": "string" - }, - "description": "PodTopologyLabels represent the topology of a Pod. map[labelName]labelValue", - "type": "object" - }, - "description": "Instances contains the pod topology of the instances", - "type": "object" - }, - "nodesUsed": { - "description": "NodesUsed represents the count of distinct nodes accommodating the instances.\nA value of '1' suggests that all instances are hosted on a single node,\nimplying the absence of High Availability (HA). Ideally, this value should\nbe the same as the number of instances in the Postgres HA cluster, implying\nshared nothing architecture on the compute side.", - "format": "int32", - "type": "integer" - }, - "successfullyExtracted": { - "description": "SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors\nin synchronous replica election in case of failures", - "type": "boolean" - } - }, - "type": "object" + "message": { + "description": "A human readable message indicating details about why the ClusterServiceVersion is in this condition.", + "type": "string" }, - "unusablePVC": { - "description": "List of all the PVCs that are unusable because another PVC is missing", - "items": { - "type": "string" - }, - "type": "array" + "phase": { + "description": "Current condition of the ClusterServiceVersion", + "type": "string" }, - "writeService": { - "description": "Current write pod", + "reason": { + "description": "A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state.\ne.g. 'RequirementsNotMet'", "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Cluster", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ClusterImageCatalog": { - "description": "ClusterImageCatalog is the Schema for the clusterimagecatalogs API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the ClusterImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "images": { - "description": "List of CatalogImages available in the catalog", + }, + "requirementStatus": { + "description": "The status of each requirement for this CSV", "items": { - "description": "CatalogImage defines the image and major version", "properties": { - "image": { - "description": "The image reference", + "dependents": { + "items": { + "description": "DependentStatus is the status for a dependent requirement (to prevent infinite nesting)", + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "description": "StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus", + "type": "string" + }, + "uuid": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "group", + "kind", + "status", + "version" + ], + "type": "object" + }, + "type": "array" + }, + "group": { "type": "string" }, - "major": { - "description": "The PostgreSQL major version of the image. Must be unique within the catalog.", - "minimum": 10, - "type": "integer" + "kind": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "description": "StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus", + "type": "string" + }, + "uuid": { + "type": "string" + }, + "version": { + "type": "string" } }, "required": [ - "image", - "major" + "group", + "kind", + "message", + "name", + "status", + "version" ], "type": "object" }, - "maxItems": 8, - "minItems": 1, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "Images must have unique major versions", - "rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)" - } - ] + "type": "array" } }, - "required": [ - "images" - ], "type": "object" } }, @@ -293774,54 +244171,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ClusterImageCatalog", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ClusterImageCatalogList": { - "description": "ClusterImageCatalogList is a list of ClusterImageCatalog", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterimagecatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ClusterImageCatalog" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ClusterImageCatalogList", - "version": "v1" + "group": "operators.coreos.com", + "kind": "ClusterServiceVersion", + "version": "v1alpha1" } ] }, - "postgresql.cnpg.noobaa.io/v1/ClusterList": { - "description": "ClusterList is a list of Cluster", + "operators.coreos.com/v1alpha1/ClusterServiceVersionList": { + "description": "ClusterServiceVersionList is a list of ClusterServiceVersion", "namespaced": true, "properties": { "apiVersion": { @@ -293829,9 +244186,9 @@ "type": "string" }, "items": { - "description": "List of clusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of clusterserviceversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Cluster" + "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.ClusterServiceVersion" }, "type": "array" }, @@ -293854,14 +244211,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ClusterList", - "version": "v1" + "group": "operators.coreos.com", + "kind": "ClusterServiceVersionList", + "version": "v1alpha1" } ] }, - "postgresql.cnpg.noobaa.io/v1/Database": { - "description": "Database is the Schema for the databases API", + "operators.coreos.com/v1alpha1/InstallPlan": { + "description": "InstallPlan defines the installation of a set of operators.", "namespaced": true, "properties": { "apiVersion": { @@ -293881,1527 +244238,573 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired Database.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "InstallPlanSpec defines a set of Application resources to be installed", "properties": { - "allowConnections": { - "description": "Maps to the `ALLOW_CONNECTIONS` parameter of `CREATE DATABASE` and\n`ALTER DATABASE`. If false then no one can connect to this database.", - "type": "boolean" - }, - "builtinLocale": { - "description": "Maps to the `BUILTIN_LOCALE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. Specifies the locale name when the\nbuiltin provider is used. This option requires `localeProvider` to\nbe set to `builtin`. Available from PostgreSQL 17.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "builtinLocale is immutable", - "rule": "self == oldSelf" - } - ] - }, - "cluster": { - "description": "The name of the PostgreSQL cluster hosting the database.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "collationVersion": { - "description": "Maps to the `COLLATION_VERSION` parameter of `CREATE DATABASE`. This\nsetting cannot be changed.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "collationVersion is immutable", - "rule": "self == oldSelf" - } - ] - }, - "connectionLimit": { - "description": "Maps to the `CONNECTION LIMIT` clause of `CREATE DATABASE` and\n`ALTER DATABASE`. How many concurrent connections can be made to\nthis database. -1 (the default) means no limit.", - "type": "integer" - }, - "databaseReclaimPolicy": { - "default": "retain", - "description": "The policy for end-of-life maintenance of this database.", - "enum": [ - "delete", - "retain" - ], - "type": "string" - }, - "encoding": { - "description": "Maps to the `ENCODING` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Character set encoding to use in the database.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "encoding is immutable", - "rule": "self == oldSelf" - } - ] - }, - "ensure": { - "default": "present", - "description": "Ensure the PostgreSQL database is `present` or `absent` - defaults to \"present\".", - "enum": [ - "present", - "absent" - ], + "approval": { + "description": "Approval is the user approval policy for an InstallPlan.\nIt must be one of \"Automatic\" or \"Manual\".", "type": "string" }, - "icuLocale": { - "description": "Maps to the `ICU_LOCALE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. Specifies the ICU locale when the ICU\nprovider is used. This option requires `localeProvider` to be set to\n`icu`. Available from PostgreSQL 15.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "icuLocale is immutable", - "rule": "self == oldSelf" - } - ] - }, - "icuRules": { - "description": "Maps to the `ICU_RULES` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Specifies additional collation rules to customize\nthe behavior of the default collation. This option requires\n`localeProvider` to be set to `icu`. Available from PostgreSQL 16.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "icuRules is immutable", - "rule": "self == oldSelf" - } - ] - }, - "isTemplate": { - "description": "Maps to the `IS_TEMPLATE` parameter of `CREATE DATABASE` and `ALTER\nDATABASE`. If true, this database is considered a template and can\nbe cloned by any user with `CREATEDB` privileges.", + "approved": { "type": "boolean" }, - "locale": { - "description": "Maps to the `LOCALE` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Sets the default collation order and character\nclassification in the new database.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "locale is immutable", - "rule": "self == oldSelf" - } - ] - }, - "localeCType": { - "description": "Maps to the `LC_CTYPE` parameter of `CREATE DATABASE`. This setting\ncannot be changed.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "localeCType is immutable", - "rule": "self == oldSelf" - } - ] - }, - "localeCollate": { - "description": "Maps to the `LC_COLLATE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "localeCollate is immutable", - "rule": "self == oldSelf" - } - ] - }, - "localeProvider": { - "description": "Maps to the `LOCALE_PROVIDER` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. This option sets the locale provider for\ndatabases created in the new cluster. Available from PostgreSQL 16.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "localeProvider is immutable", - "rule": "self == oldSelf" - } - ] - }, - "name": { - "description": "The name of the database to create inside PostgreSQL. This setting cannot be changed.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "name is immutable", - "rule": "self == oldSelf" - }, - { - "message": "the name postgres is reserved", - "rule": "self != 'postgres'" - }, - { - "message": "the name template0 is reserved", - "rule": "self != 'template0'" - }, - { - "message": "the name template1 is reserved", - "rule": "self != 'template1'" - } - ] + "clusterServiceVersionNames": { + "items": { + "type": "string" + }, + "type": "array" }, - "owner": { - "description": "Maps to the `OWNER` parameter of `CREATE DATABASE`.\nMaps to the `OWNER TO` command of `ALTER DATABASE`.\nThe role name of the user who owns the database inside PostgreSQL.", - "type": "string" + "generation": { + "type": "integer" }, - "tablespace": { - "description": "Maps to the `TABLESPACE` parameter of `CREATE DATABASE`.\nMaps to the `SET TABLESPACE` command of `ALTER DATABASE`.\nThe name of the tablespace (in PostgreSQL) that will be associated\nwith the new database. This tablespace will be the default\ntablespace used for objects created in this database.", + "source": { "type": "string" }, - "template": { - "description": "Maps to the `TEMPLATE` parameter of `CREATE DATABASE`. This setting\ncannot be changed. The name of the template from which to create\nthis database.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "template is immutable", - "rule": "self == oldSelf" - } - ] - } - }, - "required": [ - "cluster", - "name", - "owner" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "builtinLocale is only available when localeProvider is set to `builtin`", - "rule": "!has(self.builtinLocale) || self.localeProvider == 'builtin'" - }, - { - "message": "icuLocale is only available when localeProvider is set to `icu`", - "rule": "!has(self.icuLocale) || self.localeProvider == 'icu'" - }, - { - "message": "icuRules is only available when localeProvider is set to `icu`", - "rule": "!has(self.icuRules) || self.localeProvider == 'icu'" - } - ] - }, - "status": { - "description": "Most recently observed status of the Database. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "applied": { - "description": "Applied is true if the database was reconciled correctly", - "type": "boolean" - }, - "message": { - "description": "Message is the reconciliation output message", + "sourceNamespace": { "type": "string" - }, - "observedGeneration": { - "description": "A sequence number representing the latest\ndesired state that was synchronized", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Database", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/DatabaseList": { - "description": "DatabaseList is a list of Database", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of databases. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Database" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "DatabaseList", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ImageCatalog": { - "description": "ImageCatalog is the Schema for the imagecatalogs API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the ImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "images": { - "description": "List of CatalogImages available in the catalog", - "items": { - "description": "CatalogImage defines the image and major version", - "properties": { - "image": { - "description": "The image reference", - "type": "string" - }, - "major": { - "description": "The PostgreSQL major version of the image. Must be unique within the catalog.", - "minimum": 10, - "type": "integer" - } - }, - "required": [ - "image", - "major" - ], - "type": "object" - }, - "maxItems": 8, - "minItems": 1, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "Images must have unique major versions", - "rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)" - } - ] } }, "required": [ - "images" + "approval", + "approved", + "clusterServiceVersionNames" ], "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ImageCatalog", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ImageCatalogList": { - "description": "ImageCatalogList is a list of ImageCatalog", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of imagecatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ImageCatalog" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ImageCatalogList", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/Pooler": { - "description": "Pooler is the Schema for the poolers API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the Pooler.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "status": { + "description": "InstallPlanStatus represents the information about the status of\nsteps required to complete installation.\n\nStatus may trail the actual state of a system.", "properties": { - "cluster": { - "description": "This is the cluster reference on which the Pooler will work.\nPooler name should never match with any cluster name within the same namespace.", + "attenuatedServiceAccountRef": { + "description": "AttenuatedServiceAccountRef references the service account that is used\nto do scoped operator install.", "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, "name": { - "description": "Name of the referent.", + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "deploymentStrategy": { - "description": "The deployment strategy to use for pgbouncer to replace existing pods with new ones", - "properties": { - "rollingUpdate": { - "description": "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.", - "properties": { - "maxSurge": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods.", - "x-kubernetes-int-or-string": true - }, - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods.", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" }, - "type": { - "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object" - }, - "instances": { - "default": 1, - "description": "The number of replicas we want. Default: 1.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "monitoring": { - "description": "The configuration of the monitoring infrastructure of this pooler.", - "properties": { - "enablePodMonitor": { - "default": false, - "description": "Enable or disable the `PodMonitor`", - "type": "boolean" - }, - "podMonitorMetricRelabelings": { - "description": "The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "bundleLookups": { + "description": "BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster.", + "items": { + "description": "BundleLookup is a request to pull and unpackage the content of a bundle to the cluster.", + "properties": { + "catalogSourceRef": { + "description": "CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from.", "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], + "apiVersion": { + "description": "API version of the referent.", "type": "string" }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", - "type": "string" - }, - "type": "array" + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array" - }, - "podMonitorRelabelings": { - "description": "The list of relabelings for the `PodMonitor`. Applied to samples before scraping.", - "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "properties": { - "action": { - "default": "replace", - "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", - "enum": [ - "replace", - "Replace", - "keep", - "Keep", - "drop", - "Drop", - "hashmod", - "HashMod", - "labelmap", - "LabelMap", - "labeldrop", - "LabelDrop", - "labelkeep", - "LabelKeep", - "lowercase", - "Lowercase", - "uppercase", - "Uppercase", - "keepequal", - "KeepEqual", - "dropequal", - "DropEqual" - ], - "type": "string" - }, - "modulus": { - "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", - "format": "int64", - "type": "integer" - }, - "regex": { - "description": "Regular expression against which the extracted value is matched.", - "type": "string" - }, - "replacement": { - "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", - "type": "string" - }, - "separator": { - "description": "Separator is the string between concatenated SourceLabels.", - "type": "string" - }, - "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", - "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", - "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "conditions": { + "description": "Conditions represents the overall state of a BundleLookup.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", "type": "string" }, - "type": "array" + "lastUpdateTime": { + "description": "Last time the condition was probed.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type of condition.", + "type": "string" + } }, - "targetLabel": { - "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", - "type": "string" - } + "required": [ + "status", + "type" + ], + "type": "object" }, - "type": "object" + "type": "array" + }, + "identifier": { + "description": "Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs)", + "type": "string" + }, + "path": { + "description": "Path refers to the location of a bundle to pull.\nIt's typically an image reference.", + "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "pgbouncer": { - "description": "The PgBouncer configuration", - "properties": { - "authQuery": { - "description": "The query that will be used to download the hash of the password\nof a certain user. Default: \"SELECT usename, passwd FROM public.user_search($1)\".\nIn case it is specified, also an AuthQuerySecret has to be specified and\nno automatic CNPG Cluster integration will be triggered.", - "type": "string" - }, - "authQuerySecret": { - "description": "The credentials of the user that need to be used for the authentication\nquery. In case it is specified, also an AuthQuery\n(e.g. \"SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1\")\nhas to be specified and no automatic CNPG Cluster integration will be triggered.", "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } + "description": "The effective properties of the unpacked bundle.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "replaces": { + "description": "Replaces is the name of the bundle to replace with the one found at Path.", + "type": "string" + } }, - "parameters": { - "additionalProperties": { + "required": [ + "catalogSourceRef", + "identifier", + "path", + "replaces" + ], + "type": "object" + }, + "type": "array" + }, + "catalogSources": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "items": { + "description": "InstallPlanCondition represents the overall status of the execution of\nan InstallPlan.", + "properties": { + "lastTransitionTime": { + "format": "date-time", "type": "string" }, - "description": "Additional parameters to be passed to PgBouncer - please check\nthe CNPG documentation for a list of options you can configure", - "type": "object" - }, - "paused": { - "default": false, - "description": "When set to `true`, PgBouncer will disconnect from the PostgreSQL\nserver, first waiting for all queries to complete, and pause all new\nclient connections until this value is set to `false` (default). Internally,\nthe operator calls PgBouncer's `PAUSE` and `RESUME` commands.", - "type": "boolean" - }, - "pg_hba": { - "description": "PostgreSQL Host Based Authentication rules (lines to be appended\nto the pg_hba.conf file)", - "items": { + "lastUpdateTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "description": "ConditionReason is a camelcased reason for the state transition.", "type": "string" }, - "type": "array" + "status": { + "type": "string" + }, + "type": { + "description": "InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole.", + "type": "string" + } }, - "poolMode": { - "default": "session", - "description": "The pool mode. Default: `session`.", - "enum": [ - "session", - "transaction" - ], - "type": "string" - } + "type": "object" }, - "type": "object" + "type": "array" }, - "serviceTemplate": { - "description": "Template for the Service to be created", - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { + "message": { + "description": "Message is a human-readable message containing detailed\ninformation that may be important to understanding why the\nplan has its current status.", + "type": "string" + }, + "phase": { + "description": "InstallPlanPhase is the current status of a InstallPlan as a whole.", + "type": "string" + }, + "plan": { + "items": { + "description": "Step represents the status of an individual step in an InstallPlan.", + "properties": { + "optional": { + "type": "boolean" + }, + "resolving": { + "type": "string" + }, + "resource": { + "description": "StepResource represents the status of a resource to be tracked by an\nInstallPlan.", + "properties": { + "group": { "type": "string" }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { + "kind": { "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "The name of the resource. Only supported for certain types", - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the service.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "allocateLoadBalancerNodePorts": { - "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type.", - "type": "boolean" - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "clusterIPs": { - "description": "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "items": { + "manifest": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system.", - "items": { + "name": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "externalName": { - "description": "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node.", - "type": "string" - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set.", - "format": "int32", - "type": "integer" - }, - "internalTrafficPolicy": { - "description": "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features).", - "type": "string" - }, - "ipFamilies": { - "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field.", - "items": { - "description": "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).", + "sourceName": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ipFamilyPolicy": { - "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName.", - "type": "string" - }, - "loadBalancerClass": { - "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", - "items": { + "sourceNamespace": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ports": { - "description": "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "items": { - "description": "ServicePort contains information on service's port.", - "properties": { - "appProtocol": { - "description": "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol.", - "type": "string" - }, - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service.", - "type": "string" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "format": "int32", - "type": "integer" - }, - "port": { - "description": "The port that will be exposed by this service.", - "format": "int32", - "type": "integer" - }, - "protocol": { - "default": "TCP", - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP.", - "type": "string" - }, - "targetPort": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "port", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior.", - "type": "boolean" - }, - "selector": { - "additionalProperties": { + "version": { "type": "string" - }, - "description": "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "sessionAffinityConfig": { - "description": "sessionAffinityConfig contains the configurations of session affinity.", - "properties": { - "clientIP": { - "description": "clientIP contains the configurations of Client IP based session affinity.", - "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours).", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "trafficDistribution": { - "description": "TrafficDistribution offers a way to express preferences for how traffic is\ndistributed to Service endpoints. Implementations can use this field as a\nhint, but are not required to guarantee strict adherence. If the field is\nnot set, the implementation will apply its default routing strategy. If set\nto \"PreferClose\", implementations should prioritize endpoints that are\ntopologically close (e.g., same zone).\nThis is a beta field and requires enabling ServiceTrafficDistribution feature.", - "type": "string" + } }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", - "type": "string" - } + "required": [ + "group", + "kind", + "name", + "sourceName", + "sourceNamespace", + "version" + ], + "type": "object" }, - "type": "object" - } + "status": { + "description": "StepStatus is the current status of a particular resource an in\nInstallPlan", + "type": "string" + } + }, + "required": [ + "resolving", + "resource", + "status" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "template": { - "description": "The template of the Pod to be created", + "startTime": { + "description": "StartTime is the time when the controller began applying\nthe resources listed in the plan to the cluster.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "catalogSources", + "phase" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "InstallPlan", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha1/InstallPlanList": { + "description": "InstallPlanList is a list of InstallPlan", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of installplans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.InstallPlan" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "InstallPlanList", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha1/Subscription": { + "description": "Subscription keeps operators up to date by tracking changes to Catalogs.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "SubscriptionSpec defines an Application that can be installed", + "properties": { + "channel": { + "type": "string" + }, + "config": { + "description": "SubscriptionConfig contains configuration specified for a subscription.", "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", - "type": "object" - }, - "name": { - "description": "The name of the resource. Only supported for certain types", - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "affinity": { + "description": "If specified, overrides the pod's scheduling constraints.\nnil sub-attributes will *not* override the original values in the pod.spec for those sub-attributes.\nUse empty object ({}) to erase original sub-attribute values.", "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", - "format": "int64", - "type": "integer" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "matchFields": { + "description": "A list of node selector requirements by node's fields.", "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", @@ -295449,7 +244852,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -295457,7 +244860,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, @@ -295527,4752 +244930,6466 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, + "required": [ + "podAffinityTerm", + "weight" + ], "type": "object" }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { - "description": "The header field value", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { + "matchLabels": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "required": [ - "port" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { - "description": "The header field value", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "type": "string" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "x-kubernetes-list-type": "atomic" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, + "required": [ + "topologyKey" + ], "type": "object" }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", - "type": "string" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { - "description": "Capability represent POSIX capabilities type", "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "drop": { - "description": "Removed capabilities", + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", "items": { - "description": "Capability represent POSIX capabilities type", "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "type" + "topologyKey" ], "type": "object" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, + "required": [ + "podAffinityTerm", + "weight" + ], "type": "object" }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "type": "string" + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "required": [ - "port" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { - "description": "The header field value", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "port" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with each Deployment, Pod, APIService in the Operator.\nTypically, annotations may be set by external tools to store and retrieve arbitrary metadata.\nUse this field to pre-define annotations that OLM should add to each of the Subscription's\ndeployments, pods, and apiservices.", + "type": "object" + }, + "env": { + "description": "Env is a list of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + { + "type": "string" } - }, - "required": [ - "port" ], - "type": "object" + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "envFrom": { + "description": "EnvFrom is a list of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nImmutable.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" + }, + "resources": { + "description": "Resources represents compute resources required by this container.\nImmutable.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + { "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "Selector is the label selector for pods to be configured.\nExisting ReplicaSets whose pods are\nselected by this will be the ones affected by this deployment.\nIt must match the pod template's labels.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", - "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" - } - }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" + "type": "string" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" - }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tolerations": { + "description": "Tolerations are the pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumeMounts": { + "description": "List of VolumeMounts to set in the container.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "volumes": { + "description": "List of Volumes to set in the podSpec.", + "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } - }, - "type": "object" + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + } }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", - "items": { + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" }, - "type": "object" - }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", - "type": "string" - }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", - "type": "boolean" - }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "items": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", + "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { - "description": "EnvVar represents an environment variable present in a Container.", + "description": "Maps a string key to a path within a volume.", "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "key": { + "description": "key is the key to project.", "type": "string" }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" } }, "required": [ - "name" + "key", + "path" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps", + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" } }, + "required": [ + "fieldPath" + ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "prefix": { - "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, - "secretRef": { - "description": "The Secret to select from", + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" } }, + "required": [ + "resource" + ], "type": "object", "x-kubernetes-map-type": "atomic" } }, + "required": [ + "path" + ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" + "kind", + "name" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } }, "required": [ - "port" + "kind", + "name" ], "type": "object" - } - }, - "type": "object" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } }, "type": "object" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { - "description": "The header field value", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "properties": { + "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "properties": { + "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", "type": "integer" }, - { + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } + }, + "required": [ + "key", + "path" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "port" - ], - "type": "object" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "seconds" - ], - "type": "object" + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", "type": "integer" }, - { + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } + }, + "required": [ + "path" ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } + "type": "object" }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "secret": { + "description": "secret information about the secret data to project", + "properties": { "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } }, - "value": { - "description": "The header field value", - "type": "string" - } + "required": [ + "key", + "path" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", - "type": "string" - }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, "required": [ - "name" + "path" ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "properties": { + "group": { + "description": "group to map volume access to\nDefault is no group", + "type": "string" }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" - }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", + "user": { + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" } }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", + "description": "Maps a string key to a path within a volume.", "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", + "key": { + "description": "key is the key to project.", "type": "string" }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, "required": [ - "devicePath", - "name" + "key", + "path" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", - "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" - }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - }, - "required": [ - "mountPath", - "name" - ], - "type": "object" + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, "required": [ - "name" + "volumePath" ], "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "installPlanApproval": { + "description": "Approval is the user approval policy for an InstallPlan.\nIt must be one of \"Automatic\" or \"Manual\".", + "type": "string" + }, + "name": { + "type": "string" + }, + "source": { + "type": "string" + }, + "sourceNamespace": { + "type": "string" + }, + "startingCSV": { + "type": "string" + } + }, + "required": [ + "name", + "source", + "sourceNamespace" + ], + "type": "object" + }, + "status": { + "properties": { + "catalogHealth": { + "description": "CatalogHealth contains the Subscription's view of its relevant CatalogSources' status.\nIt is used to determine SubscriptionStatusConditions related to CatalogSources.", + "items": { + "description": "SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about.", + "properties": { + "catalogSourceRef": { + "description": "CatalogSourceRef is a reference to a CatalogSource.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "healthy": { + "description": "Healthy is true if the CatalogSource is healthy; false otherwise.", + "type": "boolean" + }, + "lastUpdated": { + "description": "LastUpdated represents the last time that the CatalogSourceHealth changed", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "catalogSourceRef", + "healthy", + "lastUpdated" + ], + "type": "object" + }, + "type": "array" + }, + "conditions": { + "description": "Conditions is a list of the latest available observations about a Subscription's current state.", + "items": { + "description": "SubscriptionCondition represents the latest available observations of a Subscription's state.", + "properties": { + "lastHeartbeatTime": { + "description": "LastHeartbeatTime is the last time we got an update on a given condition", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "LastTransitionTime is the last time the condition transit from one status to another", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is a human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Reason is a one-word CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of Subscription condition.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "currentCSV": { + "description": "CurrentCSV is the CSV the Subscription is progressing to.", + "type": "string" + }, + "installPlanGeneration": { + "description": "InstallPlanGeneration is the current generation of the installplan", + "type": "integer" + }, + "installPlanRef": { + "description": "InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "installedCSV": { + "description": "InstalledCSV is the CSV currently installed by the Subscription.", + "type": "string" + }, + "installplan": { + "description": "Install is a reference to the latest InstallPlan generated for the Subscription.\nDEPRECATED: InstallPlanRef", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uuid": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uuid" + ], + "type": "object" + }, + "lastUpdated": { + "description": "LastUpdated represents the last time that the Subscription status was updated.", + "format": "date-time", + "type": "string" + }, + "reason": { + "description": "Reason is the reason the Subscription was transitioned to its current state.", + "type": "string" + }, + "state": { + "description": "State represents the current state of the Subscription", + "type": "string" + } + }, + "required": [ + "lastUpdated" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "Subscription", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha1/SubscriptionList": { + "description": "SubscriptionList is a list of Subscription", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of subscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1alpha1.Subscription" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "SubscriptionList", + "version": "v1alpha1" + } + ] + }, + "operators.coreos.com/v1alpha2/OperatorGroup": { + "description": "OperatorGroup is the unit of multitenancy for OLM managed operators.\nIt constrains the installation of operators in its namespace to a specified set of target namespaces.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OperatorGroupSpec is the spec for an OperatorGroup resource.", + "properties": { + "selector": { + "description": "Selector selects the OperatorGroup's target namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the admin specified service account which will be\nused to deploy operator(s) in this operator group.", + "type": "string" + }, + "staticProvidedAPIs": { + "description": "Static tells OLM not to update the OperatorGroup's providedAPIs annotation", + "type": "boolean" + }, + "targetNamespaces": { + "description": "TargetNamespaces is an explicit set of namespaces to target.\nIf it is set, Selector is ignored.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "OperatorGroupStatus is the status for an OperatorGroupResource.", + "properties": { + "lastUpdated": { + "description": "LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated.", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces is the set of target namespaces for the OperatorGroup.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceAccountRef": { + "description": "ServiceAccountRef references the service account object specified.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "lastUpdated" + ], + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorGroup", + "version": "v1alpha2" + } + ] + }, + "operators.coreos.com/v1alpha2/OperatorGroupList": { + "description": "OperatorGroupList is a list of OperatorGroup", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operatorgroups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v1alpha2.OperatorGroup" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorGroupList", + "version": "v1alpha2" + } + ] + }, + "operators.coreos.com/v2/OperatorCondition": { + "description": "OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "OperatorConditionSpec allows an operator to report state to OLM and provides\ncluster admin with the ability to manually override state reported by the operator.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "deployments": { + "items": { + "type": "string" + }, + "type": "array" + }, + "overrides": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "serviceAccounts": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "status": { + "description": "OperatorConditionStatus allows OLM to convey which conditions have been observed.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorCondition", + "version": "v2" + } + ] + }, + "operators.coreos.com/v2/OperatorConditionList": { + "description": "OperatorConditionList is a list of OperatorCondition", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of operatorconditions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/com.coreos.operators.v2.OperatorCondition" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "operators.coreos.com", + "kind": "OperatorConditionList", + "version": "v2" + } + ] + }, + "packages.operators.coreos.com/v1/PackageManifest": { + "description": "PackageManifest holds information about a package, which is a reference to one (or more) channels under a single package.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {} + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestSpec" + } + ], + "default": {} + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifestStatus" + } + ], + "default": {} + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "packages.operators.coreos.com", + "kind": "PackageManifest", + "version": "v1" + } + ] + }, + "packages.operators.coreos.com/v1/PackageManifestList": { + "description": "PackageManifestList is a list of PackageManifest objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.operator-framework.operator-lifecycle-manager.pkg.package-server.apis.operators.v1.PackageManifest" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {} + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "packages.operators.coreos.com", + "kind": "PackageManifestList", + "version": "v1" + } + ] + }, + "performance.openshift.io/v1/PerformanceProfile": { + "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "properties": { + "additionalKernelArgs": { + "description": "Additional kernel arguments.", + "items": { + "type": "string" + }, + "type": "array" + }, + "cpu": { + "description": "CPU defines a set of CPU related parameters.", + "properties": { + "balanceIsolated": { + "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", + "type": "boolean" + }, + "isolated": { + "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", + "type": "string" + }, + "offlined": { + "description": "Offline defines a set of CPUs that will be unused and set offline", + "type": "string" + }, + "reserved": { + "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", + "type": "string" + } + }, + "required": [ + "isolated" + ], + "type": "object" + }, + "globallyDisableIrqLoadBalancing": { + "description": "GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set.\nWhen the option is set to \"true\" it disables IRQs load balancing for the Isolated CPU set.\nSetting the option to \"false\" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing\ncan be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations.\nDefaults to \"false\"", + "type": "boolean" + }, + "hardwareTuning": { + "description": "HardwareTuning defines a set of CPU frequencies for isolated and reserved cpus.\nIt is an optional parameter and requires vendor recommendation to find suitable frequencies.\nThe intention is to set higher frequency for reserved cpus where\nplatform application is running while setting isolated cpus frequency to match\nvendor recommendation.", + "properties": { + "isolatedCpuFreq": { + "description": "IsolatedCpuFreq defines a minimum frequency to be set across isolated cpus", + "type": "integer" + }, + "reservedCpuFreq": { + "description": "ReservedCpuFreq defines a maximum frequency to be set across reserved cpus", + "type": "integer" + } + }, + "type": "object" + }, + "hugepages": { + "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the performance-addon-operator.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", + "properties": { + "defaultHugepagesSize": { + "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", + "type": "string" + }, + "pages": { + "description": "Pages defines huge pages that we want to allocate at boot time.", + "items": { + "description": "HugePage defines the number of allocated huge pages of the specific size.", + "properties": { + "count": { + "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", + "format": "int32", + "type": "integer" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", - "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", - "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string" - } - }, - "required": [ - "ip" - ], - "type": "object" + "node": { + "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", + "format": "int32", + "type": "integer" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - }, - "hostIPC": { - "description": "Use the host's ipc namespace.\nOptional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", - "type": "boolean" + "size": { + "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", + "type": "string" + } }, - "hostPID": { - "description": "Use the host's pid namespace.\nOptional: Default to false.", - "type": "boolean" + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "machineConfigLabel": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "machineConfigPoolSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "net": { + "description": "Net defines a set of network related features", + "properties": { + "devices": { + "description": "Devices contains a list of network device representations that will be\nset with a netqueue count equal to CPU.Reserved .\nIf no devices are specified then the default is all devices.", + "items": { + "description": "Device defines a way to represent a network device in several options:\ndevice name, vendor ID, model ID, PCI path and MAC address", + "properties": { + "deviceID": { + "description": "Network device ID (model) represnted as a 16 bit hexmadecimal number.", + "type": "string" + }, + "interfaceName": { + "description": "Network device name to be matched. It uses a syntax of shell-style wildcards which are either positive or negative.", + "type": "string" + }, + "vendorID": { + "description": "Network device vendor ID represnted as a 16 bit Hexmadecimal number.", + "type": "string" + } }, - "hostUsers": { - "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" + "type": "object" + }, + "type": "array" + }, + "userLevelNetworking": { + "description": "UserLevelNetworking when enabled - sets either all or specified network devices queue size to the amount of reserved CPUs. Defaults to \"false\".", + "type": "boolean" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.\nIn the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format\n/: \"\" in order to be able to calculate the default values for the former mentioned fields.", + "type": "object" + }, + "numa": { + "description": "NUMA defines options related to topology aware affinities", + "properties": { + "topologyPolicy": { + "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", + "type": "string" + } + }, + "type": "object" + }, + "realTimeKernel": { + "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", + "properties": { + "enabled": { + "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", + "type": "boolean" + } + }, + "type": "object" + }, + "workloadHints": { + "description": "WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and\nkernel arguments that should be applied on top of the node.", + "properties": { + "highPowerConsumption": { + "description": "HighPowerConsumption defines if the node should be configured in high power consumption mode.\nThe flag will affect the power consumption but will improve the CPUs latency.", + "type": "boolean" + }, + "perPodPowerManagement": { + "description": "PerPodPowerManagement defines if the node should be configured in per pod power management.\nPerPodPowerManagement and HighPowerConsumption hints can not be enabled together.", + "type": "boolean" + }, + "realTime": { + "default": true, + "description": "RealTime defines if the node should be configured for the real time workload. Defaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "cpu", + "nodeSelector" + ], + "type": "object" + }, + "status": { + "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", + "properties": { + "conditions": { + "description": "Conditions represents the latest available observations of current state.", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "runtimeClass": { + "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", + "type": "string" + }, + "tuned": { + "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfile", + "version": "v1" + } + ] + }, + "performance.openshift.io/v1/PerformanceProfileList": { + "description": "PerformanceProfileList is a list of PerformanceProfile", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.performance.v1.PerformanceProfile" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfileList", + "version": "v1" + } + ] + }, + "performance.openshift.io/v1alpha1/PerformanceProfile": { + "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "properties": { + "additionalKernelArgs": { + "description": "Additional kernel arguments.", + "items": { + "type": "string" + }, + "type": "array" + }, + "cpu": { + "description": "CPU defines a set of CPU related parameters.", + "properties": { + "balanceIsolated": { + "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", + "type": "boolean" + }, + "isolated": { + "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", + "type": "string" + }, + "reserved": { + "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", + "type": "string" + } + }, + "type": "object" + }, + "hugepages": { + "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the performance-addon-operator.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", + "properties": { + "defaultHugepagesSize": { + "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", + "type": "string" + }, + "pages": { + "description": "Pages defines huge pages that we want to allocate at boot time.", + "items": { + "description": "HugePage defines the number of allocated huge pages of the specific size.", + "properties": { + "count": { + "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", + "format": "int32", + "type": "integer" + }, + "node": { + "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", + "format": "int32", + "type": "integer" + }, + "size": { + "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", + "type": "string" + } }, - "hostname": { - "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "machineConfigLabel": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "machineConfigPoolSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.", + "type": "object" + }, + "numa": { + "description": "NUMA defines options related to topology aware affinities", + "properties": { + "topologyPolicy": { + "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", + "type": "string" + } + }, + "type": "object" + }, + "realTimeKernel": { + "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", + "properties": { + "enabled": { + "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", + "properties": { + "conditions": { + "description": "Conditions represents the latest available observations of current state.", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "runtimeClass": { + "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", + "type": "string" + }, + "tuned": { + "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfile", + "version": "v1alpha1" + } + ] + }, + "performance.openshift.io/v1alpha1/PerformanceProfileList": { + "description": "PerformanceProfileList is a list of PerformanceProfile", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.performance.v1alpha1.PerformanceProfile" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfileList", + "version": "v1alpha1" + } + ] + }, + "performance.openshift.io/v2/PerformanceProfile": { + "description": "PerformanceProfile is the Schema for the performanceprofiles API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "PerformanceProfileSpec defines the desired state of PerformanceProfile.", + "properties": { + "additionalKernelArgs": { + "description": "Additional kernel arguments.", + "items": { + "type": "string" + }, + "type": "array" + }, + "cpu": { + "description": "CPU defines a set of CPU related parameters.", + "properties": { + "balanceIsolated": { + "description": "BalanceIsolated toggles whether or not the Isolated CPU set is eligible for load balancing work loads.\nWhen this option is set to \"false\", the Isolated CPU set will be static, meaning workloads have to\nexplicitly assign each thread to a specific cpu in order to work across multiple CPUs.\nSetting this to \"true\" allows workloads to be balanced across CPUs.\nSetting this to \"false\" offers the most predictable performance for guaranteed workloads, but it\noffloads the complexity of cpu load balancing to the application.\nDefaults to \"true\"", + "type": "boolean" + }, + "isolated": { + "description": "Isolated defines a set of CPUs that will be used to give to application threads the most execution time possible,\nwhich means removing as many extraneous tasks off a CPU as possible.\nIt is important to notice the CPU manager can choose any CPU to run the workload\nexcept the reserved CPUs. In order to guarantee that your workload will run on the isolated CPU:\n 1. The union of reserved CPUs and isolated CPUs should include all online CPUs\n 2. The isolated CPUs field should be the complementary to reserved CPUs field", + "type": "string" + }, + "offlined": { + "description": "Offline defines a set of CPUs that will be unused and set offline", + "type": "string" + }, + "reserved": { + "description": "Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.", + "type": "string" + }, + "shared": { + "description": "Shared defines a set of CPUs that will be shared among guaranteed workloads\nthat needs additional cpus which are not exclusive,\nalongside the isolated, exclusive resources that are being used already by those workloads.", + "type": "string" + } + }, + "required": [ + "isolated", + "reserved" + ], + "type": "object" + }, + "globallyDisableIrqLoadBalancing": { + "description": "GloballyDisableIrqLoadBalancing toggles whether IRQ load balancing will be disabled for the Isolated CPU set.\nWhen the option is set to \"true\" it disables IRQs load balancing for the Isolated CPU set.\nSetting the option to \"false\" allows the IRQs to be balanced across all CPUs, however the IRQs load balancing\ncan be disabled per pod CPUs when using irq-load-balancing.crio.io/cpu-quota.crio.io annotations.\nDefaults to \"false\"", + "type": "boolean" + }, + "hardwareTuning": { + "description": "HardwareTuning defines a set of CPU frequencies for isolated and reserved cpus.", + "properties": { + "isolatedCpuFreq": { + "description": "IsolatedCpuFreq defines a minimum frequency to be set across isolated cpus", + "type": "integer" + }, + "reservedCpuFreq": { + "description": "ReservedCpuFreq defines a maximum frequency to be set across reserved cpus", + "type": "integer" + } + }, + "type": "object" + }, + "hugepages": { + "description": "HugePages defines a set of huge pages related parameters.\nIt is possible to set huge pages with multiple size values at the same time.\nFor example, hugepages can be set with 1G and 2M, both values will be set on the node by the Performance Profile Controller.\nIt is important to notice that setting hugepages default size to 1G will remove all 2M related\nfolders from the node and it will be impossible to configure 2M hugepages under the node.", + "properties": { + "defaultHugepagesSize": { + "description": "DefaultHugePagesSize defines huge pages default size under kernel boot parameters.", + "type": "string" + }, + "pages": { + "description": "Pages defines huge pages that we want to allocate at boot time.", + "items": { + "description": "HugePage defines the number of allocated huge pages of the specific size.", + "properties": { + "count": { + "description": "Count defines amount of huge pages, maps to the 'hugepages' kernel boot parameter.", + "format": "int32", + "type": "integer" + }, + "node": { + "description": "Node defines the NUMA node where hugepages will be allocated,\nif not specified, pages will be allocated equally between NUMA nodes", + "format": "int32", + "type": "integer" + }, + "size": { + "description": "Size defines huge page size, maps to the 'hugepagesz' kernel boot parameter.", + "type": "string" + } }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "kernelPageSize": { + "default": "4k", + "description": "KernelPageSize defines the kernel page size. 4k is the default, 64k is only supported on aarch64", + "type": "string" + }, + "machineConfigLabel": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigLabel defines the label to add to the MachineConfigs the operator creates. It has to be\nused in the MachineConfigSelector of the MachineConfigPool which targets this performance profile.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "machineConfigPoolSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "MachineConfigPoolSelector defines the MachineConfigPool label to use in the MachineConfigPoolSelector\nof resources like KubeletConfigs created by the operator.\nDefaults to \"machineconfiguration.openshift.io/role=\"", + "type": "object" + }, + "net": { + "description": "Net defines a set of network related features", + "properties": { + "devices": { + "description": "Devices contains a list of network device representations that will be\nset with a netqueue count equal to CPU.Reserved .\nIf no devices are specified then the default is all devices.", + "items": { + "description": "Device defines a way to represent a network device in several options:\ndevice name, vendor ID, model ID, PCI path and MAC address", + "properties": { + "deviceID": { + "description": "Network device ID (model) represnted as a 16 bit hexmadecimal number.", + "type": "string" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "interfaceName": { + "description": "Network device name to be matched. It uses a syntax of shell-style wildcards which are either positive or negative.", + "type": "string" + }, + "vendorID": { + "description": "Network device vendor ID represnted as a 16 bit Hexmadecimal number.", + "type": "string" + } }, - "initContainers": { - "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nof that value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", - "items": { - "description": "A single application container that you want to run within a pod.", - "properties": { - "args": { - "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container.\nCannot be updated.", - "items": { - "description": "EnvVar represents an environment variable present in a Container.", - "properties": { - "name": { - "description": "Name of the environment variable. Must be a C_IDENTIFIER.", - "type": "string" - }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "properties": { - "key": { - "description": "The key to select.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" + "type": "object" + }, + "type": "array" + }, + "userLevelNetworking": { + "description": "UserLevelNetworking when enabled - sets either all or specified network devices queue size to the amount of reserved CPUs. Defaults to \"false\".", + "type": "boolean" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector defines the Node label to use in the NodeSelectors of resources like Tuned created by the operator.\nIt most likely should, but does not have to match the node label in the NodeSelector of the MachineConfigPool\nwhich targets this performance profile.\nIn the case when machineConfigLabels or machineConfigPoolSelector are not set, we are expecting a certain NodeSelector format\n/: \"\" in order to be able to calculate the default values for the former mentioned fields.", + "type": "object" + }, + "numa": { + "description": "NUMA defines options related to topology aware affinities", + "properties": { + "topologyPolicy": { + "description": "Name of the policy applied when TopologyManager is enabled\nOperator defaults to \"best-effort\"", + "type": "string" + } + }, + "type": "object" + }, + "realTimeKernel": { + "description": "RealTimeKernel defines a set of real time kernel related parameters. RT kernel won't be installed when not set.", + "properties": { + "enabled": { + "description": "Enabled defines if the real time kernel packages should be installed. Defaults to \"false\"", + "type": "boolean" + } + }, + "type": "object" + }, + "workloadHints": { + "description": "WorkloadHints defines hints for different types of workloads. It will allow defining exact set of tuned and\nkernel arguments that should be applied on top of the node.", + "properties": { + "highPowerConsumption": { + "description": "HighPowerConsumption defines if the node should be configured in high power consumption mode.\nThe flag will affect the power consumption but will improve the CPUs latency. Defaults to false.", + "type": "boolean" + }, + "mixedCpus": { + "description": "MixedCpus enables the mixed-cpu-node-plugin on the node.\nDefaults to false.", + "type": "boolean" + }, + "perPodPowerManagement": { + "description": "PerPodPowerManagement defines if the node should be configured in per pod power management.\nPerPodPowerManagement and HighPowerConsumption hints can not be enabled together. Defaults to false.", + "type": "boolean" + }, + "realTime": { + "default": true, + "description": "RealTime defines if the node should be configured for the real time workload. Defaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "cpu", + "nodeSelector" + ], + "type": "object" + }, + "status": { + "description": "PerformanceProfileStatus defines the observed state of PerformanceProfile.", + "properties": { + "conditions": { + "description": "Conditions represents the latest available observations of current state.", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "runtimeClass": { + "description": "RuntimeClass contains the name of the RuntimeClass resource created by the operator.", + "type": "string" + }, + "tuned": { + "description": "Tuned points to the Tuned custom resource object that contains the tuning values generated by this operator.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfile", + "version": "v2" + } + ] + }, + "performance.openshift.io/v2/PerformanceProfileList": { + "description": "PerformanceProfileList is a list of PerformanceProfile", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of performanceprofiles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.performance.v2.PerformanceProfile" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "performance.openshift.io", + "kind": "PerformanceProfileList", + "version": "v2" + } + ] + }, + "policy.networking.k8s.io/v1alpha1/AdminNetworkPolicy": { + "description": "AdminNetworkPolicy is a cluster level resource that is part of the\nAdminNetworkPolicy API.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of AdminNetworkPolicy.", + "properties": { + "egress": { + "description": "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a AdminNetworkPolicy's\nSubject field.\n", + "properties": { + "action": { + "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core", + "enum": [ + "Allow", + "Deny", + "Pass" + ], + "type": "string" + }, + "name": { + "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core", + "maxLength": 100, + "type": "string" + }, + "ports": { + "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namedPort": { + "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", + "type": "string" + }, + "portNumber": { + "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", + "properties": { + "port": { + "description": "Number defines a network port value.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + } }, - "envFrom": { - "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", - "items": { - "description": "EnvFromSource represents the source of a set of ConfigMaps", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } + "required": [ + "port", + "protocol" + ], + "type": "object" + }, + "portRange": { + "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", + "properties": { + "end": { + "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + }, + "start": { + "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "end", + "start" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "type": "array" + }, + "to": { + "description": "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "prefix": { - "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "networks": { + "description": "Networks defines a way to select peers via CIDR blocks.\nThis is intended for representing entities that live outside the cluster,\nwhich can't be selected by pods, namespaces and nodes peers, but note\nthat cluster-internal traffic will be checked against the rule as\nwell. So if you Allow or Deny traffic to `\"0.0.0.0/0\"`, that will allow\nor deny all IPv4 pod-to-pod traffic as well. If you don't want that,\nadd a rule that Passes all pod traffic before the Networks rule.\n\n\nEach item in Networks should be provided in the CIDR format and should be\nIPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".\n\n\nNetworks can have upto 25 CIDRs specified.\n\n\nSupport: Extended\n\n\n", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid CIDR format provided", + "rule": "isCIDR(self)" + }, + { + "message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported", + "rule": "self.contains(':') != self.contains('.')" + } + ] }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", - "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "maxItems": 25, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "nodes": { + "description": "Nodes defines a way to select a set of nodes in\nthe cluster. This field follows standard label selector\nsemantics; if present but empty, it selects all Nodes.\n\n\nSupport: Extended\n\n\n", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "required": [ - "port" - ], - "type": "object" + "type": "array" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "port" + "key", + "operator" ], "type": "object" }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "seconds" - ], - "type": "object" + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "port" + "key", + "operator" ], "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } + "type": "array" }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", + "matchLabels": { + "additionalProperties": { "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "action", + "to" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes", + "rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" + } + ] + }, + "maxItems": 100, + "type": "array" + }, + "ingress": { + "description": "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by an AdminNetworkPolicy's\nSubject field.", + "properties": { + "action": { + "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core", + "enum": [ + "Allow", + "Deny", + "Pass" + ], + "type": "string" + }, + "from": { + "description": "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "port" + "key", + "operator" ], "type": "object" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } + "type": "array" }, - "type": "object" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", - "type": "string" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", - "items": { - "description": "ContainerPort represents a network port in a single container.", - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", - "format": "int32", - "type": "integer" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "protocol": { - "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "containerPort" - ], + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map" + } }, - "readinessProbe": { - "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "path": { - "description": "Path to access on the HTTP server.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } + }, + "required": [ + "key", + "operator" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } + "type": "array" }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "name": { + "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core", + "maxLength": 100, + "type": "string" + }, + "ports": { + "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namedPort": { + "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", + "type": "string" + }, + "portNumber": { + "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", + "properties": { + "port": { + "description": "Number defines a network port value.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + } + }, + "required": [ + "port", + "protocol" + ], + "type": "object" + }, + "portRange": { + "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", + "properties": { + "end": { + "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + }, + "start": { + "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "end", + "start" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "type": "array" + } + }, + "required": [ + "action", + "from" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array" + }, + "priority": { + "description": "Priority is a value from 0 to 1000. Rules with lower priority values have\nhigher precedence, and are checked before rules with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nThe behavior is undefined if two ANP objects have same priority.\n\n\nSupport: Core", + "format": "int32", + "maximum": 1000, + "minimum": 0, + "type": "integer" + }, + "subject": { + "description": "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces is used to select pods via namespace selectors.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods is used to select pods via namespace AND pod selectors.", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "required": [ - "port" - ], - "type": "object" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "type": "array" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "items": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", - "type": "string" - }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", - "type": "string" - } - }, - "required": [ - "resourceName", - "restartPolicy" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "resources": { - "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "type": "array" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "priority", + "subject" + ], + "type": "object" + }, + "status": { + "description": "Status is the status to be reported by the implementation.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "conditions" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy.networking.k8s.io", + "kind": "AdminNetworkPolicy", + "version": "v1alpha1" + } + ] + }, + "policy.networking.k8s.io/v1alpha1/AdminNetworkPolicyList": { + "description": "AdminNetworkPolicyList is a list of AdminNetworkPolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of adminnetworkpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.networking.policy.v1alpha1.AdminNetworkPolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy.networking.k8s.io", + "kind": "AdminNetworkPolicyList", + "version": "v1alpha1" + } + ] + }, + "policy.networking.k8s.io/v1alpha1/BaselineAdminNetworkPolicy": { + "description": "BaselineAdminNetworkPolicy is a cluster level resource that is part of the\nAdminNetworkPolicy API.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of BaselineAdminNetworkPolicy.", + "properties": { + "egress": { + "description": "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core", + "items": { + "description": "BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a BaselineAdminNetworkPolicy's\nSubject field.\n", + "properties": { + "action": { + "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core", + "enum": [ + "Allow", + "Deny" + ], + "type": "string" + }, + "name": { + "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core", + "maxLength": 100, + "type": "string" + }, + "ports": { + "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.", + "items": { + "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namedPort": { + "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", + "type": "string" + }, + "portNumber": { + "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", + "properties": { + "port": { + "description": "Number defines a network port value.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + } + }, + "required": [ + "port", + "protocol" + ], + "type": "object" + }, + "portRange": { + "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", + "properties": { + "end": { + "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + }, + "start": { + "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "end", + "start" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "type": "array" + }, + "to": { + "description": "To is the list of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "add": { - "description": "Added capabilities", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" }, - "drop": { - "description": "Removed capabilities", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { - "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "privileged": { - "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "networks": { + "description": "Networks defines a way to select peers via CIDR blocks.\nThis is intended for representing entities that live outside the cluster,\nwhich can't be selected by pods, namespaces and nodes peers, but note\nthat cluster-internal traffic will be checked against the rule as\nwell. So if you Allow or Deny traffic to `\"0.0.0.0/0\"`, that will allow\nor deny all IPv4 pod-to-pod traffic as well. If you don't want that,\nadd a rule that Passes all pod traffic before the Networks rule.\n\n\nEach item in Networks should be provided in the CIDR format and should be\nIPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".\n\n\nNetworks can have upto 25 CIDRs specified.\n\n\nSupport: Extended\n\n\n", + "items": { + "description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").", + "maxLength": 43, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Invalid CIDR format provided", + "rule": "isCIDR(self)" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + { + "message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported", + "rule": "self.contains(':') != self.contains('.')" + } + ] + }, + "maxItems": 25, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "nodes": { + "description": "Nodes defines a way to select a set of nodes in\nthe cluster. This field follows standard label selector\nsemantics; if present but empty, it selects all Nodes.\n\n\nSupport: Extended\n\n\n", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "format": "int32", - "type": "integer" - }, - "service": { - "default": "", - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string" + "type": "array" } }, "required": [ - "port" + "key", + "operator" ], "type": "object" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "key", + "operator" + ], + "type": "object" }, - "path": { - "description": "Path to access on the HTTP server.", + "type": "array" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } + }, + "required": [ + "key", + "operator" ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "type": "object" }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } + "type": "array" }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "format": "int32", - "type": "integer" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "action", + "to" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes", + "rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))" + } + ] + }, + "maxItems": 100, + "type": "array" + }, + "ingress": { + "description": "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core", + "items": { + "description": "BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by a BaselineAdminNetworkPolicy's\nSubject field.", + "properties": { + "action": { + "description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core", + "enum": [ + "Allow", + "Deny" + ], + "type": "string" + }, + "from": { + "description": "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "port" + "key", + "operator" ], "type": "object" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "format": "int64", - "type": "integer" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } + "type": "array" }, - "type": "object" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", - "type": "boolean" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", - "type": "string" - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "items": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", - "items": { - "description": "VolumeMount describes a mounting of a Volume within a container.", + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", - "type": "string" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", - "type": "string" - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", - "type": "string" - }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array" }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map" + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "workingDir": { - "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "os": { - "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", - "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string" + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" } }, - "required": [ - "name" - ], "type": "object" }, - "overhead": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "name": { + "description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core", + "maxLength": 100, + "type": "string" + }, + "ports": { + "description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core", + "items": { + "description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namedPort": { + "description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n", + "type": "string" + }, + "portNumber": { + "description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core", + "properties": { + "port": { + "description": "Number defines a network port value.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + } }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object" - }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", - "type": "string" - }, - "priority": { - "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", - "format": "int32", - "type": "integer" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", - "items": { - "description": "PodReadinessGate contains the reference to a pod condition", - "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", - "type": "string" - } + "required": [ + "port", + "protocol" + ], + "type": "object" }, - "required": [ - "conditionType" - ], - "type": "object" + "portRange": { + "description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core", + "properties": { + "end": { + "description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core", + "type": "string" + }, + "start": { + "description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "end", + "start" + ], + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "maxItems": 100, + "type": "array" + } + }, + "required": [ + "action", + "from" + ], + "type": "object" + }, + "maxItems": 100, + "type": "array" + }, + "subject": { + "description": "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "namespaces": { + "description": "Namespaces is used to select pods via namespace selectors.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "array" }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "pods": { + "description": "Pods is used to select pods via namespace AND pod selectors.", + "properties": { + "namespaceSelector": { + "description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "type": "array" }, - "requests": { + "matchLabels": { "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "type": "string" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", - "type": "string" - }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" - }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", - "type": "string" - }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "items": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", - "properties": { - "name": { - "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", + "podSelector": { + "description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.", "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "Sysctl defines a kernel parameter to be set", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "name": { - "description": "Name of a property to set", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "value": { - "description": "Value of a property to set", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ - "name", - "value" + "key", + "operator" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "namespaceSelector", + "podSelector" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "subject" + ], + "type": "object" + }, + "status": { + "description": "Status is the status to be reported by the implementation.", + "properties": { + "conditions": { + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "conditions" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy.networking.k8s.io", + "kind": "BaselineAdminNetworkPolicy", + "version": "v1alpha1" + } + ] + }, + "policy.networking.k8s.io/v1alpha1/BaselineAdminNetworkPolicyList": { + "description": "BaselineAdminNetworkPolicyList is a list of BaselineAdminNetworkPolicy", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of baselineadminnetworkpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.networking.policy.v1alpha1.BaselineAdminNetworkPolicy" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy.networking.k8s.io", + "kind": "BaselineAdminNetworkPolicyList", + "version": "v1alpha1" + } + ] + }, + "policy/v1/Eviction": { + "description": "Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods//evictions.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "deleteOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + ], + "description": "DeleteOptions may be provided" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "ObjectMeta describes the pod that is being evicted." + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "Eviction", + "version": "v1" + } + ] + }, + "policy/v1/PodDisruptionBudget": { + "description": "PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudgetSpec" + } + ], + "default": {}, + "description": "Specification of the desired behavior of the PodDisruptionBudget." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudgetStatus" + } + ], + "default": {}, + "description": "Most recently observed status of the PodDisruptionBudget." + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "PodDisruptionBudget", + "version": "v1" + } + ] + }, + "policy/v1/PodDisruptionBudgetList": { + "description": "PodDisruptionBudgetList is a collection of PodDisruptionBudgets.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of PodDisruptionBudgets", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.PodDisruptionBudget" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "PodDisruptionBudgetList", + "version": "v1" + } + ] + }, + "pool.kubevirt.io/v1alpha1/VirtualMachinePool": { + "description": "VirtualMachinePool resource contains a VirtualMachine configuration\nthat can be used to replicate multiple VirtualMachine resources.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "properties": { + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "(Defaults to 100%) Integer or string pointer, that when set represents either a percentage or number of VMs in a pool that can be unavailable (ready condition false) at a time during automated update.", + "x-kubernetes-int-or-string": true + }, + "nameGeneration": { + "description": "Options for the name generation in a pool.", + "properties": { + "appendIndexToConfigMapRefs": { + "type": "boolean" + }, + "appendIndexToSecretRefs": { + "type": "boolean" + } + }, + "type": "object" + }, + "paused": { + "description": "Indicates that the pool is paused.", + "type": "boolean" + }, + "replicas": { + "description": "Number of desired pods. This is a pointer to distinguish between explicit\nzero and not specified. Defaults to 1.", + "format": "int32", + "type": "integer" + }, + "scaleInStrategy": { + "description": "ScaleInStrategy specifies how the VMPool controller manages scaling in VMs within a VMPool", + "properties": { + "proactive": { + "description": "Proactive scale-in by forcing VMs to shutdown during scale-in (Default)", + "properties": { + "selectionPolicy": { + "description": "SelectionPolicy defines the priority in which VM instances are selected for proactive scale-in\nDefaults to \"Random\" base policy when no SelectionPolicy is configured", + "properties": { + "basePolicy": { + "description": "BasePolicy is a catch-all policy [Random|DescendingOrder]", + "enum": [ + "Random", + "DescendingOrder" + ], + "type": "string" + } + }, "type": "object" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", - "type": "boolean" - }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", + } + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "Label selector for pods. Existing Poolss whose pods are\nselected by this will be the ones affected by this deployment.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "virtualMachineTemplate": { + "description": "Template describes the VM that will be created.", + "properties": { + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineSpec contains the VirtualMachine specification.", + "properties": { + "dataVolumeTemplates": { + "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "nullable": true, "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "spec": { + "description": "DataVolumeSpec contains the DataVolume specification.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "current", + "previous" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", - "type": "string" - } - }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", - "type": "string" - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string" - }, - "fsType": { - "default": "ext4", - "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" + "type": "array" }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], "type": "string" }, - "readOnly": { - "default": false, - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - } - }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", "type": "boolean" }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string" - } - }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", "type": "boolean" }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", "type": "string" }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "pvc": { + "description": "PVC is the PVC specification", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "monitors" - ], - "type": "object" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - } - }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "type": "object" }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } + "required": [ + "url" + ], + "type": "object" }, - "required": [ - "key", - "path" - ], - "type": "object" + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", - "type": "string" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", - "type": "string" + "type": "object" }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "required": [ + "kind", + "name" + ], "type": "object" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" }, - "items": { - "description": "Items is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "divisor": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { "anyOf": [ { "type": "integer" @@ -300281,3298 +251398,3360 @@ "type": "string" } ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" - }, - "sizeLimit": { - "anyOf": [ - { - "type": "integer" + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" }, - { + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } - ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" } }, "type": "object" }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "status": { + "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", + "nullable": true, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "type": "array" + }, + "instancetype": { + "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", + "type": "string" + }, + "kind": { + "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "preference": { + "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", + "type": "string" + }, + "kind": { + "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "runStrategy": { + "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running\nFollowing are allowed values:\n- \"Always\": VMI should always be running.\n- \"Halted\": VMI should never be running.\n- \"Manual\": VMI can be started/stopped using API endpoints.\n- \"RerunOnFailure\": VMI will initially be running and restarted if a failure occurs, but will not be restarted upon successful completion.\n- \"Once\": VMI will run once and not be restarted upon completion regardless if the completion is of phase Failure or Success.", + "type": "string" + }, + "running": { + "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", + "type": "boolean" + }, + "template": { + "description": "Template is the direct specification of VirtualMachineInstance", + "properties": { + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", + "properties": { + "accessCredentials": { + "description": "Specifies a set of public keys to inject into the vm guest", + "items": { + "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", - "type": "object" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "sshPublicKey": { + "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "propagationMethod": { + "description": "PropagationMethod represents how the public key is injected into the vm guest.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" + "configDrive": { + "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", + "type": "object" }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "noCloud": { + "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", + "type": "object" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", + "properties": { + "users": { + "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "users" + ], + "type": "object" } }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "source": { + "description": "Source represents where the public keys are pulled from", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } + }, + "required": [ + "secretName" + ], + "type": "object" } }, - "required": [ - "kind", - "name" - ], "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + } + }, + "required": [ + "propagationMethod", + "source" + ], + "type": "object" + }, + "userPassword": { + "description": "UserPassword represents the source and method for applying a guest user's\npassword", + "properties": { + "propagationMethod": { + "description": "propagationMethod represents how the user passwords are injected into the vm guest.", "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", "type": "object" } }, "type": "object" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", + "source": { + "description": "Source represents where the user passwords are pulled from", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "secretName" + ], "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" + "type": "object" } }, + "required": [ + "propagationMethod", + "source" + ], "type": "object" } }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "format": "int32", - "type": "integer" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string" - }, - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options is Optional: this field holds extra command options if any.", "type": "object" }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", - "type": "string" - }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", - "type": "string" - } - }, - "type": "object" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "format": "int32", - "type": "integer" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" - } - }, - "required": [ - "pdName" - ], - "type": "object" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", - "properties": { - "directory": { - "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" - } - }, - "required": [ - "repository" - ], - "type": "object" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", - "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - }, - "required": [ - "endpoints", - "path" - ], - "type": "object" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "properties": { - "path": { - "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - }, - "type": { - "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string" - }, - "reference": { - "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", - "type": "string" - } - }, - "type": "object" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", - "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string" - }, - "iscsiInterface": { - "default": "default", - "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", - "type": "string" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "format": "int32", - "type": "integer" - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", - "type": "string" - } - }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" - }, - "name": { - "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "properties": { - "path": { - "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string" - } - }, - "required": [ - "path", - "server" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", - "type": "string" - } - }, - "required": [ - "pdID" - ], - "type": "object" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", - "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string" - } + "maxItems": 256, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "volumeID" - ], - "type": "object" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", - "items": { - "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "affinity": { + "description": "If affinity is specifies, obey all the affinity rules", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key", - "operator" - ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "fieldPath" - ], "type": "object", "x-kubernetes-map-type": "atomic" }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "resource": { - "description": "Required: resource to select", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "resource" - ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" } }, "required": [ - "path" + "topologyKey" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "secret": { - "description": "secret information about the secret data to project", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", - "format": "int64", - "type": "integer" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the\ntoken into.", - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "properties": { - "group": { - "description": "group to map volume access to\nDefault is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", - "type": "string" - }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to\nDefaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string" - } - }, - "required": [ - "registry", - "volume" - ], - "type": "object" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "keyring": { - "default": "/etc/ceph/keyring", - "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "default": "rbd", - "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "user": { - "default": "admin", - "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string" - } - }, - "required": [ - "image", - "monitors" - ], - "type": "object" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "properties": { - "fsType": { - "default": "xfs", - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", - "type": "string" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "default": "ThinProvisioned", - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", - "type": "string" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", - "type": "string" - } - }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" - }, - "secret": { - "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", - "items": { - "description": "Maps a string key to a path within a volume.", - "properties": { - "key": { - "description": "key is the key to project.", - "type": "string" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", - "type": "string" - } - }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - } - }, - "type": "object" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", - "type": "string" - }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", - "type": "string" - } - }, - "type": "object" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", - "properties": { - "fsType": { - "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", - "type": "string" - } - }, - "required": [ - "volumePath" - ], - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "containers" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": { - "default": "rw", - "description": "Type of service to forward traffic to. Default: `rw`.", - "enum": [ - "rw", - "ro" - ], - "type": "string" - } - }, - "required": [ - "cluster", - "pgbouncer" - ], - "type": "object" - }, - "status": { - "description": "Most recently observed status of the Pooler. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "instances": { - "description": "The number of pods trying to be scheduled", - "format": "int32", - "type": "integer" - }, - "secrets": { - "description": "The resource version of the config object", - "properties": { - "clientCA": { - "description": "The client CA secret version", - "properties": { - "name": { - "description": "The name of the secret", - "type": "string" - }, - "version": { - "description": "The ResourceVersion of the secret", - "type": "string" - } - }, - "type": "object" - }, - "pgBouncerSecrets": { - "description": "The version of the secrets used by PgBouncer", - "properties": { - "authQuery": { - "description": "The auth query secret version", - "properties": { - "name": { - "description": "The name of the secret", - "type": "string" - }, - "version": { - "description": "The ResourceVersion of the secret", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "serverCA": { - "description": "The server CA secret version", - "properties": { - "name": { - "description": "The name of the secret", - "type": "string" - }, - "version": { - "description": "The ResourceVersion of the secret", - "type": "string" - } - }, - "type": "object" - }, - "serverTLS": { - "description": "The server TLS secret version", - "properties": { - "name": { - "description": "The name of the secret", - "type": "string" - }, - "version": { - "description": "The ResourceVersion of the secret", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Pooler", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/PoolerList": { - "description": "PoolerList is a list of Pooler", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of poolers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Pooler" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "PoolerList", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/Publication": { - "description": "Publication is the Schema for the publications API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "PublicationSpec defines the desired state of Publication", - "properties": { - "cluster": { - "description": "The name of the PostgreSQL cluster that identifies the \"publisher\"", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dbname": { - "description": "The name of the database where the publication will be installed in\nthe \"publisher\" cluster", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "dbname is immutable", - "rule": "self == oldSelf" - } - ] - }, - "name": { - "description": "The name of the publication inside PostgreSQL", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "name is immutable", - "rule": "self == oldSelf" - } - ] - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Publication parameters part of the `WITH` clause as expected by\nPostgreSQL `CREATE PUBLICATION` command", - "type": "object" - }, - "publicationReclaimPolicy": { - "default": "retain", - "description": "The policy for end-of-life maintenance of this publication", - "enum": [ - "delete", - "retain" - ], - "type": "string" - }, - "target": { - "description": "Target of the publication as expected by PostgreSQL `CREATE PUBLICATION` command", - "properties": { - "allTables": { - "description": "Marks the publication as one that replicates changes for all tables\nin the database, including tables created in the future.\nCorresponding to `FOR ALL TABLES` in PostgreSQL.", - "type": "boolean", - "x-kubernetes-validations": [ - { - "message": "allTables is immutable", - "rule": "self == oldSelf" - } - ] - }, - "objects": { - "description": "Just the following schema objects", - "items": { - "description": "PublicationTargetObject is an object to publish", - "properties": { - "table": { - "description": "Specifies a list of tables to add to the publication. Corresponding\nto `FOR TABLE` in PostgreSQL.", - "properties": { - "columns": { - "description": "The columns to publish", - "items": { - "type": "string" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" }, - "type": "array" - }, - "name": { - "description": "The table name", - "type": "string" - }, - "only": { - "description": "Whether to limit to the table only or include all its descendants", - "type": "boolean" - }, - "schema": { - "description": "The schema name", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "tablesInSchema": { - "description": "Marks the publication as one that replicates changes for all tables\nin the specified list of schemas, including tables created in the\nfuture. Corresponding to `FOR TABLES IN SCHEMA` in PostgreSQL.", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "tablesInSchema and table are mutually exclusive", - "rule": "(has(self.tablesInSchema) && !has(self.table)) || (!has(self.tablesInSchema) && has(self.table))" - } - ] - }, - "maxItems": 100000, - "type": "array", - "x-kubernetes-validations": [ - { - "message": "specifying a column list when the publication also publishes tablesInSchema is not supported", - "rule": "!(self.exists(o, has(o.table) && has(o.table.columns)) && self.exists(o, has(o.tablesInSchema)))" - } - ] - } - }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "allTables and objects are mutually exclusive", - "rule": "(has(self.allTables) && !has(self.objects)) || (!has(self.allTables) && has(self.objects))" - } - ] - } - }, - "required": [ - "cluster", - "dbname", - "name", - "target" - ], - "type": "object" - }, - "status": { - "description": "PublicationStatus defines the observed state of Publication", - "properties": { - "applied": { - "description": "Applied is true if the publication was reconciled correctly", - "type": "boolean" - }, - "message": { - "description": "Message is the reconciliation output message", - "type": "string" - }, - "observedGeneration": { - "description": "A sequence number representing the latest\ndesired state that was synchronized", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Publication", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/PublicationList": { - "description": "PublicationList is a list of Publication", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of publications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Publication" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "PublicationList", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ScheduledBackup": { - "description": "ScheduledBackup is the Schema for the scheduledbackups API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "Specification of the desired behavior of the ScheduledBackup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "backupOwnerReference": { - "default": "none", - "description": "Indicates which ownerReference should be put inside the created backup resources.
\n- none: no owner reference for created backup objects (same behavior as before the field was introduced)
\n- self: sets the Scheduled backup object as owner of the backup
\n- cluster: set the cluster as owner of the backup
", - "enum": [ - "none", - "self", - "cluster" - ], - "type": "string" - }, - "cluster": { - "description": "The cluster to backup", - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "immediate": { - "description": "If the first backup has to be immediately start after creation or not", - "type": "boolean" - }, - "method": { - "default": "barmanObjectStore", - "description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.", - "enum": [ - "barmanObjectStore", - "volumeSnapshot", - "plugin" - ], - "type": "string" - }, - "online": { - "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'", - "type": "boolean" - }, - "onlineConfiguration": { - "description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza", - "properties": { - "immediateCheckpoint": { - "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", - "type": "boolean" - }, - "waitForArchive": { - "default": true, - "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", - "type": "boolean" - } - }, - "type": "object" - }, - "pluginConfiguration": { - "description": "Configuration parameters passed to the plugin managing this backup", - "properties": { - "name": { - "description": "Name is the name of the plugin managing this backup", - "type": "string" - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup", - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "schedule": { - "description": "The schedule does not follow the same format used in Kubernetes CronJobs\nas it includes an additional seconds specifier,\nsee https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format", - "type": "string" - }, - "suspend": { - "description": "If this backup is suspended or not", - "type": "boolean" - }, - "target": { - "description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.", - "enum": [ - "primary", - "prefer-standby" - ], - "type": "string" - } - }, - "required": [ - "cluster", - "schedule" - ], - "type": "object" - }, - "status": { - "description": "Most recently observed status of the ScheduledBackup. This data may not be up\nto date. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "properties": { - "lastCheckTime": { - "description": "The latest time the schedule", - "format": "date-time", - "type": "string" - }, - "lastScheduleTime": { - "description": "Information when was the last time that backup was successfully scheduled.", - "format": "date-time", - "type": "string" - }, - "nextScheduleTime": { - "description": "Next time we will run a backup", - "format": "date-time", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ScheduledBackup", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/ScheduledBackupList": { - "description": "ScheduledBackupList is a list of ScheduledBackup", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of scheduledbackups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ScheduledBackup" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "ScheduledBackupList", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/Subscription": { - "description": "Subscription is the Schema for the subscriptions API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "SubscriptionSpec defines the desired state of Subscription", - "properties": { - "cluster": { - "description": "The name of the PostgreSQL cluster that identifies the \"subscriber\"", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dbname": { - "description": "The name of the database where the publication will be installed in\nthe \"subscriber\" cluster", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "dbname is immutable", - "rule": "self == oldSelf" - } - ] - }, - "externalClusterName": { - "description": "The name of the external cluster with the publication (\"publisher\")", - "type": "string" - }, - "name": { - "description": "The name of the subscription inside PostgreSQL", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "name is immutable", - "rule": "self == oldSelf" - } - ] - }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Subscription parameters part of the `WITH` clause as expected by\nPostgreSQL `CREATE SUBSCRIPTION` command", - "type": "object" - }, - "publicationDBName": { - "description": "The name of the database containing the publication on the external\ncluster. Defaults to the one in the external cluster definition.", - "type": "string" - }, - "publicationName": { - "description": "The name of the publication inside the PostgreSQL database in the\n\"publisher\"", - "type": "string" - }, - "subscriptionReclaimPolicy": { - "default": "retain", - "description": "The policy for end-of-life maintenance of this subscription", - "enum": [ - "delete", - "retain" - ], - "type": "string" - } - }, - "required": [ - "cluster", - "dbname", - "externalClusterName", - "name", - "publicationName" - ], - "type": "object" - }, - "status": { - "description": "SubscriptionStatus defines the observed state of Subscription", - "properties": { - "applied": { - "description": "Applied is true if the subscription was reconciled correctly", - "type": "boolean" - }, - "message": { - "description": "Message is the reconciliation output message", - "type": "string" - }, - "observedGeneration": { - "description": "A sequence number representing the latest\ndesired state that was synchronized", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "Subscription", - "version": "v1" - } - ] - }, - "postgresql.cnpg.noobaa.io/v1/SubscriptionList": { - "description": "SubscriptionList is a list of Subscription", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of subscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Subscription" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "postgresql.cnpg.noobaa.io", - "kind": "SubscriptionList", - "version": "v1" - } - ] - }, - "project.openshift.io/v1/Project": { - "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.project.v1.ProjectSpec" - } - ], - "default": {}, - "description": "Spec defines the behavior of the Namespace." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.project.v1.ProjectStatus" - } - ], - "default": {}, - "description": "Status describes the current status of a Namespace" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "project.openshift.io", - "kind": "Project", - "version": "v1" - } - ] - }, - "project.openshift.io/v1/ProjectList": { - "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of projects", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.project.v1.Project" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "project.openshift.io", - "kind": "ProjectList", - "version": "v1" - } - ] - }, - "project.openshift.io/v1/ProjectRequest": { - "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "description": { - "description": "Description is the description to apply to a project", - "type": "string" - }, - "displayName": { - "description": "DisplayName is the display name to apply to a project", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "project.openshift.io", - "kind": "ProjectRequest", - "version": "v1" - } - ] - }, - "quota.openshift.io/v1/AppliedClusterResourceQuota": { - "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" - } - ], - "default": {}, - "description": "Spec defines the desired quota" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" - } - ], - "default": {}, - "description": "Status defines the actual enforced quota and its current usage" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "quota.openshift.io", - "kind": "AppliedClusterResourceQuota", - "version": "v1" - } - ] - }, - "quota.openshift.io/v1/AppliedClusterResourceQuotaList": { - "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of AppliedClusterResourceQuota", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "quota.openshift.io", - "kind": "AppliedClusterResourceQuotaList", - "version": "v1" - } - ] - }, - "quota.openshift.io/v1/ClusterResourceQuota": { - "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to\nsynthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "spec defines the desired quota", - "properties": { - "quota": { - "description": "quota defines the desired quota", - "properties": { - "hard": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "hard is the set of desired hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object" - }, - "scopeSelector": { - "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota\nbut expressed using ScopeSelectorOperator in combination with possible values.\nFor a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - "properties": { - "matchExpressions": { - "description": "A list of scope selector requirements by scope of the resources.", - "items": { - "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator\nthat relates the scope name and values.", - "properties": { - "operator": { - "description": "Represents a scope's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.", - "type": "string" - }, - "scopeName": { - "description": "The name of the scope that the selector applies to.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty.\nThis array is replaced during a strategic merge patch.", - "items": { + "architecture": { + "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "operator", - "scopeName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "scopes": { - "description": "A collection of filters that must match each object tracked by a quota.\nIf not specified, the quota matches all objects.", - "items": { - "description": "A ResourceQuotaScope defines a filter that must match each object tracked by a quota", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is the selector used to match projects.\nIt should only select active projects on the scale of dozens (though it can select\nmany more less active projects). These projects will contend on object creation through\nthis resource.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "AnnotationSelector is used to select projects by annotation.", - "nullable": true, - "type": "object" - }, - "labels": { - "description": "LabelSelector is used to select projects by label.", - "nullable": true, - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is this DNS resolver option's name.\nRequired.", + "type": "string" + }, + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "quota", - "selector" - ], - "type": "object" - }, - "status": { - "description": "status defines the actual enforced quota and its current usage", - "properties": { - "namespaces": { - "description": "namespaces slices the usage by project. This division allows for quick resolution of\ndeletion reconciliation inside of a single project without requiring a recalculation\nacross all projects. This can be used to pull the deltas for a given project.", - "items": { - "description": "ResourceQuotaStatusByNamespace gives status for a particular project", - "properties": { - "namespace": { - "description": "namespace the project this status applies to", - "type": "string" - }, - "status": { - "description": "status indicates how many resources have been consumed by this project", - "properties": { - "hard": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "domain": { + "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", + "properties": { + "chassis": { + "description": "Chassis specifies the chassis info passed to the domain.", + "properties": { + "asset": { + "type": "string" + }, + "manufacturer": { + "type": "string" + }, + "serial": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "clock": { + "description": "Clock sets the clock and timers of the vmi.", + "properties": { + "timer": { + "description": "Timer specifies whih timers are attached to the vmi.", + "properties": { + "hpet": { + "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", + "type": "string" + } + }, + "type": "object" + }, + "hyperv": { + "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "kvm": { + "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "pit": { + "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", + "type": "string" + } + }, + "type": "object" + }, + "rtc": { + "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", + "type": "string" + }, + "track": { + "description": "Track the guest or the wall clock.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "timezone": { + "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", + "type": "string" + }, + "utc": { + "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", + "properties": { + "offsetSeconds": { + "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "cpu": { + "description": "CPU allow specified the detailed CPU topology inside the vmi.", + "properties": { + "cores": { + "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + }, + "dedicatedCpuPlacement": { + "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", + "type": "boolean" + }, + "features": { + "description": "Features specifies the CPU features list inside the VMI.", + "items": { + "description": "CPUFeature allows specifying a CPU feature.", + "properties": { + "name": { + "description": "Name of the CPU feature", + "type": "string" + }, + "policy": { + "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "isolateEmulatorThread": { + "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", + "type": "boolean" + }, + "maxSockets": { + "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", + "format": "int32", + "type": "integer" + }, + "model": { + "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", + "type": "string" + }, + "numa": { + "description": "NUMA allows specifying settings for the guest NUMA topology", + "properties": { + "guestMappingPassthrough": { + "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", + "type": "object" + } + }, + "type": "object" + }, + "realtime": { + "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", + "properties": { + "mask": { + "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", + "type": "string" + } + }, + "type": "object" + }, + "sockets": { + "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + }, + "threads": { + "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "devices": { + "description": "Devices allows adding disks, network interfaces, and others", + "properties": { + "autoattachGraphicsDevice": { + "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", + "type": "boolean" + }, + "autoattachInputDevice": { + "description": "Whether to attach an Input Device.\nDefaults to false.", + "type": "boolean" + }, + "autoattachMemBalloon": { + "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", + "type": "boolean" + }, + "autoattachPodInterface": { + "description": "Whether to attach a pod network interface. Defaults to true.", + "type": "boolean" + }, + "autoattachSerialConsole": { + "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", + "type": "boolean" + }, + "autoattachVSOCK": { + "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", + "type": "boolean" + }, + "blockMultiQueue": { + "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", + "type": "boolean" + }, + "clientPassthrough": { + "description": "To configure and access client devices such as redirecting USB", + "type": "object" + }, + "disableHotplug": { + "description": "DisableHotplug disabled the ability to hotplug disks.", + "type": "boolean" + }, + "disks": { + "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", + "items": { + "properties": { + "blockSize": { + "description": "If specified, the virtual disk will be presented with the given block sizes.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", + "type": "integer" + }, + "cache": { + "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "type": "string" + }, + "cdrom": { + "description": "Attach a volume as a cdrom to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to true.", + "type": "boolean" + }, + "tray": { + "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + "type": "string" + } + }, + "type": "object" + }, + "dedicatedIOThread": { + "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", + "type": "boolean" + }, + "disk": { + "description": "Attach a volume as a disk to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", + "type": "string" + }, + "pciAddress": { + "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "errorPolicy": { + "description": "If specified, it can change the default error policy (stop) for the disk", + "type": "string" + }, + "io": { + "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "string" + }, + "lun": { + "description": "Attach a volume as a LUN to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + }, + "reservation": { + "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", + "type": "boolean" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "serial": { + "description": "Serial provides the ability to specify a serial number for the disk device.", + "type": "string" + }, + "shareable": { + "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", + "type": "boolean" + }, + "tag": { + "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + }, + "downwardMetrics": { + "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", + "type": "object" + }, + "filesystems": { + "description": "Filesystems describes filesystem which is connected to the vmi.", + "items": { + "properties": { + "name": { + "description": "Name is the device name", + "type": "string" + }, + "virtiofs": { + "description": "Virtiofs is supported", + "type": "object" + } + }, + "required": [ + "name", + "virtiofs" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gpus": { + "description": "Whether to attach a GPU device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "description": "Name of the GPU device as exposed by a device plugin", + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + }, + "virtualGPUOptions": { + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "hostDevices": { + "description": "Whether to attach a host device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "inputs": { + "description": "Inputs describe input devices", + "items": { + "properties": { + "bus": { + "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", + "type": "string" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "type": { + "description": "Type indicated the type of input device.\nSupported values: tablet.", + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "interfaces": { + "description": "Interfaces describe network interfaces which are added to the vmi.", + "items": { + "properties": { + "acpiIndex": { + "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", + "type": "integer" + }, + "binding": { + "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", + "properties": { + "name": { + "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", + "type": "integer" + }, + "bridge": { + "description": "InterfaceBridge connects to a given network via a linux bridge.", + "type": "object" + }, + "dhcpOptions": { + "description": "If specified the network interface will pass additional DHCP options to the VMI", + "properties": { + "bootFileName": { + "description": "If specified will pass option 67 to interface's DHCP server", + "type": "string" + }, + "ntpServers": { + "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", + "items": { + "type": "string" + }, + "type": "array" + }, + "privateOptions": { + "description": "If specified will pass extra DHCP options for private use, range: 224-254", + "items": { + "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", + "properties": { + "option": { + "description": "Option is an Integer value from 224-254\nRequired.", + "type": "integer" + }, + "value": { + "description": "Value is a String value for the Option provided\nRequired.", + "type": "string" + } + }, + "required": [ + "option", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "tftpServerName": { + "description": "If specified will pass option 66 to interface's DHCP server", + "type": "string" + } + }, + "type": "object" + }, + "macAddress": { + "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", + "type": "string" + }, + "macvtap": { + "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "masquerade": { + "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", + "type": "object" + }, + "model": { + "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", + "type": "string" + }, + "name": { + "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", + "type": "string" + }, + "passt": { + "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "pciAddress": { + "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "ports": { + "description": "List of ports to be forwarded to the virtual machine.", + "items": { + "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", + "properties": { + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "port": { + "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "type": "array" + }, + "slirp": { + "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", + "type": "object" + }, + "sriov": { + "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", + "type": "object" + }, + "state": { + "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + }, + "logSerialConsole": { + "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", + "type": "boolean" + }, + "networkInterfaceMultiqueue": { + "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", + "type": "boolean" + }, + "panicDevices": { + "description": "PanicDevices provides additional crash information when a guest crashes.", + "items": { + "properties": { + "model": { + "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "rng": { + "description": "Whether to have random number generator from host", + "type": "object" + }, + "sound": { + "description": "Whether to emulate a sound device.", + "properties": { + "model": { + "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", + "type": "string" + }, + "name": { + "description": "User's defined name for this sound device", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "tpm": { + "description": "Whether to emulate a TPM device.", + "properties": { + "enabled": { + "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", + "type": "boolean" + }, + "persistent": { + "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "useVirtioTransitional": { + "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", + "type": "boolean" + }, + "video": { + "description": "Video describes the video device configuration for the vmi.", + "properties": { + "type": { + "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", + "type": "string" + } + }, + "type": "object" + }, + "watchdog": { + "description": "Watchdog describes a watchdog device which can be added to the vmi.", + "properties": { + "diag288": { + "description": "diag288 watchdog device (specific to s390x architecture).", + "properties": { + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", + "type": "string" + } + }, + "type": "object" + }, + "i6300esb": { + "description": "i6300esb watchdog device.", + "properties": { + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the watchdog.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "features": { + "description": "Features like acpi, apic, hyperv, smm.", + "properties": { + "acpi": { + "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "apic": { + "description": "Defaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "endOfInterrupt": { + "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "hyperv": { + "description": "Defaults to the machine type setting.", + "properties": { + "evmcs": { + "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "frequencies": { + "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "ipi": { + "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reenlightenment": { + "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "relaxed": { + "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reset": { + "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime": { + "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "spinlocks": { + "description": "Spinlocks allows to configure the spinlock retry attempts.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "spinlocks": { + "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "synic": { + "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "synictimer": { + "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", + "properties": { + "direct": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "tlbflush": { + "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vapic": { + "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vendorid": { + "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "vendorid": { + "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", + "type": "string" + } + }, + "type": "object" + }, + "vpindex": { + "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "hypervPassthrough": { + "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "kvm": { + "description": "Configure how KVM presence is exposed to the guest.", + "properties": { + "hidden": { + "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "pvspinlock": { + "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "smm": { + "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "firmware": { + "description": "Firmware.", + "properties": { + "acpi": { + "description": "Information that can be set in the ACPI table", + "properties": { + "msdmNameRef": { + "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", + "type": "string" + }, + "slicNameRef": { + "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", + "type": "string" + } + }, + "type": "object" + }, + "bootloader": { + "description": "Settings to control the bootloader that is used.", + "properties": { + "bios": { + "description": "If set (default), BIOS will be used.", + "properties": { + "useSerial": { + "description": "If set, the BIOS output will be transmitted over serial", + "type": "boolean" + } + }, + "type": "object" + }, + "efi": { + "description": "If set, EFI will be used instead of BIOS.", + "properties": { + "persistent": { + "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", + "type": "boolean" + }, + "secureBoot": { + "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "kernelBoot": { + "description": "Settings to set the kernel for booting.", + "properties": { + "container": { + "description": "Container defines the container that containes kernel artifacts", + "properties": { + "image": { + "description": "Image that contains initrd / kernel files.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "initrdPath": { + "description": "the fully-qualified path to the ramdisk image in the host OS", + "type": "string" + }, + "kernelPath": { + "description": "The fully-qualified path to the kernel image in the host OS", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "kernelArgs": { + "description": "Arguments to be passed to the kernel at boot time", + "type": "string" + } + }, + "type": "object" + }, + "serial": { + "description": "The system-serial-number in SMBIOS", + "type": "string" + }, + "uuid": { + "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", + "type": "string" + } + }, + "type": "object" + }, + "ioThreads": { + "description": "IOThreads specifies the IOThreads options.", + "properties": { + "supplementalPoolThreadCount": { + "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "ioThreadsPolicy": { + "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", + "type": "string" + }, + "launchSecurity": { + "description": "Launch Security setting of the vmi.", + "properties": { + "sev": { + "description": "AMD Secure Encrypted Virtualization (SEV).", + "properties": { + "attestation": { + "description": "If specified, run the attestation process for a vmi.", + "type": "object" + }, + "dhCert": { + "description": "Base64 encoded guest owner's Diffie-Hellman key.", + "type": "string" + }, + "policy": { + "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", + "properties": { + "encryptedState": { + "description": "SEV-ES is required.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "session": { + "description": "Base64 encoded session blob.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "machine": { + "description": "Machine type.", + "properties": { + "type": { + "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "memory": { + "description": "Memory allow specifying the VMI memory features.", + "properties": { + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "hugepages": { + "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", + "properties": { + "pageSize": { + "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "type": "string" + } + }, + "type": "object" + }, + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "resources": { + "description": "Resources describes the Compute Resources required by this vmi.", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" + }, + "overcommitGuestOverhead": { + "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", + "type": "boolean" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "devices" + ], + "type": "object" }, - { + "evictionStrategy": { + "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Hard is the set of enforced hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object" - }, - "used": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Used is the current observed total usage of the resource in the namespace.", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "namespace", - "status" - ], - "type": "object" - }, - "nullable": true, - "type": "array" - }, - "total": { - "description": "total defines the actual enforced quota and its current usage across all projects", - "properties": { - "hard": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Hard is the set of enforced hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object" - }, - "used": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Used is the current observed total usage of the resource in the namespace.", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "total" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "quota.openshift.io", - "kind": "ClusterResourceQuota", - "version": "v1" - } - ] - }, - "quota.openshift.io/v1/ClusterResourceQuotaList": { - "description": "ClusterResourceQuotaList is a list of ClusterResourceQuota", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of clusterresourcequotas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.quota.v1.ClusterResourceQuota" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "quota.openshift.io", - "kind": "ClusterResourceQuotaList", - "version": "v1" - } - ] - }, - "ramendr.openshift.io/v1alpha1/Recipe": { - "description": "Recipe is the Schema for the recipes API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "RecipeSpec defines the desired state of Recipe", - "properties": { - "appType": { - "description": "Type of application the recipe is designed for. (AppType is not used yet. For now, we will\nmatch the name of the app CR)", - "type": "string" - }, - "groups": { - "description": "List of one or multiple groups", - "items": { - "description": "Groups defined in the recipe refine / narrow-down the scope of its parent groups defined in the\nApplication CR. Recipe groups are always be associated to a parent group in Application CR -\nexplicitly or implicitly. Recipe groups can be used in the context of backup and/or restore workflows", - "properties": { - "backupRef": { - "description": "Used for groups solely used in restore workflows to refer to another group that is used in\nbackup workflows.", - "type": "string" - }, - "essential": { - "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", - "type": "boolean" - }, - "excludedNamespaces": { - "description": "List of namespace to exclude", - "items": { - "type": "string" - }, - "type": "array" - }, - "excludedResourceTypes": { - "description": "List of resource types to exclude", - "items": { - "type": "string" - }, - "type": "array" - }, - "includeClusterResources": { - "description": "Whether to include any cluster-scoped resources. If nil or true, cluster-scoped resources are\nincluded if they are associated with the included namespace-scoped resources", - "type": "boolean" - }, - "includedNamespaces": { - "description": "List of namespaces to include.", - "items": { - "type": "string" - }, - "type": "array" - }, - "includedNamespacesByLabel": { - "description": "Selects namespaces by label", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "hostname": { + "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "livenessProbe": { + "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "networks": { + "description": "List of networks that can be attached to a vm's virtual interface.", "items": { - "type": "string" + "description": "Network represents a network type and a resource that should be connected to the vm.", + "properties": { + "multus": { + "description": "Represents the multus cni network.", + "properties": { + "default": { + "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", + "type": "boolean" + }, + "networkName": { + "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", + "type": "string" + } + }, + "required": [ + "networkName" + ], + "type": "object" + }, + "name": { + "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "pod": { + "description": "Represents the stock pod network interface.", + "properties": { + "vmIPv6NetworkCIDR": { + "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", + "type": "string" + }, + "vmNetworkCIDR": { + "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "includedResourceTypes": { - "description": "List of resource types to include. If unspecified, all resource types are included.", - "items": { - "type": "string" - }, - "type": "array" - }, - "labelSelector": { - "description": "Select items based on label", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "maxItems": 256, + "type": "array" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Name of the group", - "type": "string" - }, - "nameSelector": { - "description": "If specified, resource's object name needs to match this expression. Valid for volume groups only.", - "type": "string" - }, - "parent": { - "description": "Name of the parent group defined in the associated Application CR. Optional - If unspecified,\nparent group is represented by the implicit default group of Application CR (implies the\nApplication CR does not specify groups explicitly).", - "type": "string" - }, - "restoreOverwriteResources": { - "description": "Whether to overwrite resources during restore. Default to false.", - "type": "boolean" - }, - "restoreStatus": { - "description": "RestoreStatus restores status if set to all the includedResources specified. Specify '*' to restore all statuses for all the CRs", - "properties": { - "excludedResources": { - "description": "List of resource types to exclude.", - "items": { - "type": "string" - }, - "type": "array" - }, - "includedResources": { - "description": "List of resource types to include. If unspecified, all resource types are included.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "selectResource": { - "description": "Determines the resource type which the fields labelSelector and nameSelector apply to for selecting PVCs. Default selection is pvc. Valid for volume groups only.", - "enum": [ - "pvc", - "pod", - "deployment", - "statefulset" - ], - "type": "string" - }, - "type": { - "description": "Determines the type of group - volume data only, resources only", - "enum": [ - "volume", - "resource" - ], - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "hooks": { - "description": "List of one or multiple hooks", - "items": { - "description": "Hooks are actions to take during recipe processing", - "properties": { - "chks": { - "description": "Set of checks that the hook can apply", - "items": { - "description": "Operation to be invoked by the hook", - "properties": { - "condition": { - "description": "The condition to check for", - "type": "string" - }, - "name": { - "description": "Name of the check. Needs to be unique within the hook", - "type": "string" - }, - "onError": { - "description": "How to handle when check does not become true. Defaults to Fail.", - "type": "string" - }, - "timeout": { - "description": "How long to wait for the check to execute, in seconds", - "type": "integer" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "essential": { - "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", - "type": "boolean" - }, - "labelSelector": { - "description": "If specified, resource object needs to match this label selector", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "priorityClassName": { + "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Hook name, unique within the Recipe CR", - "type": "string" - }, - "nameSelector": { - "description": "If specified, resource's object name needs to match this expression", - "type": "string" - }, - "namespace": { - "description": "Namespace", - "type": "string" - }, - "onError": { - "default": "fail", - "description": "Default behavior in case of failing operations (custom or built-in ops). Defaults to Fail.", - "enum": [ - "fail", - "continue" - ], - "type": "string" - }, - "ops": { - "description": "Set of operations that the hook can be invoked for", - "items": { - "description": "Operation to be invoked by the hook", - "properties": { - "command": { - "description": "The command to execute", - "minLength": 1, - "type": "string" - }, - "container": { - "description": "The container where the command should be executed", - "type": "string" - }, - "inverseOp": { - "description": "Name of another operation that reverts the effect of this operation (e.g. quiesce vs. unquiesce)", - "type": "string" - }, - "name": { - "description": "Name of the operation. Needs to be unique within the hook", - "type": "string" - }, - "onError": { - "description": "How to handle command returning with non-zero exit code. Defaults to Fail.", - "type": "string" - }, - "timeout": { - "description": "How long to wait for the command to execute, in seconds", - "type": "integer" - } - }, - "required": [ - "command", - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "selectResource": { - "description": "Resource type to that a hook applies to", - "type": "string" - }, - "singlePodOnly": { - "description": "Boolean flag that indicates whether to execute command on a single pod or on all pods that\nmatch the selector", - "type": "boolean" - }, - "timeout": { - "description": "Default timeout in seconds applied to custom and built-in operations. If not specified, equals to 30s.", - "type": "integer" - }, - "type": { - "description": "Hook type", - "enum": [ - "exec", - "scale", - "check" - ], - "type": "string" - } - }, - "required": [ - "name", - "namespace", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "volumes": { - "description": "Volumes to protect from disaster", - "properties": { - "backupRef": { - "description": "Used for groups solely used in restore workflows to refer to another group that is used in\nbackup workflows.", - "type": "string" - }, - "essential": { - "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", - "type": "boolean" - }, - "excludedNamespaces": { - "description": "List of namespace to exclude", - "items": { - "type": "string" - }, - "type": "array" - }, - "excludedResourceTypes": { - "description": "List of resource types to exclude", - "items": { - "type": "string" - }, - "type": "array" - }, - "includeClusterResources": { - "description": "Whether to include any cluster-scoped resources. If nil or true, cluster-scoped resources are\nincluded if they are associated with the included namespace-scoped resources", - "type": "boolean" - }, - "includedNamespaces": { - "description": "List of namespaces to include.", - "items": { - "type": "string" - }, - "type": "array" - }, - "includedNamespacesByLabel": { - "description": "Selects namespaces by label", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "readinessProbe": { + "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resourceClaims": { + "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", + "items": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "schedulerName": { + "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "includedResourceTypes": { - "description": "List of resource types to include. If unspecified, all resource types are included.", - "items": { - "type": "string" - }, - "type": "array" - }, - "labelSelector": { - "description": "Select items based on label", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "startStrategy": { + "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "name": { - "description": "Name of the group", - "type": "string" - }, - "nameSelector": { - "description": "If specified, resource's object name needs to match this expression. Valid for volume groups only.", - "type": "string" - }, - "parent": { - "description": "Name of the parent group defined in the associated Application CR. Optional - If unspecified,\nparent group is represented by the implicit default group of Application CR (implies the\nApplication CR does not specify groups explicitly).", - "type": "string" - }, - "restoreOverwriteResources": { - "description": "Whether to overwrite resources during restore. Default to false.", - "type": "boolean" - }, - "restoreStatus": { - "description": "RestoreStatus restores status if set to all the includedResources specified. Specify '*' to restore all statuses for all the CRs", - "properties": { - "excludedResources": { - "description": "List of resource types to exclude.", - "items": { - "type": "string" - }, - "type": "array" - }, - "includedResources": { - "description": "List of resource types to include. If unspecified, all resource types are included.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "selectResource": { - "description": "Determines the resource type which the fields labelSelector and nameSelector apply to for selecting PVCs. Default selection is pvc. Valid for volume groups only.", - "enum": [ - "pvc", - "pod", - "deployment", - "statefulset" - ], - "type": "string" - }, - "type": { - "description": "Determines the type of group - volume data only, resources only", - "enum": [ - "volume", - "resource" - ], - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "workflows": { - "description": "Workflow is the sequence of actions to take", - "items": { - "description": "Workflow is the sequence of actions to take", - "properties": { - "failOn": { - "default": "any-error", - "description": "Implies behaviour in case of failure: any-error (default), essential-error, full-error", - "enum": [ - "any-error", - "essential-error", - "full-error" - ], - "type": "string" - }, - "name": { - "description": "Name of recipe. Names \"backup\" and \"restore\" are reserved and implicitly used by default for\nbackup or restore respectively", - "type": "string" - }, - "sequence": { - "description": "List of the names of groups or hooks, in the order in which they should be executed\nFormat: : [/]", - "items": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name", - "sequence" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "required": [ - "appType" - ], - "type": "object" - }, - "status": { - "description": "RecipeStatus defines the observed state of Recipe", - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ramendr.openshift.io", - "kind": "Recipe", - "version": "v1alpha1" - } - ] - }, - "ramendr.openshift.io/v1alpha1/RecipeList": { - "description": "RecipeList is a list of Recipe", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of recipes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.ramendr.v1alpha1.Recipe" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ramendr.openshift.io", - "kind": "RecipeList", - "version": "v1alpha1" - } - ] - }, - "rbac.authorization.k8s.io/v1/ClusterRole": { - "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", - "namespaced": false, - "properties": { - "aggregationRule": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.AggregationRule" - } - ], - "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata." - }, - "rules": { - "description": "Rules holds all the PolicyRules for this ClusterRole", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.PolicyRule" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRole", - "version": "v1" - } - ] - }, - "rbac.authorization.k8s.io/v1/ClusterRoleBinding": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata." - }, - "roleRef": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleRef" - } - ], - "default": {}, - "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." - }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Subject" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "roleRef" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleBinding", - "version": "v1" - } - ] - }, - "rbac.authorization.k8s.io/v1/ClusterRoleBindingList": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of ClusterRoleBindings", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.ClusterRoleBinding" - } - ], - "default": {} + "subdomain": { + "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If toleration is specified, obey all the toleration rules.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumes": { + "description": "List of volumes that can be mounted by disks belonging to the vmi.", + "items": { + "description": "Volume represents a named volume in a vmi.", + "properties": { + "cloudInitConfigDrive": { + "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", + "properties": { + "networkData": { + "description": "NetworkData contains config drive inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains config drive inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "cloudInitNoCloud": { + "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", + "properties": { + "networkData": { + "description": "NetworkData contains NoCloud inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains NoCloud inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or it's keys must be defined", + "type": "boolean" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "containerDisk": { + "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", + "properties": { + "image": { + "description": "Image is the name of the image with the embedded disk.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "path": { + "description": "Path defines the path to disk file in the container", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "dataVolume": { + "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", + "properties": { + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "name": { + "description": "Name of both the DataVolume and the PVC in the same namespace.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "downwardAPI": { + "description": "DownwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "fields": { + "description": "Fields is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "downwardMetrics": { + "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", + "type": "object" + }, + "emptyDisk": { + "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "capacity" + ], + "type": "object" + }, + "ephemeral": { + "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", + "properties": { + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + } + }, + "type": "object" + }, + "hostDisk": { + "description": "HostDisk represents a disk created on the cluster level", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "path": { + "description": "The path to HostDisk image located on the cluster", + "type": "string" + }, + "shared": { + "description": "Shared indicate whether the path is shared between nodes", + "type": "boolean" + }, + "type": { + "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", + "type": "string" + } + }, + "required": [ + "path", + "type" + ], + "type": "object" + }, + "memoryDump": { + "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "name": { + "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "secret": { + "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", + "properties": { + "optional": { + "description": "Specify whether the Secret or it's keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "properties": { + "serviceAccountName": { + "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + } + }, + "type": "object" + }, + "sysprep": { + "description": "Represents a Sysprep volume source.", + "properties": { + "configMap": { + "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + } + }, + "required": [ + "domain" + ], + "type": "object" + } + }, + "type": "object" + }, + "updateVolumesStrategy": { + "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", + "type": "string" + } + }, + "required": [ + "template" + ], + "type": "object" + } + }, + "type": "object" + } }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "required": [ + "selector", + "virtualMachineTemplate" + ], + "type": "object" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "labelSelector": { + "description": "Canonical form of the label selector for HPA which consumes it through the scale subresource.", + "type": "string" + }, + "readyReplicas": { + "format": "int32", + "type": "integer" + }, + "replicas": { + "format": "int32", + "type": "integer" } - ], - "default": {}, - "description": "Standard object's metadata." + }, + "type": "object" } }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleBindingList", - "version": "v1" + "group": "pool.kubevirt.io", + "kind": "VirtualMachinePool", + "version": "v1alpha1" } ] }, - "rbac.authorization.k8s.io/v1/ClusterRoleList": { - "description": "ClusterRoleList is a collection of ClusterRoles", + "pool.kubevirt.io/v1alpha1/VirtualMachinePoolList": { + "description": "VirtualMachinePoolList is a list of VirtualMachinePool", "namespaced": true, "properties": { "apiVersion": { @@ -303580,14 +254759,9 @@ "type": "string" }, "items": { - "description": "Items is a list of ClusterRoles", + "description": "List of virtualmachinepools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.ClusterRole" - } - ], - "default": {} + "$ref": "#/components/schemas/io.kubevirt.pool.v1alpha1.VirtualMachinePool" }, "type": "array" }, @@ -303601,8 +254775,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard object's metadata." + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -303611,60 +254784,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "rbac.authorization.k8s.io", - "kind": "ClusterRoleList", - "version": "v1" - } - ] - }, - "rbac.authorization.k8s.io/v1/Role": { - "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata." - }, - "rules": { - "description": "Rules holds all the PolicyRules for this Role", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.PolicyRule" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "Role", - "version": "v1" + "group": "pool.kubevirt.io", + "kind": "VirtualMachinePoolList", + "version": "v1alpha1" } ] }, - "rbac.authorization.k8s.io/v1/RoleBinding": { - "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", - "namespaced": true, + "populator.storage.k8s.io/v1beta1/VolumePopulator": { + "description": "VolumePopulator represents the registration for a volume populator. VolumePopulators are cluster scoped.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -303680,92 +254808,39 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "Standard object's metadata." + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "roleRef": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleRef" + "sourceKind": { + "description": "Kind of the data source this populator supports", + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" } - ], - "default": {}, - "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." - }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Subject" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "roleRef" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "rbac.authorization.k8s.io", - "kind": "RoleBinding", - "version": "v1" - } - ] - }, - "rbac.authorization.k8s.io/v1/RoleBindingList": { - "description": "RoleBindingList is a collection of RoleBindings", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of RoleBindings", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleBinding" - } - ], - "default": {} }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } + "required": [ + "group", + "kind" ], - "default": {}, - "description": "Standard object's metadata." + "type": "object" } }, "required": [ - "items" + "sourceKind" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "rbac.authorization.k8s.io", - "kind": "RoleBindingList", - "version": "v1" + "group": "populator.storage.k8s.io", + "kind": "VolumePopulator", + "version": "v1beta1" } ] }, - "rbac.authorization.k8s.io/v1/RoleList": { - "description": "RoleList is a collection of Roles", + "populator.storage.k8s.io/v1beta1/VolumePopulatorList": { + "description": "VolumePopulatorList is a list of VolumePopulator", "namespaced": true, "properties": { "apiVersion": { @@ -303773,14 +254848,9 @@ "type": "string" }, "items": { - "description": "Items is a list of Roles", + "description": "List of volumepopulators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Role" - } - ], - "default": {} + "$ref": "#/components/schemas/io.k8s.storage.populator.v1beta1.VolumePopulator" }, "type": "array" }, @@ -303794,8 +254864,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard object's metadata." + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -303804,14 +254873,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "rbac.authorization.k8s.io", - "kind": "RoleList", - "version": "v1" + "group": "populator.storage.k8s.io", + "kind": "VolumePopulatorList", + "version": "v1beta1" } ] }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplication": { - "description": "VolumeGroupReplication is the Schema for the volumegroupreplications API", + "postgresql.cnpg.noobaa.io/v1/Backup": { + "description": "A Backup resource is a request for a PostgreSQL backup by the user.", "namespaced": true, "properties": { "apiVersion": { @@ -303831,568 +254900,459 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "VolumeGroupReplicationSpec defines the desired state of VolumeGroupReplication", + "description": "Specification of the desired behavior of the backup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { - "autoResync": { - "default": false, - "description": "AutoResync represents the group to be auto resynced when\nReplicationState is \"secondary\"", - "type": "boolean" - }, - "external": { - "default": false, - "description": "External represents if VolumeGroupReplication should be reconciled by the csi-addons controller\nor an external controller managed by the storage vendor.", - "type": "boolean", - "x-kubernetes-validations": [ - { - "message": "source is immutable", - "rule": "self == oldSelf" + "cluster": { + "description": "The cluster to backup", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" } - ] + }, + "required": [ + "name" + ], + "type": "object" }, - "replicationState": { - "description": "ReplicationState represents the replication operation to be performed on the group.\nSupported operations are \"primary\", \"secondary\" and \"resync\"", + "method": { + "default": "barmanObjectStore", + "description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.", "enum": [ - "primary", - "secondary", - "resync" + "barmanObjectStore", + "volumeSnapshot", + "plugin" ], "type": "string" }, - "source": { - "description": "Source specifies where a group replications will be created from.\nThis field is immutable after creation.\nRequired.", + "online": { + "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'", + "type": "boolean" + }, + "onlineConfiguration": { + "description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza", "properties": { - "selector": { - "description": "Selector is a label query over persistent volume claims that are to be\ngrouped together for replication.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "immediateCheckpoint": { + "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", + "type": "boolean" + }, + "waitForArchive": { + "default": true, + "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", + "type": "boolean" + } + }, + "type": "object" + }, + "pluginConfiguration": { + "description": "Configuration parameters passed to the plugin managing this backup", + "properties": { + "name": { + "description": "Name is the name of the plugin managing this backup", + "type": "string" + }, + "parameters": { + "additionalProperties": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "selector is immutable", - "rule": "self == oldSelf" - } - ] + "description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup", + "type": "object" } }, "required": [ - "selector" + "name" ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "source is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeGroupReplicationClassName": { - "description": "volumeGroupReplicationClassName is the volumeGroupReplicationClass name for this VolumeGroupReplication resource", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeGroupReplicationClassName is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeGroupReplicationContentName": { - "description": "Name of the VolumeGroupReplicationContent object created for this volumeGroupReplication", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeGroupReplicationContentName is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeReplicationClassName": { - "description": "volumeReplicationClassName is the volumeReplicationClass name for the VolumeReplication object\ncreated for this volumeGroupReplication", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeReplicationClassName is immutable", - "rule": "self == oldSelf" - } - ] + "type": "object" }, - "volumeReplicationName": { - "description": "Name of the VolumeReplication object created for this volumeGroupReplication", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeReplicationName is immutable", - "rule": "self == oldSelf" - } - ] + "target": { + "description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.", + "enum": [ + "primary", + "prefer-standby" + ], + "type": "string" } }, "required": [ - "autoResync", - "replicationState", - "source", - "volumeGroupReplicationClassName" + "cluster" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "BackupSpec is immutable once set", + "rule": "oldSelf == self" + } + ] }, "status": { - "description": "VolumeGroupReplicationStatus defines the observed state of VolumeGroupReplication", + "description": "Most recently observed status of the backup. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { - "conditions": { - "description": "Conditions are the list of conditions and their status.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" + "azureCredentials": { + "description": "The credentials to use to upload data to Azure Blob Storage", + "properties": { + "connectionString": { + "description": "The connection string to be used", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromAzureAD": { + "description": "Use the Azure AD based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "storageAccount": { + "description": "The storage account where to upload data", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "required": [ + "key", + "name" + ], + "type": "object" + }, + "storageKey": { + "description": "The storage account key to be used in conjunction\nwith the storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } + "required": [ + "key", + "name" + ], + "type": "object" }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" + "storageSasToken": { + "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } }, - "type": "array" + "type": "object" }, - "lastCompletionTime": { - "format": "date-time", + "backupId": { + "description": "The ID of the Barman backup", "type": "string" }, - "lastStartTime": { - "format": "date-time", + "backupLabelFile": { + "description": "Backup label file content as returned by Postgres in case of online (hot) backups", + "format": "byte", "type": "string" }, - "lastSyncBytes": { - "format": "int64", - "type": "integer" + "backupName": { + "description": "The Name of the Barman backup", + "type": "string" }, - "lastSyncDuration": { + "beginLSN": { + "description": "The starting xlog", "type": "string" }, - "lastSyncTime": { - "format": "date-time", + "beginWal": { + "description": "The starting WAL", "type": "string" }, - "message": { + "commandError": { + "description": "The backup command output in case of error", "type": "string" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change the operator has dealt with", - "format": "int64", - "type": "integer" + "commandOutput": { + "description": "Unused. Retained for compatibility with old versions.", + "type": "string" }, - "persistentVolumeClaimsRefList": { - "description": "PersistentVolumeClaimsRefList is the list of PVCs for the volume group replication.\nThe maximum number of allowed PVCs in the group is 100.", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "destinationPath": { + "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data. This may not be populated in case of errors.", + "type": "string" + }, + "encryption": { + "description": "Encryption method required to S3 API", + "type": "string" + }, + "endLSN": { + "description": "The ending xlog", + "type": "string" + }, + "endWal": { + "description": "The ending WAL", + "type": "string" + }, + "endpointCA": { + "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive.", + "properties": { + "key": { + "description": "The key to select", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "name": { + "description": "Name of the referent.", + "type": "string" + } }, - "type": "array" + "required": [ + "key", + "name" + ], + "type": "object" }, - "state": { - "description": "State captures the latest state of the replication operation.", + "endpointURL": { + "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplication", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationClass": { - "description": "VolumeGroupReplicationClass is the Schema for the volumegroupreplicationclasses API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VolumeGroupReplicationClassSpec specifies parameters that an underlying storage system uses\nwhen creating a volumegroup replica. A specific VolumeGroupReplicationClass is used by specifying\nits name in a VolumeGroupReplication object.", - "properties": { - "parameters": { + }, + "error": { + "description": "The detected error", + "type": "string" + }, + "googleCredentials": { + "description": "The credentials to use to upload data to Google Cloud Storage", + "properties": { + "applicationCredentials": { + "description": "The secret containing the Google Cloud Storage JSON file with the credentials", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "gkeEnvironment": { + "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "instanceID": { + "description": "Information to identify the instance where the backup has been taken from", + "properties": { + "ContainerID": { + "description": "The container ID", + "type": "string" + }, + "podName": { + "description": "The pod name", + "type": "string" + } + }, + "type": "object" + }, + "method": { + "description": "The backup method being used", + "type": "string" + }, + "online": { + "description": "Whether the backup was online/hot (`true`) or offline/cold (`false`)", + "type": "boolean" + }, + "phase": { + "description": "The last backup status", + "type": "string" + }, + "pluginMetadata": { "additionalProperties": { "type": "string" }, - "description": "Parameters is a key-value map with storage provisioner specific configurations for\ncreating volume group replicas", - "type": "object", - "x-kubernetes-validations": [ - { - "message": "parameters are immutable", - "rule": "self == oldSelf" - } - ] + "description": "A map containing the plugin metadata", + "type": "object" }, - "provisioner": { - "description": "Provisioner is the name of storage provisioner", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "provisioner is immutable", - "rule": "self == oldSelf" + "s3Credentials": { + "description": "The credentials to use to upload data to S3", + "properties": { + "accessKeyId": { + "description": "The reference to the access key id", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromIAMRole": { + "description": "Use the role based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "region": { + "description": "The reference to the secret containing the region name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "secretAccessKey": { + "description": "The reference to the secret access key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "sessionToken": { + "description": "The references to the session key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" } - ] - } - }, - "required": [ - "provisioner" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "parameters are immutable", - "rule": "has(self.parameters) == has(oldSelf.parameters)" - } - ] - }, - "status": { - "description": "VolumeGroupReplicationClassStatus defines the observed state of VolumeGroupReplicationClass", - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplicationClass", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationClassList": { - "description": "VolumeGroupReplicationClassList is a list of VolumeGroupReplicationClass", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of volumegroupreplicationclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplicationClass" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplicationClassList", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationContent": { - "description": "VolumeGroupReplicationContent is the Schema for the volumegroupreplicationcontents API", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VolumeGroupReplicationContentSpec defines the desired state of VolumeGroupReplicationContent", - "properties": { - "provisioner": { - "description": "provisioner is the name of the CSI driver used to create the physical\nvolume group on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", + }, + "type": "object" + }, + "serverName": { + "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", "type": "string" }, - "source": { - "description": "Source specifies whether the volume group is (or should be) dynamically provisioned\nor already exists using the volumes listed here, and just requires a\nKubernetes object representation.\nRequired.", + "snapshotBackupStatus": { + "description": "Status of the volumeSnapshot backup", "properties": { - "volumeHandles": { - "description": "VolumeHandles is a list of volume handles on the backend to be grouped\nand replicated.", + "elements": { + "description": "The elements list, populated with the gathered volume snapshots", "items": { - "type": "string" + "description": "BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup", + "properties": { + "name": { + "description": "Name is the snapshot resource name", + "type": "string" + }, + "tablespaceName": { + "description": "TablespaceName is the name of the snapshotted tablespace. Only set\nwhen type is PG_TABLESPACE", + "type": "string" + }, + "type": { + "description": "Type is tho role of the snapshot in the cluster, such as PG_DATA, PG_WAL and PG_TABLESPACE", + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" }, "type": "array" } }, - "required": [ - "volumeHandles" - ], "type": "object" }, - "volumeGroupAttributes": { - "additionalProperties": { - "type": "string" - }, - "description": "volumeGroupAttributes holds the contextual information of the volume group.", - "type": "object", - "x-kubernetes-validations": [ - { - "message": "field is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeGroupReplicationClassName": { - "description": "VolumeGroupReplicationClassName is the name of the VolumeGroupReplicationClass from\nwhich this group replication was (or will be) created.\nRequired.", + "startedAt": { + "description": "When the backup was started", + "format": "date-time", "type": "string" }, - "volumeGroupReplicationHandle": { - "description": "VolumeGroupReplicationHandle is a unique id returned by the CSI driver\nto identify the VolumeGroupReplication on the storage system.", + "stoppedAt": { + "description": "When the backup was terminated", + "format": "date-time", "type": "string" }, - "volumeGroupReplicationRef": { - "description": "VolumeGroupreplicationRef specifies the VolumeGroupReplication object to which this\nVolumeGroupReplicationContent object is bound.\nVolumeGroupReplication.Spec.VolumeGroupReplicationContentName field must reference to\nthis VolumeGroupReplicationContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeGroupReplication object, MUST provide an empty/nil value for\nVolumeGroupReplicationRef for the auto-binding to happen.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "volumeGroupReplicationRef.name, volumeGroupReplicationRef.namespace and volumeGroupReplicationRef.uid must be set if volumeGroupReplicationRef is defined", - "rule": "self != null ? has(self.name) && has(self.__namespace__) && has(self.uid) : true" - } - ] - } - }, - "required": [ - "provisioner", - "source", - "volumeGroupReplicationClassName" - ], - "type": "object" - }, - "status": { - "description": "VolumeGroupReplicationContentStatus defines the status of VolumeGroupReplicationContent", - "properties": { - "persistentVolumeRefList": { - "description": "PersistentVolumeRefList is the list of PV for the group replication\nThe maximum number of allowed PV in the group is 100.", - "items": { - "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array" + "tablespaceMapFile": { + "description": "Tablespace map file content as returned by Postgres in case of online (hot) backups", + "format": "byte", + "type": "string" } }, "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplicationContent", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationContentList": { - "description": "VolumeGroupReplicationContentList is a list of VolumeGroupReplicationContent", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of volumegroupreplicationcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplicationContent" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, "required": [ - "items" + "metadata", + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplicationContentList", - "version": "v1alpha1" + "group": "postgresql.cnpg.noobaa.io", + "kind": "Backup", + "version": "v1" } ] }, - "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationList": { - "description": "VolumeGroupReplicationList is a list of VolumeGroupReplication", + "postgresql.cnpg.noobaa.io/v1/BackupList": { + "description": "BackupList is a list of Backup", "namespaced": true, "properties": { "apiVersion": { @@ -304400,9 +255360,9 @@ "type": "string" }, "items": { - "description": "List of volumegroupreplications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of backups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplication" + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Backup" }, "type": "array" }, @@ -304425,14 +255385,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "replication.storage.openshift.io", - "kind": "VolumeGroupReplicationList", - "version": "v1alpha1" + "group": "postgresql.cnpg.noobaa.io", + "kind": "BackupList", + "version": "v1" } ] }, - "replication.storage.openshift.io/v1alpha1/VolumeReplication": { - "description": "VolumeReplication is the Schema for the volumereplications API.", + "postgresql.cnpg.noobaa.io/v1/Cluster": { + "description": "Cluster is the Schema for the PostgreSQL API", "namespaced": true, "properties": { "apiVersion": { @@ -304452,4069 +255412,4751 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "VolumeReplicationSpec defines the desired state of VolumeReplication.", + "description": "Specification of the desired behavior of the cluster.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { - "autoResync": { - "default": false, - "description": "AutoResync represents the volume to be auto resynced when\nReplicationState is \"secondary\"", - "type": "boolean" - }, - "dataSource": { - "description": "DataSource represents the object associated with the volume", + "affinity": { + "description": "Affinity/Anti-affinity rules for Pods", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "dataSource is immutable", - "rule": "self == oldSelf" - } - ] - }, - "replicationHandle": { - "description": "replicationHandle represents an existing (but new) replication id", - "type": "string" - }, - "replicationState": { - "description": "ReplicationState represents the replication operation to be performed on the volume.\nSupported operations are \"primary\", \"secondary\" and \"resync\"", - "enum": [ - "primary", - "secondary", - "resync" - ], - "type": "string" - }, - "volumeReplicationClass": { - "description": "VolumeReplicationClass is the VolumeReplicationClass name for this VolumeReplication resource", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeReplicationClass is immutable", - "rule": "self == oldSelf" - } - ] - } - }, - "required": [ - "autoResync", - "dataSource", - "replicationState", - "volumeReplicationClass" - ], - "type": "object" - }, - "status": { - "description": "VolumeReplicationStatus defines the observed state of VolumeReplication.", - "properties": { - "conditions": { - "description": "Conditions are the list of conditions and their status.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" + "additionalPodAffinity": { + "description": "AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" + "type": "object" + }, + "additionalPodAntiAffinity": { + "description": "AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated\nby the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" + "type": "object" + }, + "enablePodAntiAffinity": { + "description": "Activates anti-affinity for the pods. The operator will define pods\nanti-affinity unless this field is explicitly set to false", + "type": "boolean" + }, + "nodeAffinity": { + "description": "NodeAffinity describes node affinity scheduling rules for the pod.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" + "description": "NodeSelector is map of key-value pairs used to define the nodes on which\nthe pods can run.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" + }, + "podAntiAffinityType": { + "description": "PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be\nconsidered a strong requirement during scheduling or not. Allowed values are: \"preferred\" (default if empty) or\n\"required\". Setting it to \"required\", could lead to instances remaining pending until new kubernetes nodes are\nadded if all the existing nodes don't match the required pod anti-affinity rule.\nMore info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run\non tainted nodes.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } + "type": "array" }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "lastCompletionTime": { - "format": "date-time", - "type": "string" - }, - "lastStartTime": { - "format": "date-time", - "type": "string" - }, - "lastSyncBytes": { - "format": "int64", - "type": "integer" - }, - "lastSyncDuration": { - "type": "string" - }, - "lastSyncTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change the operator has dealt with", - "format": "int64", - "type": "integer" - }, - "state": { - "description": "State captures the latest state of the replication operation.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeReplication", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeReplicationClass": { - "description": "VolumeReplicationClass is the Schema for the volumereplicationclasses API.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VolumeReplicationClassSpec specifies parameters that an underlying storage system uses\nwhen creating a volume replica. A specific VolumeReplicationClass is used by specifying\nits name in a VolumeReplication object.", - "properties": { - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters is a key-value map with storage provisioner specific configurations for\ncreating volume replicas", - "type": "object", - "x-kubernetes-validations": [ - { - "message": "parameters are immutable", - "rule": "self == oldSelf" + "topologyKey": { + "description": "TopologyKey to use for anti-affinity configuration. See k8s documentation\nfor more info on that", + "type": "string" } - ] + }, + "type": "object" }, - "provisioner": { - "description": "Provisioner is the name of storage provisioner", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "provisioner is immutable", - "rule": "self == oldSelf" - } - ] - } - }, - "required": [ - "provisioner" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "parameters are immutable", - "rule": "has(self.parameters) == has(oldSelf.parameters)" - } - ] - }, - "status": { - "description": "VolumeReplicationClassStatus defines the observed state of VolumeReplicationClass.", - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeReplicationClass", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeReplicationClassList": { - "description": "VolumeReplicationClassList is a list of VolumeReplicationClass", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of volumereplicationclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeReplicationClass" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeReplicationClassList", - "version": "v1alpha1" - } - ] - }, - "replication.storage.openshift.io/v1alpha1/VolumeReplicationList": { - "description": "VolumeReplicationList is a list of VolumeReplication", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of volumereplications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeReplication" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "replication.storage.openshift.io", - "kind": "VolumeReplicationList", - "version": "v1alpha1" - } - ] - }, - "resource.k8s.io/v1beta1/DeviceClass": { - "description": "DeviceClass is a vendor- or admin-provided resource that contains device configuration and selectors. It can be referenced in the device requests of a claim to apply these presets. Cluster scoped.\n\nThis is an alpha type and requires enabling the DynamicResourceAllocation feature gate.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.DeviceClassSpec" - } - ], - "default": {}, - "description": "Spec defines what can be allocated and how to configure it.\n\nThis is mutable. Consumers have to be prepared for classes changing at any time, either because they get updated or replaced. Claim allocations are done once based on whatever was set in classes at the time of allocation.\n\nChanging the spec automatically increments the metadata.generation number." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "DeviceClass", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/DeviceClassList": { - "description": "DeviceClassList is a collection of classes.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of resource classes.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.DeviceClass" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "DeviceClassList", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceClaim": { - "description": "ResourceClaim describes a request for access to resources in the cluster, for use by workloads. For example, if a workload needs an accelerator device with specific properties, this is how that request is expressed. The status stanza tracks whether this claim has been satisfied and what specific resources have been allocated.\n\nThis is an alpha type and requires enabling the DynamicResourceAllocation feature gate.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceClaimSpec" - } - ], - "default": {}, - "description": "Spec describes what is being requested and how to configure it. The spec is immutable." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceClaimStatus" - } - ], - "default": {}, - "description": "Status describes whether the claim is ready to use and what has been allocated." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceClaim", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceClaimList": { - "description": "ResourceClaimList is a collection of claims.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of resource claims.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceClaim" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceClaimList", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceClaimTemplate": { - "description": "ResourceClaimTemplate is used to produce ResourceClaim objects.\n\nThis is an alpha type and requires enabling the DynamicResourceAllocation feature gate.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceClaimTemplateSpec" - } - ], - "default": {}, - "description": "Describes the ResourceClaim that is to be generated.\n\nThis field is immutable. A ResourceClaim will get created by the control plane for a Pod when needed and then not get updated anymore." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceClaimTemplate", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceClaimTemplateList": { - "description": "ResourceClaimTemplateList is a collection of claim templates.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of resource claim templates.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceClaimTemplate" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceClaimTemplateList", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceSlice": { - "description": "ResourceSlice represents one or more resources in a pool of similar resources, managed by a common driver. A pool may span more than one ResourceSlice, and exactly how many ResourceSlices comprise a pool is determined by the driver.\n\nAt the moment, the only supported resources are devices with attributes and capacities. Each device in a given pool, regardless of how many ResourceSlices, must have a unique name. The ResourceSlice in which a device gets published may change over time. The unique identifier for a device is the tuple , , .\n\nWhenever a driver needs to update a pool, it increments the pool.Spec.Pool.Generation number and updates all ResourceSlices with that new number and new resource definitions. A consumer must only use ResourceSlices with the highest generation number and ignore all others.\n\nWhen allocating all resources in a pool matching certain criteria or when looking for the best solution among several different alternatives, a consumer should check the number of ResourceSlices in a pool (included in each ResourceSlice) to determine whether its view of a pool is complete and if not, should wait until the driver has completed updating the pool.\n\nFor resources that are not local to a node, the node name is not set. Instead, the driver may use a node selector to specify where the devices are available.\n\nThis is an alpha type and requires enabling the DynamicResourceAllocation feature gate.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceSliceSpec" - } - ], - "default": {}, - "description": "Contains the information published by the driver.\n\nChanging the spec automatically increments the metadata.generation number." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceSlice", - "version": "v1beta1" - } - ] - }, - "resource.k8s.io/v1beta1/ResourceSliceList": { - "description": "ResourceSliceList is a collection of ResourceSlices.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is the list of resource ResourceSlices.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.resource.v1beta1.ResourceSlice" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "resource.k8s.io", - "kind": "ResourceSliceList", - "version": "v1beta1" - } - ] - }, - "route.openshift.io/v1/Route": { - "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteSpec" - } - ], - "default": {}, - "description": "spec is the desired state of the route" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteStatus" - } - ], - "default": {}, - "description": "status is the current state of the route" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "route.openshift.io", - "kind": "Route", - "version": "v1" - } - ] - }, - "route.openshift.io/v1/RouteList": { - "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of routes", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.Route" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "route.openshift.io", - "kind": "RouteList", - "version": "v1" - } - ] - }, - "runtime.cluster.x-k8s.io/v1alpha1/ExtensionConfig": { - "description": "ExtensionConfig is the Schema for the ExtensionConfig API.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ExtensionConfigSpec is the desired state of the ExtensionConfig", - "properties": { - "clientConfig": { - "description": "clientConfig defines how to communicate with the Extension server.", + "backup": { + "description": "The configuration to be used for backups", "properties": { - "caBundle": { - "description": "caBundle is a PEM encoded CA bundle which will be used to validate the Extension server's server certificate.", - "format": "byte", + "barmanObjectStore": { + "description": "The configuration for the barman-cloud tool suite", + "properties": { + "azureCredentials": { + "description": "The credentials to use to upload data to Azure Blob Storage", + "properties": { + "connectionString": { + "description": "The connection string to be used", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromAzureAD": { + "description": "Use the Azure AD based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "storageAccount": { + "description": "The storage account where to upload data", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "storageKey": { + "description": "The storage account key to be used in conjunction\nwith the storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "storageSasToken": { + "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "data": { + "description": "The configuration to be used to backup the data files\nWhen not defined, base backups files will be stored uncompressed and may\nbe unencrypted in the object store, according to the bucket default\npolicy.", + "properties": { + "additionalCommandArgs": { + "description": "AdditionalCommandArgs represents additional arguments that can be appended\nto the 'barman-cloud-backup' command-line invocation. These arguments\nprovide flexibility to customize the backup process further according to\nspecific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-backup' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "compression": { + "description": "Compress a backup file (a tar file per tablespace) while streaming it\nto the object store. Available options are empty string (no\ncompression, default), `gzip`, `bzip2`, and `snappy`.", + "enum": [ + "bzip2", + "gzip", + "snappy" + ], + "type": "string" + }, + "encryption": { + "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + }, + "immediateCheckpoint": { + "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", + "type": "boolean" + }, + "jobs": { + "description": "The number of parallel jobs to be used to upload the backup, defaults\nto 2", + "format": "int32", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "destinationPath": { + "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data", + "minLength": 1, + "type": "string" + }, + "endpointCA": { + "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "endpointURL": { + "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", + "type": "string" + }, + "googleCredentials": { + "description": "The credentials to use to upload data to Google Cloud Storage", + "properties": { + "applicationCredentials": { + "description": "The secret containing the Google Cloud Storage JSON file with the credentials", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "gkeEnvironment": { + "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "historyTags": { + "additionalProperties": { + "type": "string" + }, + "description": "HistoryTags is a list of key value pairs that will be passed to the\nBarman --history-tags option.", + "type": "object" + }, + "s3Credentials": { + "description": "The credentials to use to upload data to S3", + "properties": { + "accessKeyId": { + "description": "The reference to the access key id", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromIAMRole": { + "description": "Use the role based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "region": { + "description": "The reference to the secret containing the region name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "secretAccessKey": { + "description": "The reference to the secret access key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "sessionToken": { + "description": "The references to the session key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "serverName": { + "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "Tags is a list of key value pairs that will be passed to the\nBarman --tags option.", + "type": "object" + }, + "wal": { + "description": "The configuration for the backup of the WAL stream.\nWhen not defined, WAL files will be stored uncompressed and may be\nunencrypted in the object store, according to the bucket default policy.", + "properties": { + "archiveAdditionalCommandArgs": { + "description": "Additional arguments that can be appended to the 'barman-cloud-wal-archive'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL archive process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "compression": { + "description": "Compress a WAL file before sending it to the object store. Available\noptions are empty string (no compression, default), `gzip`, `bzip2`,\n`lz4`, `snappy`, `xz`, and `zstd`.", + "enum": [ + "bzip2", + "gzip", + "lz4", + "snappy", + "xz", + "zstd" + ], + "type": "string" + }, + "encryption": { + "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + }, + "maxParallel": { + "description": "Number of WAL files to be either archived in parallel (when the\nPostgreSQL instance is archiving to a backup object store) or\nrestored in parallel (when a PostgreSQL standby is fetching WAL\nfiles from a recovery object store). If not specified, WAL files\nwill be processed one at a time. It accepts a positive integer as a\nvalue - with 1 being the minimum accepted value.", + "minimum": 1, + "type": "integer" + }, + "restoreAdditionalCommandArgs": { + "description": "Additional arguments that can be appended to the 'barman-cloud-wal-restore'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL restore process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destinationPath" + ], + "type": "object" + }, + "retentionPolicy": { + "description": "RetentionPolicy is the retention policy to be used for backups\nand WALs (i.e. '60d'). The retention policy is expressed in the form\nof `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -\ndays, weeks, months.\nIt's currently only applicable when using the BarmanObjectStore method.", + "pattern": "^[1-9][0-9]*[dwm]$", "type": "string" }, - "service": { - "description": "service is a reference to the Kubernetes service for the Extension server.\nNote: Exactly one of `url` or `service` must be specified.\n\nIf the Extension server is running within a cluster, then you should use `service`.", + "target": { + "default": "prefer-standby", + "description": "The policy to decide which instance should perform backups. Available\noptions are empty string, which will default to `prefer-standby` policy,\n`primary` to have backups run always on primary instances, `prefer-standby`\nto have backups run preferably on the most updated standby, if available.", + "enum": [ + "primary", + "prefer-standby" + ], + "type": "string" + }, + "volumeSnapshot": { + "description": "VolumeSnapshot provides the configuration for the execution of volume snapshot backups.", "properties": { - "name": { - "description": "name is the name of the service.", + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations key-value pairs that will be added to .metadata.annotations snapshot resources.", + "type": "object" + }, + "className": { + "description": "ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim.\nIt is the default class for the other types if no specific class is present", "type": "string" }, - "namespace": { - "description": "namespace is the namespace of the service.", + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels are key-value pairs that will be added to .metadata.labels snapshot resources.", + "type": "object" + }, + "online": { + "default": true, + "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)", + "type": "boolean" + }, + "onlineConfiguration": { + "default": { + "immediateCheckpoint": false, + "waitForArchive": true + }, + "description": "Configuration parameters to control the online/hot backup with volume snapshots", + "properties": { + "immediateCheckpoint": { + "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", + "type": "boolean" + }, + "waitForArchive": { + "default": true, + "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", + "type": "boolean" + } + }, + "type": "object" + }, + "snapshotOwnerReference": { + "default": "none", + "description": "SnapshotOwnerReference indicates the type of owner reference the snapshot should have", + "enum": [ + "none", + "cluster", + "backup" + ], "type": "string" }, - "path": { - "description": "path is an optional URL path and if present may be any string permissible in\na URL. If a path is set it will be used as prefix to the hook-specific path.", - "type": "string" + "tablespaceClassName": { + "additionalProperties": { + "type": "string" + }, + "description": "TablespaceClassName specifies the Snapshot Class to be used for the tablespaces.\ndefaults to the PGDATA Snapshot Class, if set", + "type": "object" }, - "port": { - "description": "port is the port on the service that's hosting the Extension server.\nDefaults to 443.\nPort should be a valid port number (1-65535, inclusive).", - "format": "int32", - "type": "integer" + "walClassName": { + "description": "WalClassName specifies the Snapshot Class to be used for the PG_WAL PersistentVolumeClaim.", + "type": "string" } }, - "required": [ - "name", - "namespace" - ], "type": "object" - }, - "url": { - "description": "url gives the location of the Extension server, in standard URL form\n(`scheme://host:port/path`).\nNote: Exactly one of `url` or `service` must be specified.\n\nThe scheme must be \"https\".\n\nThe `host` should not refer to a service running in the cluster; use\nthe `service` field instead.\n\nA path is optional, and if present may be any string permissible in\na URL. If a path is set it will be used as prefix to the hook-specific path.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not\nallowed. Fragments (\"#...\") and query parameters (\"?...\") are not\nallowed either.", - "type": "string" } }, "type": "object" }, - "namespaceSelector": { - "description": "namespaceSelector decides whether to call the hook for an object based\non whether the namespace for that object matches the selector.\nDefaults to the empty LabelSelector, which matches all objects.", + "bootstrap": { + "description": "Instructions to bootstrap this cluster", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "initdb": { + "description": "Bootstrap the cluster via initdb", + "properties": { + "builtinLocale": { + "description": "Specifies the locale name when the builtin provider is used.\nThis option requires `localeProvider` to be set to `builtin`.\nAvailable from PostgreSQL 17.", + "type": "string" + }, + "dataChecksums": { + "description": "Whether the `-k` option should be passed to initdb,\nenabling checksums on data pages (default: `false`)", + "type": "boolean" + }, + "database": { + "description": "Name of the database used by the application. Default: `app`.", + "type": "string" + }, + "encoding": { + "description": "The value to be passed as option `--encoding` for initdb (default:`UTF8`)", + "type": "string" + }, + "icuLocale": { + "description": "Specifies the ICU locale when the ICU provider is used.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 15.", + "type": "string" + }, + "icuRules": { + "description": "Specifies additional collation rules to customize the behavior of the default collation.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 16.", + "type": "string" + }, + "import": { + "description": "Bootstraps the new cluster by importing data from an existing PostgreSQL\ninstance using logical backup (`pg_dump` and `pg_restore`)", + "properties": { + "databases": { + "description": "The databases to import", + "items": { + "type": "string" + }, + "type": "array" + }, + "pgDumpExtraOptions": { + "description": "List of custom options to pass to the `pg_dump` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design.", + "items": { + "type": "string" + }, + "type": "array" + }, + "pgRestoreExtraOptions": { + "description": "List of custom options to pass to the `pg_restore` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design.", + "items": { + "type": "string" + }, + "type": "array" + }, + "postImportApplicationSQL": { + "description": "List of SQL queries to be executed as a superuser in the application\ndatabase right after is imported - to be used with extreme care\n(by default empty). Only available in microservice type.", + "items": { + "type": "string" + }, + "type": "array" + }, + "roles": { + "description": "The roles to import", + "items": { + "type": "string" + }, + "type": "array" + }, + "schemaOnly": { + "description": "When set to true, only the `pre-data` and `post-data` sections of\n`pg_restore` are invoked, avoiding data import. Default: `false`.", + "type": "boolean" + }, + "source": { + "description": "The source of the import", + "properties": { + "externalCluster": { + "description": "The name of the externalCluster used for import", + "type": "string" + } + }, + "required": [ + "externalCluster" + ], + "type": "object" + }, + "type": { + "description": "The import type. Can be `microservice` or `monolith`.", + "enum": [ + "microservice", + "monolith" + ], + "type": "string" + } + }, + "required": [ + "databases", + "source", + "type" + ], + "type": "object" + }, + "locale": { + "description": "Sets the default collation order and character classification in the new database.", + "type": "string" + }, + "localeCType": { + "description": "The value to be passed as option `--lc-ctype` for initdb (default:`C`)", + "type": "string" + }, + "localeCollate": { + "description": "The value to be passed as option `--lc-collate` for initdb (default:`C`)", + "type": "string" + }, + "localeProvider": { + "description": "This option sets the locale provider for databases created in the new cluster.\nAvailable from PostgreSQL 16.", + "type": "string" + }, + "options": { + "description": "The list of options that must be passed to initdb when creating the cluster.\nDeprecated: This could lead to inconsistent configurations,\nplease use the explicit provided parameters instead.\nIf defined, explicit values will be ignored.", + "items": { "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "array" + }, + "owner": { + "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", + "type": "string" + }, + "postInitApplicationSQL": { + "description": "List of SQL queries to be executed as a superuser in the application\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", + "items": { "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "type": "array" + }, + "postInitApplicationSQLRefs": { + "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the application database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "properties": { + "configMapRefs": { + "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "items": { + "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "secretRefs": { + "description": "SecretRefs holds a list of references to Secrets", + "items": { + "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "postInitSQL": { + "description": "List of SQL queries to be executed as a superuser in the `postgres`\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", + "items": { + "type": "string" + }, + "type": "array" + }, + "postInitSQLRefs": { + "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the `postgres` database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "properties": { + "configMapRefs": { + "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "items": { + "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "secretRefs": { + "description": "SecretRefs holds a list of references to Secrets", + "items": { + "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "postInitTemplateSQL": { + "description": "List of SQL queries to be executed as a superuser in the `template1`\ndatabase right after the cluster has been created - to be used with extreme care\n(by default empty)", + "items": { + "type": "string" + }, + "type": "array" + }, + "postInitTemplateSQLRefs": { + "description": "List of references to ConfigMaps or Secrets containing SQL files\nto be executed as a superuser in the `template1` database right after\nthe cluster has been created. The references are processed in a specific order:\nfirst, all Secrets are processed, followed by all ConfigMaps.\nWithin each group, the processing order follows the sequence specified\nin their respective arrays.\n(by default empty)", + "properties": { + "configMapRefs": { + "description": "ConfigMapRefs holds a list of references to ConfigMaps", + "items": { + "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "secretRefs": { + "description": "SecretRefs holds a list of references to Secrets", + "items": { + "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "walSegmentSize": { + "description": "The value in megabytes (1 to 1024) to be passed to the `--wal-segsize`\noption for initdb (default: empty, resulting in PostgreSQL default: 16MB)", + "maximum": 1024, + "minimum": 1, + "type": "integer" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "builtinLocale is only available when localeProvider is set to `builtin`", + "rule": "!has(self.builtinLocale) || self.localeProvider == 'builtin'" + }, + { + "message": "icuLocale is only available when localeProvider is set to `icu`", + "rule": "!has(self.icuLocale) || self.localeProvider == 'icu'" + }, + { + "message": "icuRules is only available when localeProvider is set to `icu`", + "rule": "!has(self.icuRules) || self.localeProvider == 'icu'" + } + ] }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "pg_basebackup": { + "description": "Bootstrap the cluster taking a physical backup of another compatible\nPostgreSQL instance", + "properties": { + "database": { + "description": "Name of the database used by the application. Default: `app`.", + "type": "string" + }, + "owner": { + "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", + "type": "string" + }, + "secret": { + "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "source": { + "description": "The name of the server of which we need to take a physical backup", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "recovery": { + "description": "Bootstrap the cluster from a backup", + "properties": { + "backup": { + "description": "The backup object containing the physical base backup from which to\ninitiate the recovery procedure.\nMutually exclusive with `source` and `volumeSnapshots`.", + "properties": { + "endpointCA": { + "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive.", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "database": { + "description": "Name of the database used by the application. Default: `app`.", + "type": "string" + }, + "owner": { + "description": "Name of the owner of the database in the instance to be used\nby applications. Defaults to the value of the `database` key.", + "type": "string" + }, + "recoveryTarget": { + "description": "By default, the recovery process applies all the available\nWAL files in the archive (full recovery). However, you can also\nend the recovery as soon as a consistent state is reached or\nrecover to a point-in-time (PITR) by specifying a `RecoveryTarget` object,\nas expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...).\nMore info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET", + "properties": { + "backupID": { + "description": "The ID of the backup from which to start the recovery process.\nIf empty (default) the operator will automatically detect the backup\nbased on targetTime or targetLSN if specified. Otherwise use the\nlatest available backup in chronological order.", + "type": "string" + }, + "exclusive": { + "description": "Set the target to be exclusive. If omitted, defaults to false, so that\nin Postgres, `recovery_target_inclusive` will be true", + "type": "boolean" + }, + "targetImmediate": { + "description": "End recovery as soon as a consistent state is reached", + "type": "boolean" + }, + "targetLSN": { + "description": "The target LSN (Log Sequence Number)", + "type": "string" + }, + "targetName": { + "description": "The target name (to be previously created\nwith `pg_create_restore_point`)", + "type": "string" + }, + "targetTLI": { + "description": "The target timeline (\"latest\" or a positive integer)", + "type": "string" + }, + "targetTime": { + "description": "The target time as a timestamp in the RFC3339 standard", + "type": "string" + }, + "targetXID": { + "description": "The target transaction ID", + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "description": "Name of the secret containing the initial credentials for the\nowner of the user database. If empty a new secret will be\ncreated from scratch", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "source": { + "description": "The external cluster whose backup we will restore. This is also\nused as the name of the folder under which the backup is stored,\nso it must be set to the name of the source cluster\nMutually exclusive with `backup`.", + "type": "string" + }, + "volumeSnapshots": { + "description": "The static PVC data source(s) from which to initiate the\nrecovery procedure. Currently supporting `VolumeSnapshot`\nand `PersistentVolumeClaim` resources that map an existing\nPVC group, compatible with CloudNativePG, and taken with\na cold backup copy on a fenced Postgres instance (limitation\nwhich will be removed in the future when online backup\nwill be implemented).\nMutually exclusive with `backup`.", + "properties": { + "storage": { + "description": "Configuration of the storage of the instances", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tablespaceStorage": { + "additionalProperties": { + "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "description": "Configuration of the storage for PostgreSQL tablespaces", + "type": "object" + }, + "walStorage": { + "description": "Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "storage" + ], + "type": "object" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "settings": { - "additionalProperties": { - "type": "string" + "certificates": { + "description": "The configuration for the CA and related certificates", + "properties": { + "clientCASecret": { + "description": "The secret containing the Client CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate all the client certificates.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the client certificates,\nused as `ssl_ca_file` of all the instances.
\n- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,\nthis can be omitted.
", + "type": "string" + }, + "replicationTLSSecret": { + "description": "The secret of type kubernetes.io/tls containing the client certificate to authenticate as\nthe `streaming_replica` user.\nIf not defined, ClientCASecret must provide also `ca.key`, and a new secret will be\ncreated using the provided CA.", + "type": "string" + }, + "serverAltDNSNames": { + "description": "The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serverCASecret": { + "description": "The secret containing the Server CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the server certificate,\nused as `sslrootcert` in client connection strings.
\n- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,\nthis can be omitted.
", + "type": "string" + }, + "serverTLSSecret": { + "description": "The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as\n`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.\nIf not defined, ServerCASecret must provide also `ca.key` and a new secret will be\ncreated using the provided CA.", + "type": "string" + } }, - "description": "settings defines key value pairs to be passed to all calls\nto all supported RuntimeExtensions.\nNote: Settings can be overridden on the ClusterClass.", "type": "object" - } - }, - "required": [ - "clientConfig" - ], - "type": "object" - }, - "status": { - "description": "ExtensionConfigStatus is the current state of the ExtensionConfig", - "properties": { - "conditions": { - "description": "conditions define the current service state of the ExtensionConfig.", + }, + "description": { + "description": "Description of this PostgreSQL cluster", + "type": "string" + }, + "enablePDB": { + "default": true, + "description": "Manage the `PodDisruptionBudget` resources within the cluster. When\nconfigured as `true` (default setting), the pod disruption budgets\nwill safeguard the primary node from being terminated. Conversely,\nsetting it to `false` will result in the absence of any\n`PodDisruptionBudget` resource, permitting the shutdown of all nodes\nhosting the PostgreSQL cluster. This latter configuration is\nadvisable for any PostgreSQL cluster employed for\ndevelopment/staging purposes.", + "type": "boolean" + }, + "enableSuperuserAccess": { + "default": false, + "description": "When this option is enabled, the operator will use the `SuperuserSecret`\nto update the `postgres` user password (if the secret is\nnot present, the operator will automatically create one). When this\noption is disabled, the operator will ignore the `SuperuserSecret` content, delete\nit when automatically created, and then blank the password of the `postgres`\nuser by setting it to `NULL`. Disabled by default.", + "type": "boolean" + }, + "env": { + "description": "Env follows the Env format to pass environment variables\nto the pods created in the cluster", "items": { - "description": "Condition defines an observation of a Cluster API resource operational state.", + "description": "EnvVar represents an environment variable present in a Container.", "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "A human readable message indicating details about the transition.\nThis field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string" + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" } }, "required": [ - "lastTransitionTime", - "status", - "type" + "name" ], "type": "object" }, "type": "array" }, - "handlers": { - "description": "handlers defines the current ExtensionHandlers supported by an Extension.", + "envFrom": { + "description": "EnvFrom follows the EnvFrom format to pass environment variables\nsources to the pods to be used by Env", "items": { - "description": "ExtensionHandler specifies the details of a handler for a particular runtime hook registered by an Extension server.", + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", "properties": { - "failurePolicy": { - "description": "failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client.\nDefaults to Fail if not set.", - "type": "string" + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "name is the unique name of the ExtensionHandler.", + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", "type": "string" }, - "requestHook": { - "description": "requestHook defines the versioned runtime hook which this ExtensionHandler serves.", + "secretRef": { + "description": "The Secret to select from", "properties": { - "apiVersion": { - "description": "apiVersion is the group and version of the Hook.", + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "hook": { - "description": "hook is the name of the hook.", - "type": "string" + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" } }, - "required": [ - "apiVersion", - "hook" - ], - "type": "object" - }, - "timeoutSeconds": { - "description": "timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler.\nDefaults to 10 is not set.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name", - "requestHook" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "runtime.cluster.x-k8s.io", - "kind": "ExtensionConfig", - "version": "v1alpha1" - } - ] - }, - "runtime.cluster.x-k8s.io/v1alpha1/ExtensionConfigList": { - "description": "ExtensionConfigList is a list of ExtensionConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of extensionconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.x-k8s.cluster.runtime.v1alpha1.ExtensionConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "runtime.cluster.x-k8s.io", - "kind": "ExtensionConfigList", - "version": "v1alpha1" - } - ] - }, - "samples.operator.openshift.io/v1/Config": { - "description": "Config contains the configuration and detailed condition status for the Samples Operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", - "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", - "items": { - "type": "string" - }, - "type": "array" - }, - "managementState": { - "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", - "type": "string" - }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "items": { - "type": "string" - }, - "type": "array" - }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "status": { - "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", - "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", - "items": { - "type": "string" - }, "type": "array" }, - "conditions": { - "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", - "items": { - "description": "ConfigCondition captures various conditions of the Config as entries are processed.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", - "format": "date-time", - "type": "string" - }, - "lastUpdateTime": { - "description": "lastUpdateTime is the last time this condition was updated.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "reason is what caused the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string" + "ephemeralVolumeSource": { + "description": "EphemeralVolumeSource allows the user to configure the source of ephemeral volumes.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "properties": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } }, - "type": { - "description": "type of condition.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "managementState": { - "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", - "pattern": "^(Managed|Unmanaged|Force|Removed)$", - "type": "string" - }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", - "type": "string" - }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "items": { - "type": "string" + "required": [ + "spec" + ], + "type": "object" + } }, - "type": "array" + "type": "object" }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "items": { - "type": "string" + "ephemeralVolumesSizeLimit": { + "description": "EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral\nvolumes", + "properties": { + "shm": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Shm is the size limit of the shared memory volume", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "temporaryData": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "TemporaryData is the size limit of the temporary data volume", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } }, - "type": "array" - }, - "version": { - "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "samples.operator.openshift.io", - "kind": "Config", - "version": "v1" - } - ] - }, - "samples.operator.openshift.io/v1/ConfigList": { - "description": "ConfigList is a list of Config", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.operator.samples.v1.Config" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "samples.operator.openshift.io", - "kind": "ConfigList", - "version": "v1" - } - ] - }, - "scheduling.k8s.io/v1/PriorityClass": { - "description": "PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "description": { - "description": "description is an arbitrary string that usually provides guidelines on when this priority class should be used.", - "type": "string" - }, - "globalDefault": { - "description": "globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "preemptionPolicy": { - "description": "preemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", - "enum": [ - "Never", - "PreemptLowerPriority" - ], - "type": "string" - }, - "value": { - "default": 0, - "description": "value represents the integer value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "value" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "scheduling.k8s.io", - "kind": "PriorityClass", - "version": "v1" - } - ] - }, - "scheduling.k8s.io/v1/PriorityClassList": { - "description": "PriorityClassList is a collection of priority classes.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of PriorityClasses", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.scheduling.v1.PriorityClass" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "scheduling.k8s.io", - "kind": "PriorityClassList", - "version": "v1" - } - ] - }, - "security.internal.openshift.io/v1/RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\nThis is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap\nwith each bit set to one to represent a range is taken.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "range": { - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "type": "string" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.internal.openshift.io", - "kind": "RangeAllocation", - "version": "v1" - } - ] - }, - "security.internal.openshift.io/v1/RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocation", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of rangeallocations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.internal.security.v1.RangeAllocation" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.internal.openshift.io", - "kind": "RangeAllocationList", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/PodSecurityPolicyReview": { - "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" - } - ], - "default": {}, - "description": "spec is the PodSecurityPolicy to check." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" - } - ], - "default": {}, - "description": "status represents the current information/status for the PodSecurityPolicyReview." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "PodSecurityPolicyReview", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/PodSecurityPolicySelfSubjectReview": { - "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" - } - ], - "default": {}, - "description": "spec defines specification the PodSecurityPolicySelfSubjectReview." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" - } - ], - "default": {}, - "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "PodSecurityPolicySelfSubjectReview", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/PodSecurityPolicySubjectReview": { - "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" - } - ], - "default": {}, - "description": "spec defines specification for the PodSecurityPolicySubjectReview." - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" - } - ], - "default": {}, - "description": "status represents the current information/status for the PodSecurityPolicySubjectReview." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "PodSecurityPolicySubjectReview", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", - "format": "byte", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "range": { - "default": "", - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "type": "string" - } - }, - "required": [ - "range", - "data" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "RangeAllocation", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of RangeAllocations.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.RangeAllocation" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "RangeAllocationList", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/SecurityContextConstraints": { - "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext\nthat will be applied to a container.\nFor historical reasons SCC was exposed under the core Kubernetes API group.\nThat exposure is deprecated and will be removed in a future release - users\nshould instead use the security.openshift.io group to manage\nSecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, - "properties": { - "allowHostDirVolumePlugin": { - "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", - "type": "boolean" - }, - "allowHostIPC": { - "description": "allowHostIPC determines if the policy allows host ipc in the containers.", - "type": "boolean" - }, - "allowHostNetwork": { - "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", - "type": "boolean" - }, - "allowHostPID": { - "description": "allowHostPID determines if the policy allows host pid in the containers.", - "type": "boolean" - }, - "allowHostPorts": { - "description": "allowHostPorts determines if the policy allows host ports in the containers.", - "type": "boolean" - }, - "allowPrivilegeEscalation": { - "description": "allowPrivilegeEscalation determines if a pod can request to allow\nprivilege escalation. If unspecified, defaults to true.", - "nullable": true, - "type": "boolean" - }, - "allowPrivilegedContainer": { - "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", - "type": "boolean" - }, - "allowedCapabilities": { - "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container.\nCapabilities in this field maybe added at the pod author's discretion.\nYou must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.\nTo allow all capabilities you may use '*'.", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allowedFlexVolumes": { - "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all\nFlexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes\nis allowed in the \"Volumes\" field.", - "items": { - "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", - "properties": { - "driver": { - "description": "driver is the name of the Flexvolume driver.", - "type": "string" - } + "type": "object" }, - "required": [ - "driver" - ], - "type": "object" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "allowedUnsafeSysctls": { - "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.\nEach entry is either a plain sysctl name or ends in \"*\" in which case it is considered\nas a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.\nKubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples:\ne.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc.\ne.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "defaultAddCapabilities": { - "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container\nunless the pod spec specifically drops the capability. You may not list a capabiility in both\nDefaultAddCapabilities and RequiredDropCapabilities.", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "defaultAllowPrivilegeEscalation": { - "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a\nprocess can gain more privileges than its parent process.", - "nullable": true, - "type": "boolean" - }, - "forbiddenSysctls": { - "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.\nEach entry is either a plain sysctl name or ends in \"*\" in which case it is considered\nas a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples:\ne.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc.\ne.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "fsGroup": { - "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", - "nullable": true, - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of fs groups. If you would like to force a single\nfs group then supply a single range with the same start and end.", + "externalClusters": { + "description": "The list of external clusters which are used in the configuration", "items": { - "description": "IDRange provides a min/max of an allowed range of IDs.", + "description": "ExternalCluster represents the connection parameters to an\nexternal cluster which is used in the other sections of the configuration", "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "format": "int64", - "type": "integer" + "barmanObjectStore": { + "description": "The configuration for the barman-cloud tool suite", + "properties": { + "azureCredentials": { + "description": "The credentials to use to upload data to Azure Blob Storage", + "properties": { + "connectionString": { + "description": "The connection string to be used", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromAzureAD": { + "description": "Use the Azure AD based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "storageAccount": { + "description": "The storage account where to upload data", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "storageKey": { + "description": "The storage account key to be used in conjunction\nwith the storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "storageSasToken": { + "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "data": { + "description": "The configuration to be used to backup the data files\nWhen not defined, base backups files will be stored uncompressed and may\nbe unencrypted in the object store, according to the bucket default\npolicy.", + "properties": { + "additionalCommandArgs": { + "description": "AdditionalCommandArgs represents additional arguments that can be appended\nto the 'barman-cloud-backup' command-line invocation. These arguments\nprovide flexibility to customize the backup process further according to\nspecific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-backup' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "compression": { + "description": "Compress a backup file (a tar file per tablespace) while streaming it\nto the object store. Available options are empty string (no\ncompression, default), `gzip`, `bzip2`, and `snappy`.", + "enum": [ + "bzip2", + "gzip", + "snappy" + ], + "type": "string" + }, + "encryption": { + "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + }, + "immediateCheckpoint": { + "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", + "type": "boolean" + }, + "jobs": { + "description": "The number of parallel jobs to be used to upload the backup, defaults\nto 2", + "format": "int32", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "destinationPath": { + "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data", + "minLength": 1, + "type": "string" + }, + "endpointCA": { + "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "endpointURL": { + "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", + "type": "string" + }, + "googleCredentials": { + "description": "The credentials to use to upload data to Google Cloud Storage", + "properties": { + "applicationCredentials": { + "description": "The secret containing the Google Cloud Storage JSON file with the credentials", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "gkeEnvironment": { + "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "historyTags": { + "additionalProperties": { + "type": "string" + }, + "description": "HistoryTags is a list of key value pairs that will be passed to the\nBarman --history-tags option.", + "type": "object" + }, + "s3Credentials": { + "description": "The credentials to use to upload data to S3", + "properties": { + "accessKeyId": { + "description": "The reference to the access key id", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "inheritFromIAMRole": { + "description": "Use the role based authentication without providing explicitly the keys.", + "type": "boolean" + }, + "region": { + "description": "The reference to the secret containing the region name", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "secretAccessKey": { + "description": "The reference to the secret access key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "sessionToken": { + "description": "The references to the session key", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "serverName": { + "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "Tags is a list of key value pairs that will be passed to the\nBarman --tags option.", + "type": "object" + }, + "wal": { + "description": "The configuration for the backup of the WAL stream.\nWhen not defined, WAL files will be stored uncompressed and may be\nunencrypted in the object store, according to the bucket default policy.", + "properties": { + "archiveAdditionalCommandArgs": { + "description": "Additional arguments that can be appended to the 'barman-cloud-wal-archive'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL archive process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "compression": { + "description": "Compress a WAL file before sending it to the object store. Available\noptions are empty string (no compression, default), `gzip`, `bzip2`,\n`lz4`, `snappy`, `xz`, and `zstd`.", + "enum": [ + "bzip2", + "gzip", + "lz4", + "snappy", + "xz", + "zstd" + ], + "type": "string" + }, + "encryption": { + "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", + "enum": [ + "AES256", + "aws:kms" + ], + "type": "string" + }, + "maxParallel": { + "description": "Number of WAL files to be either archived in parallel (when the\nPostgreSQL instance is archiving to a backup object store) or\nrestored in parallel (when a PostgreSQL standby is fetching WAL\nfiles from a recovery object store). If not specified, WAL files\nwill be processed one at a time. It accepts a positive integer as a\nvalue - with 1 being the minimum accepted value.", + "minimum": 1, + "type": "integer" + }, + "restoreAdditionalCommandArgs": { + "description": "Additional arguments that can be appended to the 'barman-cloud-wal-restore'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL restore process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended\nbehavior during execution.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destinationPath" + ], + "type": "object" }, - "min": { - "description": "min is the start of the range, inclusive.", - "format": "int64", - "type": "integer" + "connectionParameters": { + "additionalProperties": { + "type": "string" + }, + "description": "The list of connection parameters, such as dbname, host, username, etc", + "type": "object" + }, + "name": { + "description": "The server name, required", + "type": "string" + }, + "password": { + "description": "The reference to the password to be used to connect to the server.\nIf a password is provided, CloudNativePG creates a PostgreSQL\npassfile at `/controller/external/NAME/pass` (where \"NAME\" is the\ncluster's name). This passfile is automatically referenced in the\nconnection string when establishing a connection to the remote\nPostgreSQL server from the current PostgreSQL `Cluster`. This ensures\nsecure and efficient password management for external clusters.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "plugin": { + "description": "The configuration of the plugin that is taking care\nof WAL archiving and backups for this external cluster", + "properties": { + "enabled": { + "default": true, + "description": "Enabled is true if this plugin will be used", + "type": "boolean" + }, + "isWALArchiver": { + "default": false, + "description": "Only one plugin can be declared as WALArchiver.\nCannot be active if \".spec.backup.barmanObjectStore\" configuration is present.", + "type": "boolean" + }, + "name": { + "description": "Name is the plugin name", + "type": "string" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is the configuration of the plugin", + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "sslCert": { + "description": "The reference to an SSL certificate to be used to connect to this\ninstance", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslKey": { + "description": "The reference to an SSL private key to be used to connect to this\ninstance", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslRootCert": { + "description": "The reference to an SSL CA public key to be used to connect to this\ninstance", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, + "required": [ + "name" + ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "type": { - "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", - "type": "string" - } - }, - "type": "object" - }, - "groups": { - "description": "The groups that have permission to use this security context constraints", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "priority": { - "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for\na given pod request based on access in the Users and Groups fields. The higher the int, the\nhigher priority. An unset value is considered a 0 priority. If scores\nfor multiple SCCs are equal they will be sorted from most restrictive to\nleast restrictive. If both priorities and restrictions are equal the\nSCCs will be sorted by name.", - "format": "int32", - "nullable": true, - "type": "integer" - }, - "readOnlyRootFilesystem": { - "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file\nsystem. If the container specifically requests to run with a non-read only root file system\nthe SCC should deny the pod.\nIf set to false the container may run with a read only root file system if it wishes but it\nwill not be forced to.", - "type": "boolean" - }, - "requiredDropCapabilities": { - "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These\nare required to be dropped and cannot be added.", - "items": { - "description": "Capability represent POSIX capabilities type", - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "runAsUser": { - "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", - "nullable": true, - "properties": { - "type": { - "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", - "type": "string" - }, - "uid": { - "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using\nnamespace/service account allocated uids.", - "format": "int64", - "type": "integer" + "type": "array" }, - "uidRangeMax": { - "description": "uidRangeMax defines the max value for a strategy that allocates by range.", - "format": "int64", + "failoverDelay": { + "default": 0, + "description": "The amount of time (in seconds) to wait before triggering a failover\nafter the primary PostgreSQL instance in the cluster was detected\nto be unhealthy", + "format": "int32", "type": "integer" }, - "uidRangeMin": { - "description": "uidRangeMin defines the min value for a strategy that allocates by range.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "seLinuxContext": { - "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", - "nullable": true, - "properties": { - "seLinuxOptions": { - "description": "seLinuxOptions required to run as; required for MustRunAs", + "imageCatalogRef": { + "description": "Defines the major PostgreSQL version we want to use within an ImageCatalog", "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" + "major": { + "description": "The major version of PostgreSQL we want to use from the ImageCatalog", + "type": "integer" }, - "user": { - "description": "User is a SELinux user label that applies to the container.", + "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, - "type": "object" + "required": [ + "kind", + "major", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "Only image catalogs are supported", + "rule": "self.kind == 'ImageCatalog' || self.kind == 'ClusterImageCatalog'" + }, + { + "message": "Only image catalogs are supported", + "rule": "self.apiGroup == 'postgresql.cnpg.noobaa.io'" + } + ] }, - "type": { - "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", + "imageName": { + "description": "Name of the container image, supporting both tags (`:`)\nand digests for deterministic and repeatable deployments\n(`:@sha256:`)", "type": "string" - } - }, - "type": "object" - }, - "seccompProfiles": { - "description": "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or empty value means that no profiles may\nbe specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default.", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroups": { - "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", - "nullable": true, - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single\nsupplemental group then supply a single range with the same start and end.", + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of `Always`, `Never` or `IfNotPresent`.\nIf not defined, it defaults to `IfNotPresent`.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecrets": { + "description": "The list of pull secrets to be used to pull the images", "items": { - "description": "IDRange provides a min/max of an allowed range of IDs.", + "description": "LocalObjectReference contains enough information to let you locate a\nlocal object with a known type inside the same namespace", "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "format": "int64", - "type": "integer" - }, - "min": { - "description": "min is the start of the range, inclusive.", - "format": "int64", - "type": "integer" + "name": { + "description": "Name of the referent.", + "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "type": { - "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", + "inheritedMetadata": { + "description": "Metadata that will be inherited by all objects related to the Cluster", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "instances": { + "default": 1, + "description": "Number of instances required in the cluster", + "minimum": 1, + "type": "integer" + }, + "livenessProbeTimeout": { + "description": "LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance\nto successfully respond to the liveness probe (default 30).\nThe Liveness probe failure threshold is derived from this value using the formula:\nceiling(livenessProbe / 10).", + "format": "int32", + "type": "integer" + }, + "logLevel": { + "default": "info", + "description": "The instances' log level, one of the following values: error, warning, info (default), debug, trace", + "enum": [ + "error", + "warning", + "info", + "debug", + "trace" + ], "type": "string" - } - }, - "type": "object" - }, - "userNamespaceLevel": { - "default": "AllowHostLevel", - "description": "userNamespaceLevel determines if the policy allows host users in containers.\nValid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted.\nWhen \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`.\nWhen \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`.\nWhen omitted, the default value is \"AllowHostLevel\".", - "enum": [ - "AllowHostLevel", - "RequirePodLevel" - ], - "type": "string" - }, - "users": { - "description": "The users who have permissions to use this security context constraints", - "items": { - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "volumes": { - "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names\nof a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\".\nTo allow no volumes, set to [\"none\"].", - "items": { - "description": "FS Type gives strong typing to different file systems that are used by volumes.", - "type": "string" - }, - "nullable": true, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "allowHostDirVolumePlugin", - "allowHostIPC", - "allowHostNetwork", - "allowHostPID", - "allowHostPorts", - "allowPrivilegedContainer", - "allowedCapabilities", - "defaultAddCapabilities", - "priority", - "readOnlyRootFilesystem", - "requiredDropCapabilities", - "volumes" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "SecurityContextConstraints", - "version": "v1" - } - ] - }, - "security.openshift.io/v1/SecurityContextConstraintsList": { - "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of securitycontextconstraints. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.security.v1.SecurityContextConstraints" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "security.openshift.io", - "kind": "SecurityContextConstraintsList", - "version": "v1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineRestore": { - "description": "VirtualMachineRestore defines the operation of restoring a VM", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineRestoreSpec is the spec for a VirtualMachineRestore resource", - "properties": { - "patches": { - "description": "If the target for the restore does not exist, it will be created. Patches holds JSON patches that would be\napplied to the target manifest before it's created. Patches should fit the target's Kind.\n\nExample for a patch: {\"op\": \"replace\", \"path\": \"/metadata/name\", \"value\": \"new-vm-name\"}", - "items": { - "type": "string" + }, + "managed": { + "description": "The configuration that is used by the portions of PostgreSQL that are managed by the instance manager", + "properties": { + "roles": { + "description": "Database roles managed by the `Cluster`", + "items": { + "description": "RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role\nwith the additional field Ensure specifying whether to ensure the presence or\nabsence of the role in the database\n\nThe defaults of the CREATE ROLE command are applied\nReference: https://www.postgresql.org/docs/current/sql-createrole.html", + "properties": { + "bypassrls": { + "description": "Whether a role bypasses every row-level security (RLS) policy.\nDefault is `false`.", + "type": "boolean" + }, + "comment": { + "description": "Description of the role", + "type": "string" + }, + "connectionLimit": { + "default": -1, + "description": "If the role can log in, this specifies how many concurrent\nconnections the role can make. `-1` (the default) means no limit.", + "format": "int64", + "type": "integer" + }, + "createdb": { + "description": "When set to `true`, the role being defined will be allowed to create\nnew databases. Specifying `false` (default) will deny a role the\nability to create databases.", + "type": "boolean" + }, + "createrole": { + "description": "Whether the role will be permitted to create, alter, drop, comment\non, change the security label for, and grant or revoke membership in\nother roles. Default is `false`.", + "type": "boolean" + }, + "disablePassword": { + "description": "DisablePassword indicates that a role's password should be set to NULL in Postgres", + "type": "boolean" + }, + "ensure": { + "default": "present", + "description": "Ensure the role is `present` or `absent` - defaults to \"present\"", + "enum": [ + "present", + "absent" + ], + "type": "string" + }, + "inRoles": { + "description": "List of one or more existing roles to which this role will be\nimmediately added as a new member. Default empty.", + "items": { + "type": "string" + }, + "type": "array" + }, + "inherit": { + "default": true, + "description": "Whether a role \"inherits\" the privileges of roles it is a member of.\nDefaults is `true`.", + "type": "boolean" + }, + "login": { + "description": "Whether the role is allowed to log in. A role having the `login`\nattribute can be thought of as a user. Roles without this attribute\nare useful for managing database privileges, but are not users in\nthe usual sense of the word. Default is `false`.", + "type": "boolean" + }, + "name": { + "description": "Name of the role", + "type": "string" + }, + "passwordSecret": { + "description": "Secret containing the password of the role (if present)\nIf null, the password will be ignored unless DisablePassword is set", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "replication": { + "description": "Whether a role is a replication role. A role must have this\nattribute (or be a superuser) in order to be able to connect to the\nserver in replication mode (physical or logical replication) and in\norder to be able to create or drop replication slots. A role having\nthe `replication` attribute is a very highly privileged role, and\nshould only be used on roles actually used for replication. Default\nis `false`.", + "type": "boolean" + }, + "superuser": { + "description": "Whether the role is a `superuser` who can override all access\nrestrictions within the database - superuser status is dangerous and\nshould be used only when really needed. You must yourself be a\nsuperuser to create a new superuser. Defaults is `false`.", + "type": "boolean" + }, + "validUntil": { + "description": "Date and time after which the role's password is no longer valid.\nWhen omitted, the password will never expire (default).", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "services": { + "description": "Services roles managed by the `Cluster`", + "properties": { + "additional": { + "description": "Additional is a list of additional managed services specified by the user.", + "items": { + "description": "ManagedService represents a specific service managed by the cluster.\nIt includes the type of service and its associated template specification.", + "properties": { + "selectorType": { + "description": "SelectorType specifies the type of selectors that the service will have.\nValid values are \"rw\", \"r\", and \"ro\", representing read-write, read, and read-only services.", + "enum": [ + "rw", + "r", + "ro" + ], + "type": "string" + }, + "serviceTemplate": { + "description": "ServiceTemplate is the template specification for the service.", + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "The name of the resource. Only supported for certain types", + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "Specification of the desired behavior of the service.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type.", + "type": "boolean" + }, + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node.", + "type": "string" + }, + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set.", + "format": "int32", + "type": "integer" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features).", + "type": "string" + }, + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field.", + "items": { + "description": "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName.", + "type": "string" + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ports": { + "description": "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "description": "ServicePort contains information on service's port.", + "properties": { + "appProtocol": { + "description": "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "format": "int32", + "type": "integer" + }, + "port": { + "description": "The port that will be exposed by this service.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP.", + "type": "string" + }, + "targetPort": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "additionalProperties": { + "type": "string" + }, + "description": "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "sessionAffinityConfig": { + "description": "sessionAffinityConfig contains the configurations of session affinity.", + "properties": { + "clientIP": { + "description": "clientIP contains the configurations of Client IP based session affinity.", + "properties": { + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours).", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic\nis distributed to Service endpoints. Implementations can use this field\nas a hint, but are not required to guarantee strict adherence. If the\nfield is not set, the implementation will apply its default routing\nstrategy. If set to \"PreferClose\", implementations should prioritize\nendpoints that are in the same zone.", + "type": "string" + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "updateStrategy": { + "default": "patch", + "description": "UpdateStrategy describes how the service differences should be reconciled", + "enum": [ + "patch", + "replace" + ], + "type": "string" + } + }, + "required": [ + "selectorType", + "serviceTemplate" + ], + "type": "object" + }, + "type": "array" + }, + "disabledDefaultServices": { + "description": "DisabledDefaultServices is a list of service types that are disabled by default.\nValid values are \"r\", and \"ro\", representing read, and read-only services.", + "items": { + "description": "ServiceSelectorType describes a valid value for generating the service selectors.\nIt indicates which type of service the selector applies to, such as read-write, read, or read-only", + "enum": [ + "rw", + "r", + "ro" + ], + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "maxSyncReplicas": { + "default": 0, + "description": "The target value for the synchronous replication quorum, that can be\ndecreased if the number of ready standbys is lower than this.\nUndefined or 0 disable synchronous replication.", + "minimum": 0, + "type": "integer" + }, + "minSyncReplicas": { + "default": 0, + "description": "Minimum number of instances required in synchronous replication with the\nprimary. Undefined or 0 allow writes to complete when no standby is\navailable.", + "minimum": 0, + "type": "integer" + }, + "monitoring": { + "description": "The configuration of the monitoring infrastructure of this cluster", + "properties": { + "customQueriesConfigMap": { + "description": "The list of config maps containing the custom queries", + "items": { + "description": "ConfigMapKeySelector contains enough information to let you locate\nthe key of a ConfigMap", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "customQueriesSecret": { + "description": "The list of secrets containing the custom queries", + "items": { + "description": "SecretKeySelector contains enough information to let you locate\nthe key of a Secret", + "properties": { + "key": { + "description": "The key to select", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "disableDefaultQueries": { + "default": false, + "description": "Whether the default queries should be injected.\nSet it to `true` if you don't want to inject default queries into the cluster.\nDefault: false.", + "type": "boolean" + }, + "enablePodMonitor": { + "default": false, + "description": "Enable or disable the `PodMonitor`", + "type": "boolean" + }, + "podMonitorMetricRelabelings": { + "description": "The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "podMonitorRelabelings": { + "description": "The list of relabelings for the `PodMonitor`. Applied to samples before scraping.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "tls": { + "description": "Configure TLS communication for the metrics endpoint.\nChanging tls.enabled option will force a rollout of all instances.", + "properties": { + "enabled": { + "default": false, + "description": "Enable TLS for the monitoring endpoint.\nChanging this option will force a rollout of all instances.", + "type": "boolean" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "target": { - "description": "initially only VirtualMachine type supported", + "nodeMaintenanceWindow": { + "description": "Define a maintenance window for the Kubernetes nodes", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "inProgress": { + "default": false, + "description": "Is there a node maintenance activity in progress?", + "type": "boolean" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "reusePVC": { + "default": true, + "description": "Reuse the existing PVC (wait for the node to come\nup again) or not (recreate it elsewhere - when `instances` >1)", + "type": "boolean" } }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetReadinessPolicy": { - "description": "TargetReadinessPolicy defines how to handle the restore in case\nthe target is not ready", - "type": "string" - }, - "virtualMachineSnapshotName": { - "type": "string" + "type": "object" }, - "volumeRestoreOverrides": { - "description": "VolumeRestoreOverrides gives the option to change properties of each restored volume\nFor example, specifying the name of the restored volume, or adding labels/annotations to it", + "plugins": { + "description": "The plugins configuration, containing\nany plugin to be loaded with the corresponding configuration", "items": { - "description": "VolumeRestoreOverride specifies how a volume should be restored from a VirtualMachineSnapshot", + "description": "PluginConfiguration specifies a plugin that need to be loaded for this\ncluster to be reconciled", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "enabled": { + "default": true, + "description": "Enabled is true if this plugin will be used", + "type": "boolean" }, - "labels": { + "isWALArchiver": { + "default": false, + "description": "Only one plugin can be declared as WALArchiver.\nCannot be active if \".spec.backup.barmanObjectStore\" configuration is present.", + "type": "boolean" + }, + "name": { + "description": "Name is the plugin name", + "type": "string" + }, + "parameters": { "additionalProperties": { "type": "string" }, + "description": "Parameters is the configuration of the plugin", "type": "object" - }, - "restoreName": { - "type": "string" - }, - "volumeName": { - "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" }, - "volumeRestorePolicy": { - "description": "VolumeRestorePolicy defines how to handle the restore of snapshotted volumes", - "type": "string" - } - }, - "required": [ - "target", - "virtualMachineSnapshotName" - ], - "type": "object" - }, - "status": { - "description": "VirtualMachineRestoreStatus is the status for a VirtualMachineRestore resource", - "properties": { - "complete": { - "type": "boolean" + "postgresGID": { + "default": 26, + "description": "The GID of the `postgres` user inside the image, defaults to `26`", + "format": "int64", + "type": "integer" }, - "conditions": { - "items": { - "description": "Condition defines conditions", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" + "postgresUID": { + "default": 26, + "description": "The UID of the `postgres` user inside the image, defaults to `26`", + "format": "int64", + "type": "integer" + }, + "postgresql": { + "description": "Configuration of the PostgreSQL server", + "properties": { + "enableAlterSystem": { + "description": "If this parameter is true, the user will be able to invoke `ALTER SYSTEM`\non this CloudNativePG Cluster.\nThis should only be used for debugging and troubleshooting.\nDefaults to false.", + "type": "boolean" + }, + "extensions": { + "description": "The configuration of the extensions to be added", + "items": { + "description": "ExtensionConfiguration is the configuration used to add\nPostgreSQL extensions to the Cluster.", + "properties": { + "dynamic_library_path": { + "description": "The list of directories inside the image which should be added to dynamic_library_path.\nIf not defined, defaults to \"/lib\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "extension_control_path": { + "description": "The list of directories inside the image which should be added to extension_control_path.\nIf not defined, defaults to \"/share\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "image": { + "description": "The image containing the extension, required", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "An image reference is required", + "rule": "has(self.reference)" + } + ] + }, + "ld_library_path": { + "description": "The list of directories inside the image which should be added to ld_library_path.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the extension, required", + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "image", + "name" + ], + "type": "object" }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" + "type": "array" + }, + "ldap": { + "description": "Options to specify LDAP configuration", + "properties": { + "bindAsAuth": { + "description": "Bind as authentication configuration", + "properties": { + "prefix": { + "description": "Prefix for the bind authentication option", + "type": "string" + }, + "suffix": { + "description": "Suffix for the bind authentication option", + "type": "string" + } + }, + "type": "object" + }, + "bindSearchAuth": { + "description": "Bind+Search authentication configuration", + "properties": { + "baseDN": { + "description": "Root DN to begin the user search", + "type": "string" + }, + "bindDN": { + "description": "DN of the user to bind to the directory", + "type": "string" + }, + "bindPassword": { + "description": "Secret with the password for the user to bind to the directory", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "searchAttribute": { + "description": "Attribute to match against the username", + "type": "string" + }, + "searchFilter": { + "description": "Search filter to use when doing the search+bind authentication", + "type": "string" + } + }, + "type": "object" + }, + "port": { + "description": "LDAP server port", + "type": "integer" + }, + "scheme": { + "description": "LDAP schema to be used, possible options are `ldap` and `ldaps`", + "enum": [ + "ldap", + "ldaps" + ], + "type": "string" + }, + "server": { + "description": "LDAP hostname or IP address", + "type": "string" + }, + "tls": { + "description": "Set to 'true' to enable LDAP over TLS. 'false' is default", + "type": "boolean" + } }, - "message": { + "type": "object" + }, + "parameters": { + "additionalProperties": { "type": "string" }, - "reason": { + "description": "PostgreSQL configuration options (postgresql.conf)", + "type": "object" + }, + "pg_hba": { + "description": "PostgreSQL Host Based Authentication rules (lines to be appended\nto the pg_hba.conf file)", + "items": { "type": "string" }, - "status": { + "type": "array" + }, + "pg_ident": { + "description": "PostgreSQL User Name Maps rules (lines to be appended\nto the pg_ident.conf file)", + "items": { "type": "string" }, - "type": { - "description": "ConditionType is the const type for Conditions", + "type": "array" + }, + "promotionTimeout": { + "description": "Specifies the maximum number of seconds to wait when promoting an instance to primary.\nDefault value is 40000000, greater than one year in seconds,\nbig enough to simulate an infinite timeout", + "format": "int32", + "type": "integer" + }, + "shared_preload_libraries": { + "description": "Lists of shared preload libraries to add to the default ones", + "items": { "type": "string" - } + }, + "type": "array" }, - "required": [ - "status", - "type" - ], - "type": "object" + "syncReplicaElectionConstraint": { + "description": "Requirements to be met by sync replicas. This will affect how the \"synchronous_standby_names\" parameter will be\nset up.", + "properties": { + "enabled": { + "description": "This flag enables the constraints for sync replicas", + "type": "boolean" + }, + "nodeLabelsAntiAffinity": { + "description": "A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "synchronous": { + "description": "Configuration of the PostgreSQL synchronous replication feature", + "properties": { + "dataDurability": { + "description": "If set to \"required\", data durability is strictly enforced. Write operations\nwith synchronous commit settings (`on`, `remote_write`, or `remote_apply`) will\nblock if there are insufficient healthy replicas, ensuring data persistence.\nIf set to \"preferred\", data durability is maintained when healthy replicas\nare available, but the required number of instances will adjust dynamically\nif replicas become unavailable. This setting relaxes strict durability enforcement\nto allow for operational continuity. This setting is only applicable if both\n`standbyNamesPre` and `standbyNamesPost` are unset (empty).", + "enum": [ + "required", + "preferred" + ], + "type": "string" + }, + "maxStandbyNamesFromCluster": { + "description": "Specifies the maximum number of local cluster pods that can be\nautomatically included in the `synchronous_standby_names` option in\nPostgreSQL.", + "type": "integer" + }, + "method": { + "description": "Method to select synchronous replication standbys from the listed\nservers, accepting 'any' (quorum-based synchronous replication) or\n'first' (priority-based synchronous replication) as values.", + "enum": [ + "any", + "first" + ], + "type": "string" + }, + "number": { + "description": "Specifies the number of synchronous standby servers that\ntransactions must wait for responses from.", + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "The number of synchronous replicas should be greater than zero", + "rule": "self > 0" + } + ] + }, + "standbyNamesPost": { + "description": "A user-defined list of application names to be added to\n`synchronous_standby_names` after local cluster pods (the order is\nonly useful for priority-based synchronous replication).", + "items": { + "type": "string" + }, + "type": "array" + }, + "standbyNamesPre": { + "description": "A user-defined list of application names to be added to\n`synchronous_standby_names` before local cluster pods (the order is\nonly useful for priority-based synchronous replication).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "method", + "number" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "dataDurability set to 'preferred' requires empty 'standbyNamesPre' and empty 'standbyNamesPost'", + "rule": "self.dataDurability!='preferred' || ((!has(self.standbyNamesPre) || self.standbyNamesPre.size()==0) && (!has(self.standbyNamesPost) || self.standbyNamesPost.size()==0))" + } + ] + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "deletedDataVolumes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" + "primaryUpdateMethod": { + "default": "restart", + "description": "Method to follow to upgrade the primary server during a rolling\nupdate procedure, after all replicas have been successfully updated:\nit can be with a switchover (`switchover`) or in-place (`restart` - default)", + "enum": [ + "switchover", + "restart" + ], + "type": "string" }, - "restoreTime": { - "format": "date-time", + "primaryUpdateStrategy": { + "default": "unsupervised", + "description": "Deployment strategy to follow to upgrade the primary server during a rolling\nupdate procedure, after all replicas have been successfully updated:\nit can be automated (`unsupervised` - default) or manual (`supervised`)", + "enum": [ + "unsupervised", + "supervised" + ], "type": "string" }, - "restores": { - "items": { - "description": "VolumeRestore contains the data needed to restore a PVC", - "properties": { - "dataVolumeName": { - "type": "string" - }, - "persistentVolumeClaim": { - "type": "string" + "priorityClassName": { + "description": "Name of the priority class which will be used in every generated Pod, if the PriorityClass\nspecified does not exist, the pod will not be able to schedule. Please refer to\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass\nfor more information", + "type": "string" + }, + "probes": { + "description": "The configuration of the probes to be injected\nin the PostgreSQL Pods.", + "properties": { + "liveness": { + "description": "The liveness probe configuration", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "isolationCheck": { + "description": "Configure the feature that extends the liveness probe for a primary\ninstance. In addition to the basic checks, this verifies whether the\nprimary is isolated from the Kubernetes API server and from its\nreplicas, ensuring that it can be safely shut down if network\npartition or API unavailability is detected. Enabled by default.", + "properties": { + "connectionTimeout": { + "default": 1000, + "description": "Timeout in milliseconds for connections during the primary isolation check", + "type": "integer" + }, + "enabled": { + "default": true, + "description": "Whether primary isolation checking is enabled for the liveness probe", + "type": "boolean" + }, + "requestTimeout": { + "default": 1000, + "description": "Timeout in milliseconds for requests during the primary isolation check", + "type": "integer" + } + }, + "type": "object" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "volumeName": { - "type": "string" + "type": "object" + }, + "readiness": { + "description": "The readiness probe configuration", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "maximumLag": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Lag limit. Used only for `streaming` strategy", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "type": { + "description": "The probe strategy", + "enum": [ + "pg_isready", + "streaming", + "query" + ], + "type": "string" + } }, - "volumeSnapshotName": { - "type": "string" - } + "type": "object" }, - "required": [ - "persistentVolumeClaim", - "volumeName", - "volumeSnapshotName" - ], - "type": "object" + "startup": { + "description": "The startup probe configuration", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "maximumLag": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Lag limit. Used only for `streaming` strategy", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "type": { + "description": "The probe strategy", + "enum": [ + "pg_isready", + "streaming", + "query" + ], + "type": "string" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineRestore", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineRestoreList": { - "description": "VirtualMachineRestoreList is a list of VirtualMachineRestore", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachinerestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineRestore" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineRestoreList", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshot": { - "description": "VirtualMachineSnapshot defines the operation of snapshotting a VM", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineSnapshotSpec is the spec for a VirtualMachineSnapshot resource", - "properties": { - "deletionPolicy": { - "description": "DeletionPolicy defines that to do with VirtualMachineSnapshot\nwhen VirtualMachineSnapshot is deleted", - "type": "string" + "type": "object" }, - "failureDeadline": { - "description": "This time represents the number of seconds we permit the vm snapshot\nto take. In case we pass this deadline we mark this snapshot\nas failed.\nDefaults to DefaultFailureDeadline - 5min", - "type": "string" + "projectedVolumeTemplate": { + "description": "Template to be used to define projected volumes, projected volumes will be mounted\nunder `/projected` base folder", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "description": "secret information about the secret data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "source": { - "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", + "replica": { + "description": "Replica cluster configuration", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "enabled": { + "description": "If replica mode is enabled, this cluster will be a replica of an\nexisting cluster. Replica cluster can be created from a recovery\nobject store or via streaming through pg_basebackup.\nRefer to the Replica clusters page of the documentation for more information.", + "type": "boolean" + }, + "minApplyDelay": { + "description": "When replica mode is enabled, this parameter allows you to replay\ntransactions only when the system time is at least the configured\ntime past the commit time. This provides an opportunity to correct\ndata loss errors. Note that when this parameter is set, a promotion\ntoken cannot be used.", "type": "string" }, - "kind": { - "description": "Kind is the type of resource being referenced", + "primary": { + "description": "Primary defines which Cluster is defined to be the primary in the distributed PostgreSQL cluster, based on the\ntopology specified in externalClusters", "type": "string" }, - "name": { - "description": "Name is the name of resource being referenced", + "promotionToken": { + "description": "A demotion token generated by an external cluster used to\ncheck if the promotion requirements are met.", + "type": "string" + }, + "self": { + "description": "Self defines the name of this cluster. It is used to determine if this is a primary\nor a replica cluster, comparing it with `primary`", + "type": "string" + }, + "source": { + "description": "The name of the external cluster which is the replication origin", + "minLength": 1, "type": "string" } }, "required": [ - "kind", - "name" + "source" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "status": { - "description": "VirtualMachineSnapshotStatus is the status for a VirtualMachineSnapshot resource", - "properties": { - "conditions": { - "items": { - "description": "Condition defines conditions", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" + "type": "object" + }, + "replicationSlots": { + "default": { + "highAvailability": { + "enabled": true + } + }, + "description": "Replication slots management configuration", + "properties": { + "highAvailability": { + "default": { + "enabled": true }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" + "description": "Replication slots for high availability configuration", + "properties": { + "enabled": { + "default": true, + "description": "If enabled (default), the operator will automatically manage replication slots\non the primary instance and use them in streaming replication\nconnections with all the standby instances that are part of the HA\ncluster. If disabled, the operator will not take advantage\nof replication slots in streaming connections with the replicas.\nThis feature also controls replication slots in replica cluster,\nfrom the designated primary to its cascading replicas.", + "type": "boolean" + }, + "slotPrefix": { + "default": "_cnpg_", + "description": "Prefix for replication slots managed by the operator for HA.\nIt may only contain lower case letters, numbers, and the underscore character.\nThis can only be set at creation time. By default set to `_cnpg_`.", + "pattern": "^[0-9a-z_]*$", + "type": "string" + }, + "synchronizeLogicalDecoding": { + "description": "When enabled, the operator automatically manages synchronization of logical\ndecoding (replication) slots across high-availability clusters.\n\nRequires one of the following conditions:\n- PostgreSQL version 17 or later\n- PostgreSQL version < 17 with pg_failover_slots extension enabled", + "type": "boolean" + } }, - "message": { - "type": "string" + "type": "object" + }, + "synchronizeReplicas": { + "description": "Configures the synchronization of the user defined physical replication slots", + "properties": { + "enabled": { + "default": true, + "description": "When set to true, every replication slot that is on the primary is synchronized on each standby", + "type": "boolean" + }, + "excludePatterns": { + "description": "List of regular expression patterns to match the names of replication slots to be excluded (by default empty)", + "items": { + "type": "string" + }, + "type": "array" + } }, - "reason": { - "type": "string" + "required": [ + "enabled" + ], + "type": "object" + }, + "updateInterval": { + "default": 30, + "description": "Standby will update the status of the local replication slots\nevery `updateInterval` seconds (default 30).", + "minimum": 1, + "type": "integer" + } + }, + "type": "object" + }, + "resources": { + "description": "Resources requirements of every generated Pod. Please refer to\nhttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\nfor more information.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "status": { - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": { - "description": "ConditionType is the const type for Conditions", - "type": "string" - } + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" }, - "required": [ - "status", - "type" - ], - "type": "object" + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "creationTime": { - "format": "date-time", - "nullable": true, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified Kubernetes\nscheduler. If not specified, the pod will be dispatched by the default\nscheduler. More info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/", "type": "string" }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", + "seccompProfile": { + "description": "The SeccompProfile applied to every Pod and Container.\nDefaults to: `RuntimeDefault`", "properties": { - "message": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, - "time": { - "format": "date-time", + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, + "required": [ + "type" + ], "type": "object" }, - "indications": { - "items": { - "description": "Indication is a way to indicate the state of the vm when taking the snapshot", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "phase": { - "description": "VirtualMachineSnapshotPhase is the current phase of the VirtualMachineSnapshot", - "type": "string" - }, - "readyToUse": { - "type": "boolean" - }, - "snapshotVolumes": { - "description": "SnapshotVolumesLists includes the list of volumes which were included in the snapshot and volumes which were excluded from the snapshot", + "serviceAccountTemplate": { + "description": "Configure the generation of the service account", "properties": { - "excludedVolumes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "includedVolumes": { - "items": { - "type": "string" + "metadata": { + "description": "Metadata are the metadata to be used for the generated\nservice account", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "The name of the resource. Only supported for certain types", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "set" + "type": "object" } }, + "required": [ + "metadata" + ], "type": "object" }, - "sourceUID": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" + "smartShutdownTimeout": { + "default": 180, + "description": "The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete.\nMake sure you reserve enough time for the operator to request a fast shutdown of Postgres\n(that is: `stopDelay` - `smartShutdownTimeout`).", + "format": "int32", + "type": "integer" }, - "virtualMachineSnapshotContentName": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshot", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotContent": { - "description": "VirtualMachineSnapshotContent contains the snapshot data", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineSnapshotContentSpec is the spec for a VirtualMachineSnapshotContent resource", - "properties": { - "source": { - "description": "SourceSpec contains the appropriate spec for the resource being snapshotted", + "startDelay": { + "default": 3600, + "description": "The time in seconds that is allowed for a PostgreSQL instance to\nsuccessfully start up (default 3600).\nThe startup probe failure threshold is derived from this value using the formula:\nceiling(startDelay / 10).", + "format": "int32", + "type": "integer" + }, + "stopDelay": { + "default": 1800, + "description": "The time in seconds that is allowed for a PostgreSQL instance to\ngracefully shutdown (default 1800)", + "format": "int32", + "type": "integer" + }, + "storage": { + "description": "Configuration of the storage of the instances", "properties": { - "virtualMachine": { + "pvcTemplate": { + "description": "Template to be used to generate the Persistent Volume Claim", "properties": { - "metadata": { - "nullable": true, + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-map-type": "atomic" }, - "spec": { - "description": "VirtualMachineSpec contains the VirtualMachine specification.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { - "dataVolumeTemplates": { - "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", - "items": { - "nullable": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "spec": { - "description": "DataVolumeSpec contains the DataVolume specification.", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" - }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" - } - }, - "required": [ - "current", - "previous" - ], - "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" - }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } - }, - "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" - }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "status": { - "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", - "nullable": true, - "type": "object" + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "spec" + "key", + "operator" ], "type": "object" }, - "type": "array" - }, - "instancetype": { - "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", - "type": "string" - }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "preference": { - "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", - "type": "string" - }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "runStrategy": { - "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", - "type": "string" - }, - "running": { - "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", - "type": "boolean" - }, - "template": { - "description": "Template is the direct specification of VirtualMachineInstance", - "properties": { - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", - "properties": { - "accessCredentials": { - "description": "Specifies a set of public keys to inject into the vm guest", - "items": { - "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", - "properties": { - "sshPublicKey": { - "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", - "properties": { - "propagationMethod": { - "description": "PropagationMethod represents how the public key is injected into the vm guest.", - "properties": { - "configDrive": { - "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", - "type": "object" - }, - "noCloud": { - "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", - "type": "object" - }, - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "properties": { - "users": { - "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "required": [ - "users" - ], - "type": "object" - } - }, - "type": "object" - }, - "source": { - "description": "Source represents where the public keys are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "propagationMethod", - "source" - ], - "type": "object" - }, - "userPassword": { - "description": "UserPassword represents the source and method for applying a guest user's\npassword", - "properties": { - "propagationMethod": { - "description": "propagationMethod represents how the user passwords are injected into the vm guest.", - "properties": { - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "type": "object" - } - }, - "type": "object" - }, - "source": { - "description": "Source represents where the user passwords are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "propagationMethod", - "source" - ], - "type": "object" - } - }, - "type": "object" - }, - "maxItems": 256, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "affinity": { - "description": "If affinity is specifies, obey all the affinity rules", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "resizeInUseVolumes": { + "default": true, + "description": "Resize existent PVCs, defaults to true", + "type": "boolean" + }, + "size": { + "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", + "type": "string" + }, + "storageClass": { + "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", + "type": "string" + } + }, + "type": "object" + }, + "superuserSecret": { + "description": "The secret containing the superuser password. If not defined a new\nsecret will be created with a randomly generated password", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "switchoverDelay": { + "default": 3600, + "description": "The time in seconds that is allowed for a primary PostgreSQL instance\nto gracefully shutdown during a switchover.\nDefault value is 3600 seconds (1 hour).", + "format": "int32", + "type": "integer" + }, + "tablespaces": { + "description": "The tablespaces configuration", + "items": { + "description": "TablespaceConfiguration is the configuration of a tablespace, and includes\nthe storage specification for the tablespace", + "properties": { + "name": { + "description": "The name of the tablespace", + "type": "string" + }, + "owner": { + "description": "Owner is the PostgreSQL user owning the tablespace", + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "storage": { + "description": "The storage configuration for the tablespace", + "properties": { + "pvcTemplate": { + "description": "Template to be used to generate the Persistent Volume Claim", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" } - }, - "type": "object" + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "architecture": { - "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", - "type": "string" + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -308522,1670 +260164,2454 @@ "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "domain": { - "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", - "properties": { - "chassis": { - "description": "Chassis specifies the chassis info passed to the domain.", - "properties": { - "asset": { - "type": "string" - }, - "manufacturer": { - "type": "string" - }, - "serial": { - "type": "string" - }, - "sku": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "clock": { - "description": "Clock sets the clock and timers of the vmi.", - "properties": { - "timer": { - "description": "Timer specifies whih timers are attached to the vmi.", - "properties": { - "hpet": { - "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "pit": { - "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "rtc": { - "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", - "type": "string" - }, - "track": { - "description": "Track the guest or the wall clock.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "timezone": { - "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", - "type": "string" - }, - "utc": { - "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", - "properties": { - "offsetSeconds": { - "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "cpu": { - "description": "CPU allow specified the detailed CPU topology inside the vmi.", - "properties": { - "cores": { - "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "dedicatedCpuPlacement": { - "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", - "type": "boolean" - }, - "features": { - "description": "Features specifies the CPU features list inside the VMI.", - "items": { - "description": "CPUFeature allows specifying a CPU feature.", - "properties": { - "name": { - "description": "Name of the CPU feature", - "type": "string" - }, - "policy": { - "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "isolateEmulatorThread": { - "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", - "type": "boolean" - }, - "maxSockets": { - "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", - "format": "int32", - "type": "integer" - }, - "model": { - "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", - "type": "string" - }, - "numa": { - "description": "NUMA allows specifying settings for the guest NUMA topology", - "properties": { - "guestMappingPassthrough": { - "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", - "type": "object" - } - }, - "type": "object" - }, - "realtime": { - "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", - "properties": { - "mask": { - "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", - "type": "string" - } - }, - "type": "object" - }, - "sockets": { - "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "threads": { - "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "devices": { - "description": "Devices allows adding disks, network interfaces, and others", - "properties": { - "autoattachGraphicsDevice": { - "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachInputDevice": { - "description": "Whether to attach an Input Device.\nDefaults to false.", - "type": "boolean" - }, - "autoattachMemBalloon": { - "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", - "type": "boolean" - }, - "autoattachPodInterface": { - "description": "Whether to attach a pod network interface. Defaults to true.", - "type": "boolean" - }, - "autoattachSerialConsole": { - "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachVSOCK": { - "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", - "type": "boolean" - }, - "blockMultiQueue": { - "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", - "type": "boolean" - }, - "clientPassthrough": { - "description": "To configure and access client devices such as redirecting USB", - "type": "object" - }, - "disableHotplug": { - "description": "DisableHotplug disabled the ability to hotplug disks.", - "type": "boolean" - }, - "disks": { - "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", - "items": { - "properties": { - "blockSize": { - "description": "If specified, the virtual disk will be presented with the given block sizes.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", - "type": "integer" - }, - "cache": { - "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", - "type": "string" - }, - "cdrom": { - "description": "Attach a volume as a cdrom to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to true.", - "type": "boolean" - }, - "tray": { - "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", - "type": "string" - } - }, - "type": "object" - }, - "dedicatedIOThread": { - "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", - "type": "boolean" - }, - "disk": { - "description": "Attach a volume as a disk to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", - "type": "string" - }, - "pciAddress": { - "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "errorPolicy": { - "description": "If specified, it can change the default error policy (stop) for the disk", - "type": "string" - }, - "io": { - "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", - "type": "string" - }, - "lun": { - "description": "Attach a volume as a LUN to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - }, - "reservation": { - "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", - "type": "boolean" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "serial": { - "description": "Serial provides the ability to specify a serial number for the disk device.", - "type": "string" - }, - "shareable": { - "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", - "type": "boolean" - }, - "tag": { - "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "downwardMetrics": { - "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", - "type": "object" - }, - "filesystems": { - "description": "Filesystems describes filesystem which is connected to the vmi.", - "items": { - "properties": { - "name": { - "description": "Name is the device name", - "type": "string" - }, - "virtiofs": { - "description": "Virtiofs is supported", - "type": "object" - } - }, - "required": [ - "name", - "virtiofs" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "gpus": { - "description": "Whether to attach a GPU device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "description": "Name of the GPU device as exposed by a device plugin", - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - }, - "virtualGPUOptions": { - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "hostDevices": { - "description": "Whether to attach a host device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "inputs": { - "description": "Inputs describe input devices", - "items": { - "properties": { - "bus": { - "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", - "type": "string" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "type": { - "description": "Type indicated the type of input device.\nSupported values: tablet.", - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "interfaces": { - "description": "Interfaces describe network interfaces which are added to the vmi.", - "items": { - "properties": { - "acpiIndex": { - "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", - "type": "integer" - }, - "binding": { - "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", - "properties": { - "name": { - "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", - "type": "integer" - }, - "bridge": { - "description": "InterfaceBridge connects to a given network via a linux bridge.", - "type": "object" - }, - "dhcpOptions": { - "description": "If specified the network interface will pass additional DHCP options to the VMI", - "properties": { - "bootFileName": { - "description": "If specified will pass option 67 to interface's DHCP server", - "type": "string" - }, - "ntpServers": { - "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", - "items": { - "type": "string" - }, - "type": "array" - }, - "privateOptions": { - "description": "If specified will pass extra DHCP options for private use, range: 224-254", - "items": { - "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", - "properties": { - "option": { - "description": "Option is an Integer value from 224-254\nRequired.", - "type": "integer" - }, - "value": { - "description": "Value is a String value for the Option provided\nRequired.", - "type": "string" - } - }, - "required": [ - "option", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "tftpServerName": { - "description": "If specified will pass option 66 to interface's DHCP server", - "type": "string" - } - }, - "type": "object" - }, - "macAddress": { - "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", - "type": "string" - }, - "macvtap": { - "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "masquerade": { - "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", - "type": "object" - }, - "model": { - "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", - "type": "string" - }, - "name": { - "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", - "type": "string" - }, - "passt": { - "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "pciAddress": { - "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "ports": { - "description": "List of ports to be forwarded to the virtual machine.", - "items": { - "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", - "properties": { - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "port": { - "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "protocol": { - "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array" - }, - "slirp": { - "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", - "type": "object" - }, - "sriov": { - "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", - "type": "object" - }, - "state": { - "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "logSerialConsole": { - "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", - "type": "boolean" - }, - "networkInterfaceMultiqueue": { - "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", - "type": "boolean" - }, - "panicDevices": { - "description": "PanicDevices provides additional crash information when a guest crashes.", - "items": { - "properties": { - "model": { - "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "rng": { - "description": "Whether to have random number generator from host", - "type": "object" - }, - "sound": { - "description": "Whether to emulate a sound device.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "resizeInUseVolumes": { + "default": true, + "description": "Resize existent PVCs, defaults to true", + "type": "boolean" + }, + "size": { + "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", + "type": "string" + }, + "storageClass": { + "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", + "type": "string" + } + }, + "type": "object" + }, + "temporary": { + "default": false, + "description": "When set to true, the tablespace will be added as a `temp_tablespaces`\nentry in PostgreSQL, and will be available to automatically house temp\ndatabase objects, or other temporary files. Please refer to PostgreSQL\ndocumentation for more information on the `temp_tablespaces` GUC.", + "type": "boolean" + } + }, + "required": [ + "name", + "storage" + ], + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints specifies how to spread matching pods among the given topology.\nMore info:\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array" + }, + "walStorage": { + "description": "Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)", + "properties": { + "pvcTemplate": { + "description": "Template to be used to generate the Persistent Volume Claim", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "resizeInUseVolumes": { + "default": true, + "description": "Resize existent PVCs, defaults to true", + "type": "boolean" + }, + "size": { + "description": "Size of the storage. Required if not already specified in the PVC template.\nChanges to this field are automatically reapplied to the created PVCs.\nSize cannot be decreased.", + "type": "string" + }, + "storageClass": { + "description": "StorageClass to use for PVCs. Applied after\nevaluating the PVC template, if available.\nIf not specified, the generated PVCs will use the\ndefault storage class", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "instances" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "imageName and imageCatalogRef are mutually exclusive", + "rule": "!(has(self.imageCatalogRef) && has(self.imageName))" + } + ] + }, + "status": { + "description": "Most recently observed status of the cluster. This data may not be up\nto date. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "availableArchitectures": { + "description": "AvailableArchitectures reports the available architectures of a cluster", + "items": { + "description": "AvailableArchitecture represents the state of a cluster's architecture", + "properties": { + "goArch": { + "description": "GoArch is the name of the executable architecture", + "type": "string" + }, + "hash": { + "description": "Hash is the hash of the executable", + "type": "string" + } + }, + "required": [ + "goArch", + "hash" + ], + "type": "object" + }, + "type": "array" + }, + "certificates": { + "description": "The configuration for the CA and related certificates, initialized with defaults.", + "properties": { + "clientCASecret": { + "description": "The secret containing the Client CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate all the client certificates.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the client certificates,\nused as `ssl_ca_file` of all the instances.
\n- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,\nthis can be omitted.
", + "type": "string" + }, + "expirations": { + "additionalProperties": { + "type": "string" + }, + "description": "Expiration dates for all certificates.", + "type": "object" + }, + "replicationTLSSecret": { + "description": "The secret of type kubernetes.io/tls containing the client certificate to authenticate as\nthe `streaming_replica` user.\nIf not defined, ClientCASecret must provide also `ca.key`, and a new secret will be\ncreated using the provided CA.", + "type": "string" + }, + "serverAltDNSNames": { + "description": "The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serverCASecret": { + "description": "The secret containing the Server CA certificate. If not defined, a new secret will be created\nwith a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.
\n
\nContains:
\n
\n- `ca.crt`: CA that should be used to validate the server certificate,\nused as `sslrootcert` in client connection strings.
\n- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,\nthis can be omitted.
", + "type": "string" + }, + "serverTLSSecret": { + "description": "The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as\n`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.\nIf not defined, ServerCASecret must provide also `ca.key` and a new secret will be\ncreated using the provided CA.", + "type": "string" + } + }, + "type": "object" + }, + "cloudNativePGCommitHash": { + "description": "The commit hash number of which this operator running", + "type": "string" + }, + "cloudNativePGOperatorHash": { + "description": "The hash of the binary of the operator", + "type": "string" + }, + "conditions": { + "description": "Conditions for cluster object", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "configMapResourceVersion": { + "description": "The list of resource versions of the configmaps,\nmanaged by the operator. Every change here is done in the\ninterest of the instance manager, which will refresh the\nconfigmap data", + "properties": { + "metrics": { + "additionalProperties": { + "type": "string" + }, + "description": "A map with the versions of all the config maps used to pass metrics.\nMap keys are the config map names, map values are the versions", + "type": "object" + } + }, + "type": "object" + }, + "currentPrimary": { + "description": "Current primary instance", + "type": "string" + }, + "currentPrimaryFailingSinceTimestamp": { + "description": "The timestamp when the primary was detected to be unhealthy\nThis field is reported when `.spec.failoverDelay` is populated or during online upgrades", + "type": "string" + }, + "currentPrimaryTimestamp": { + "description": "The timestamp when the last actual promotion to primary has occurred", + "type": "string" + }, + "danglingPVC": { + "description": "List of all the PVCs created by this cluster and still available\nwhich are not attached to a Pod", + "items": { + "type": "string" + }, + "type": "array" + }, + "demotionToken": { + "description": "DemotionToken is a JSON token containing the information\nfrom pg_controldata such as Database system identifier, Latest checkpoint's\nTimeLineID, Latest checkpoint's REDO location, Latest checkpoint's REDO\nWAL file, and Time of latest checkpoint", + "type": "string" + }, + "firstRecoverabilityPoint": { + "description": "The first recoverability point, stored as a date in RFC3339 format.\nThis field is calculated from the content of FirstRecoverabilityPointByMethod.\n\nDeprecated: the field is not set for backup plugins.", + "type": "string" + }, + "firstRecoverabilityPointByMethod": { + "additionalProperties": { + "format": "date-time", + "type": "string" + }, + "description": "The first recoverability point, stored as a date in RFC3339 format, per backup method type.\n\nDeprecated: the field is not set for backup plugins.", + "type": "object" + }, + "healthyPVC": { + "description": "List of all the PVCs not dangling nor initializing", + "items": { + "type": "string" + }, + "type": "array" + }, + "image": { + "description": "Image contains the image name used by the pods", + "type": "string" + }, + "initializingPVC": { + "description": "List of all the PVCs that are being initialized by this cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceNames": { + "description": "List of instance names in the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "instances": { + "description": "The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods.", + "type": "integer" + }, + "instancesReportedState": { + "additionalProperties": { + "description": "InstanceReportedState describes the last reported state of an instance during a reconciliation loop", + "properties": { + "ip": { + "description": "IP address of the instance", + "type": "string" + }, + "isPrimary": { + "description": "indicates if an instance is the primary one", + "type": "boolean" + }, + "timeLineID": { + "description": "indicates on which TimelineId the instance is", + "type": "integer" + } + }, + "required": [ + "isPrimary" + ], + "type": "object" + }, + "description": "The reported state of the instances during the last reconciliation loop", + "type": "object" + }, + "instancesStatus": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "InstancesStatus indicates in which status the instances are", + "type": "object" + }, + "jobCount": { + "description": "How many Jobs have been created by this cluster", + "format": "int32", + "type": "integer" + }, + "lastFailedBackup": { + "description": "Last failed backup, stored as a date in RFC3339 format.\n\nDeprecated: the field is not set for backup plugins.", + "type": "string" + }, + "lastPromotionToken": { + "description": "LastPromotionToken is the last verified promotion token that\nwas used to promote a replica cluster", + "type": "string" + }, + "lastSuccessfulBackup": { + "description": "Last successful backup, stored as a date in RFC3339 format.\nThis field is calculated from the content of LastSuccessfulBackupByMethod.\n\nDeprecated: the field is not set for backup plugins.", + "type": "string" + }, + "lastSuccessfulBackupByMethod": { + "additionalProperties": { + "format": "date-time", + "type": "string" + }, + "description": "Last successful backup, stored as a date in RFC3339 format, per backup method type.\n\nDeprecated: the field is not set for backup plugins.", + "type": "object" + }, + "latestGeneratedNode": { + "description": "ID of the latest generated node (used to avoid node name clashing)", + "type": "integer" + }, + "managedRolesStatus": { + "description": "ManagedRolesStatus reports the state of the managed roles in the cluster", + "properties": { + "byStatus": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "ByStatus gives the list of roles in each state", + "type": "object" + }, + "cannotReconcile": { + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": "CannotReconcile lists roles that cannot be reconciled in PostgreSQL,\nwith an explanation of the cause", + "type": "object" + }, + "passwordStatus": { + "additionalProperties": { + "description": "PasswordState represents the state of the password of a managed RoleConfiguration", + "properties": { + "resourceVersion": { + "description": "the resource version of the password secret", + "type": "string" + }, + "transactionID": { + "description": "the last transaction ID to affect the role definition in PostgreSQL", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "description": "PasswordStatus gives the last transaction id and password secret version for each managed role", + "type": "object" + } + }, + "type": "object" + }, + "onlineUpdateEnabled": { + "description": "OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster", + "type": "boolean" + }, + "pgDataImageInfo": { + "description": "PGDataImageInfo contains the details of the latest image that has run on the current data directory.", + "properties": { + "image": { + "description": "Image is the image name", + "type": "string" + }, + "majorVersion": { + "description": "MajorVersion is the major version of the image", + "type": "integer" + } + }, + "required": [ + "image", + "majorVersion" + ], + "type": "object" + }, + "phase": { + "description": "Current phase of the cluster", + "type": "string" + }, + "phaseReason": { + "description": "Reason for the current phase", + "type": "string" + }, + "pluginStatus": { + "description": "PluginStatus is the status of the loaded plugins", + "items": { + "description": "PluginStatus is the status of a loaded plugin", + "properties": { + "backupCapabilities": { + "description": "BackupCapabilities are the list of capabilities of the\nplugin regarding the Backup management", + "items": { + "type": "string" + }, + "type": "array" + }, + "capabilities": { + "description": "Capabilities are the list of capabilities of the\nplugin", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Name is the name of the plugin", + "type": "string" + }, + "operatorCapabilities": { + "description": "OperatorCapabilities are the list of capabilities of the\nplugin regarding the reconciler", + "items": { + "type": "string" + }, + "type": "array" + }, + "restoreJobHookCapabilities": { + "description": "RestoreJobHookCapabilities are the list of capabilities of the\nplugin regarding the RestoreJobHook management", + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "description": "Status contain the status reported by the plugin through the SetStatusInCluster interface", + "type": "string" + }, + "version": { + "description": "Version is the version of the plugin loaded by the\nlatest reconciliation loop", + "type": "string" + }, + "walCapabilities": { + "description": "WALCapabilities are the list of capabilities of the\nplugin regarding the WAL management", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "type": "array" + }, + "poolerIntegrations": { + "description": "The integration needed by poolers referencing the cluster", + "properties": { + "pgBouncerIntegration": { + "description": "PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster", + "properties": { + "secrets": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "pvcCount": { + "description": "How many PVCs have been created by this cluster", + "format": "int32", + "type": "integer" + }, + "readService": { + "description": "Current list of read pods", + "type": "string" + }, + "readyInstances": { + "description": "The total number of ready instances in the cluster. It is equal to the number of ready instance pods.", + "type": "integer" + }, + "resizingPVC": { + "description": "List of all the PVCs that have ResizingPVC condition.", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretsResourceVersion": { + "description": "The list of resource versions of the secrets\nmanaged by the operator. Every change here is done in the\ninterest of the instance manager, which will refresh the\nsecret data", + "properties": { + "applicationSecretVersion": { + "description": "The resource version of the \"app\" user secret", + "type": "string" + }, + "barmanEndpointCA": { + "description": "The resource version of the Barman Endpoint CA if provided", + "type": "string" + }, + "caSecretVersion": { + "description": "Unused. Retained for compatibility with old versions.", + "type": "string" + }, + "clientCaSecretVersion": { + "description": "The resource version of the PostgreSQL client-side CA secret version", + "type": "string" + }, + "externalClusterSecretVersion": { + "additionalProperties": { + "type": "string" + }, + "description": "The resource versions of the external cluster secrets", + "type": "object" + }, + "managedRoleSecretVersion": { + "additionalProperties": { + "type": "string" + }, + "description": "The resource versions of the managed roles secrets", + "type": "object" + }, + "metrics": { + "additionalProperties": { + "type": "string" + }, + "description": "A map with the versions of all the secrets used to pass metrics.\nMap keys are the secret names, map values are the versions", + "type": "object" + }, + "replicationSecretVersion": { + "description": "The resource version of the \"streaming_replica\" user secret", + "type": "string" + }, + "serverCaSecretVersion": { + "description": "The resource version of the PostgreSQL server-side CA secret version", + "type": "string" + }, + "serverSecretVersion": { + "description": "The resource version of the PostgreSQL server-side secret version", + "type": "string" + }, + "superuserSecretVersion": { + "description": "The resource version of the \"postgres\" user secret", + "type": "string" + } + }, + "type": "object" + }, + "switchReplicaClusterStatus": { + "description": "SwitchReplicaClusterStatus is the status of the switch to replica cluster", + "properties": { + "inProgress": { + "description": "InProgress indicates if there is an ongoing procedure of switching a cluster to a replica cluster.", + "type": "boolean" + } + }, + "type": "object" + }, + "systemID": { + "description": "SystemID is the latest detected PostgreSQL SystemID", + "type": "string" + }, + "tablespacesStatus": { + "description": "TablespacesStatus reports the state of the declarative tablespaces in the cluster", + "items": { + "description": "TablespaceState represents the state of a tablespace in a cluster", + "properties": { + "error": { + "description": "Error is the reconciliation error, if any", + "type": "string" + }, + "name": { + "description": "Name is the name of the tablespace", + "type": "string" + }, + "owner": { + "description": "Owner is the PostgreSQL user owning the tablespace", + "type": "string" + }, + "state": { + "description": "State is the latest reconciliation state", + "type": "string" + } + }, + "required": [ + "name", + "state" + ], + "type": "object" + }, + "type": "array" + }, + "targetPrimary": { + "description": "Target primary instance, this is different from the previous one\nduring a switchover or a failover", + "type": "string" + }, + "targetPrimaryTimestamp": { + "description": "The timestamp when the last request for a new primary has occurred", + "type": "string" + }, + "timelineID": { + "description": "The timeline of the Postgres cluster", + "type": "integer" + }, + "topology": { + "description": "Instances topology.", + "properties": { + "instances": { + "additionalProperties": { + "additionalProperties": { + "type": "string" + }, + "description": "PodTopologyLabels represent the topology of a Pod. map[labelName]labelValue", + "type": "object" + }, + "description": "Instances contains the pod topology of the instances", + "type": "object" + }, + "nodesUsed": { + "description": "NodesUsed represents the count of distinct nodes accommodating the instances.\nA value of '1' suggests that all instances are hosted on a single node,\nimplying the absence of High Availability (HA). Ideally, this value should\nbe the same as the number of instances in the Postgres HA cluster, implying\nshared nothing architecture on the compute side.", + "format": "int32", + "type": "integer" + }, + "successfullyExtracted": { + "description": "SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors\nin synchronous replica election in case of failures", + "type": "boolean" + } + }, + "type": "object" + }, + "unusablePVC": { + "description": "List of all the PVCs that are unusable because another PVC is missing", + "items": { + "type": "string" + }, + "type": "array" + }, + "writeService": { + "description": "Current write pod", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "Cluster", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ClusterImageCatalog": { + "description": "ClusterImageCatalog is the Schema for the clusterimagecatalogs API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the ClusterImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "images": { + "description": "List of CatalogImages available in the catalog", + "items": { + "description": "CatalogImage defines the image and major version", + "properties": { + "image": { + "description": "The image reference", + "type": "string" + }, + "major": { + "description": "The PostgreSQL major version of the image. Must be unique within the catalog.", + "minimum": 10, + "type": "integer" + } + }, + "required": [ + "image", + "major" + ], + "type": "object" + }, + "maxItems": 8, + "minItems": 1, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "Images must have unique major versions", + "rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)" + } + ] + } + }, + "required": [ + "images" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ClusterImageCatalog", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ClusterImageCatalogList": { + "description": "ClusterImageCatalogList is a list of ClusterImageCatalog", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of clusterimagecatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ClusterImageCatalog" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ClusterImageCatalogList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ClusterList": { + "description": "ClusterList is a list of Cluster", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of clusters. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Cluster" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ClusterList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/Database": { + "description": "Database is the Schema for the databases API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired Database.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "allowConnections": { + "description": "Maps to the `ALLOW_CONNECTIONS` parameter of `CREATE DATABASE` and\n`ALTER DATABASE`. If false then no one can connect to this database.", + "type": "boolean" + }, + "builtinLocale": { + "description": "Maps to the `BUILTIN_LOCALE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. Specifies the locale name when the\nbuiltin provider is used. This option requires `localeProvider` to\nbe set to `builtin`. Available from PostgreSQL 17.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "builtinLocale is immutable", + "rule": "self == oldSelf" + } + ] + }, + "cluster": { + "description": "The name of the PostgreSQL cluster hosting the database.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "collationVersion": { + "description": "Maps to the `COLLATION_VERSION` parameter of `CREATE DATABASE`. This\nsetting cannot be changed.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "collationVersion is immutable", + "rule": "self == oldSelf" + } + ] + }, + "connectionLimit": { + "description": "Maps to the `CONNECTION LIMIT` clause of `CREATE DATABASE` and\n`ALTER DATABASE`. How many concurrent connections can be made to\nthis database. -1 (the default) means no limit.", + "type": "integer" + }, + "databaseReclaimPolicy": { + "default": "retain", + "description": "The policy for end-of-life maintenance of this database.", + "enum": [ + "delete", + "retain" + ], + "type": "string" + }, + "encoding": { + "description": "Maps to the `ENCODING` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Character set encoding to use in the database.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "encoding is immutable", + "rule": "self == oldSelf" + } + ] + }, + "ensure": { + "default": "present", + "description": "Ensure the PostgreSQL database is `present` or `absent` - defaults to \"present\".", + "enum": [ + "present", + "absent" + ], + "type": "string" + }, + "extensions": { + "description": "The list of extensions to be managed in the database", + "items": { + "description": "ExtensionSpec configures an extension in a database", + "properties": { + "ensure": { + "default": "present", + "description": "Specifies whether an extension/schema should be present or absent in\nthe database. If set to `present`, the extension/schema will be\ncreated if it does not exist. If set to `absent`, the\nextension/schema will be removed if it exists.", + "enum": [ + "present", + "absent" + ], + "type": "string" + }, + "name": { + "description": "Name of the extension/schema", + "type": "string" + }, + "schema": { + "description": "The name of the schema in which to install the extension's objects,\nin case the extension allows its contents to be relocated. If not\nspecified (default), and the extension's control file does not\nspecify a schema either, the current default object creation schema\nis used.", + "type": "string" + }, + "version": { + "description": "The version of the extension to install. If empty, the operator will\ninstall the default version (whatever is specified in the\nextension's control file)", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "icuLocale": { + "description": "Maps to the `ICU_LOCALE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. Specifies the ICU locale when the ICU\nprovider is used. This option requires `localeProvider` to be set to\n`icu`. Available from PostgreSQL 15.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "icuLocale is immutable", + "rule": "self == oldSelf" + } + ] + }, + "icuRules": { + "description": "Maps to the `ICU_RULES` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Specifies additional collation rules to customize\nthe behavior of the default collation. This option requires\n`localeProvider` to be set to `icu`. Available from PostgreSQL 16.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "icuRules is immutable", + "rule": "self == oldSelf" + } + ] + }, + "isTemplate": { + "description": "Maps to the `IS_TEMPLATE` parameter of `CREATE DATABASE` and `ALTER\nDATABASE`. If true, this database is considered a template and can\nbe cloned by any user with `CREATEDB` privileges.", + "type": "boolean" + }, + "locale": { + "description": "Maps to the `LOCALE` parameter of `CREATE DATABASE`. This setting\ncannot be changed. Sets the default collation order and character\nclassification in the new database.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "locale is immutable", + "rule": "self == oldSelf" + } + ] + }, + "localeCType": { + "description": "Maps to the `LC_CTYPE` parameter of `CREATE DATABASE`. This setting\ncannot be changed.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "localeCType is immutable", + "rule": "self == oldSelf" + } + ] + }, + "localeCollate": { + "description": "Maps to the `LC_COLLATE` parameter of `CREATE DATABASE`. This\nsetting cannot be changed.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "localeCollate is immutable", + "rule": "self == oldSelf" + } + ] + }, + "localeProvider": { + "description": "Maps to the `LOCALE_PROVIDER` parameter of `CREATE DATABASE`. This\nsetting cannot be changed. This option sets the locale provider for\ndatabases created in the new cluster. Available from PostgreSQL 16.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "localeProvider is immutable", + "rule": "self == oldSelf" + } + ] + }, + "name": { + "description": "The name of the database to create inside PostgreSQL. This setting cannot be changed.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "name is immutable", + "rule": "self == oldSelf" + }, + { + "message": "the name postgres is reserved", + "rule": "self != 'postgres'" + }, + { + "message": "the name template0 is reserved", + "rule": "self != 'template0'" + }, + { + "message": "the name template1 is reserved", + "rule": "self != 'template1'" + } + ] + }, + "owner": { + "description": "Maps to the `OWNER` parameter of `CREATE DATABASE`.\nMaps to the `OWNER TO` command of `ALTER DATABASE`.\nThe role name of the user who owns the database inside PostgreSQL.", + "type": "string" + }, + "schemas": { + "description": "The list of schemas to be managed in the database", + "items": { + "description": "SchemaSpec configures a schema in a database", + "properties": { + "ensure": { + "default": "present", + "description": "Specifies whether an extension/schema should be present or absent in\nthe database. If set to `present`, the extension/schema will be\ncreated if it does not exist. If set to `absent`, the\nextension/schema will be removed if it exists.", + "enum": [ + "present", + "absent" + ], + "type": "string" + }, + "name": { + "description": "Name of the extension/schema", + "type": "string" + }, + "owner": { + "description": "The role name of the user who owns the schema inside PostgreSQL.\nIt maps to the `AUTHORIZATION` parameter of `CREATE SCHEMA` and the\n`OWNER TO` command of `ALTER SCHEMA`.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "tablespace": { + "description": "Maps to the `TABLESPACE` parameter of `CREATE DATABASE`.\nMaps to the `SET TABLESPACE` command of `ALTER DATABASE`.\nThe name of the tablespace (in PostgreSQL) that will be associated\nwith the new database. This tablespace will be the default\ntablespace used for objects created in this database.", + "type": "string" + }, + "template": { + "description": "Maps to the `TEMPLATE` parameter of `CREATE DATABASE`. This setting\ncannot be changed. The name of the template from which to create\nthis database.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "template is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "required": [ + "cluster", + "name", + "owner" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "builtinLocale is only available when localeProvider is set to `builtin`", + "rule": "!has(self.builtinLocale) || self.localeProvider == 'builtin'" + }, + { + "message": "icuLocale is only available when localeProvider is set to `icu`", + "rule": "!has(self.icuLocale) || self.localeProvider == 'icu'" + }, + { + "message": "icuRules is only available when localeProvider is set to `icu`", + "rule": "!has(self.icuRules) || self.localeProvider == 'icu'" + } + ] + }, + "status": { + "description": "Most recently observed status of the Database. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "applied": { + "description": "Applied is true if the database was reconciled correctly", + "type": "boolean" + }, + "extensions": { + "description": "Extensions is the status of the managed extensions", + "items": { + "description": "DatabaseObjectStatus is the status of the managed database objects", + "properties": { + "applied": { + "description": "True of the object has been installed successfully in\nthe database", + "type": "boolean" + }, + "message": { + "description": "Message is the object reconciliation message", + "type": "string" + }, + "name": { + "description": "The name of the object", + "type": "string" + } + }, + "required": [ + "applied", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "message": { + "description": "Message is the reconciliation output message", + "type": "string" + }, + "observedGeneration": { + "description": "A sequence number representing the latest\ndesired state that was synchronized", + "format": "int64", + "type": "integer" + }, + "schemas": { + "description": "Schemas is the status of the managed schemas", + "items": { + "description": "DatabaseObjectStatus is the status of the managed database objects", + "properties": { + "applied": { + "description": "True of the object has been installed successfully in\nthe database", + "type": "boolean" + }, + "message": { + "description": "Message is the object reconciliation message", + "type": "string" + }, + "name": { + "description": "The name of the object", + "type": "string" + } + }, + "required": [ + "applied", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "Database", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/DatabaseList": { + "description": "DatabaseList is a list of Database", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of databases. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Database" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "DatabaseList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/FailoverQuorum": { + "description": "FailoverQuorum contains the information about the current failover\nquorum status of a PG cluster. It is updated by the instance manager\nof the primary node and reset to zero by the operator to trigger\nan update.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "status": { + "description": "Most recently observed status of the failover quorum.", + "properties": { + "method": { + "description": "Contains the latest reported Method value.", + "type": "string" + }, + "primary": { + "description": "Primary is the name of the primary instance that updated\nthis object the latest time.", + "type": "string" + }, + "standbyNames": { + "description": "StandbyNames is the list of potentially synchronous\ninstance names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "standbyNumber": { + "description": "StandbyNumber is the number of synchronous standbys that transactions\nneed to wait for replies from.", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "FailoverQuorum", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/FailoverQuorumList": { + "description": "FailoverQuorumList is a list of FailoverQuorum", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of failoverquorums. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.FailoverQuorum" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "FailoverQuorumList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ImageCatalog": { + "description": "ImageCatalog is the Schema for the imagecatalogs API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the ImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "images": { + "description": "List of CatalogImages available in the catalog", + "items": { + "description": "CatalogImage defines the image and major version", + "properties": { + "image": { + "description": "The image reference", + "type": "string" + }, + "major": { + "description": "The PostgreSQL major version of the image. Must be unique within the catalog.", + "minimum": 10, + "type": "integer" + } + }, + "required": [ + "image", + "major" + ], + "type": "object" + }, + "maxItems": 8, + "minItems": 1, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "Images must have unique major versions", + "rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)" + } + ] + } + }, + "required": [ + "images" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ImageCatalog", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ImageCatalogList": { + "description": "ImageCatalogList is a list of ImageCatalog", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of imagecatalogs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ImageCatalog" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ImageCatalogList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/Pooler": { + "description": "Pooler is the Schema for the poolers API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the Pooler.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "cluster": { + "description": "This is the cluster reference on which the Pooler will work.\nPooler name should never match with any cluster name within the same namespace.", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "deploymentStrategy": { + "description": "The deployment strategy to use for pgbouncer to replace existing pods with new ones", + "properties": { + "rollingUpdate": { + "description": "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.", + "properties": { + "maxSurge": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods.", + "x-kubernetes-int-or-string": true + }, + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods.", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "type": { + "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", + "type": "string" + } + }, + "type": "object" + }, + "instances": { + "default": 1, + "description": "The number of replicas we want. Default: 1.", + "format": "int32", + "type": "integer" + }, + "monitoring": { + "description": "The configuration of the monitoring infrastructure of this pooler.", + "properties": { + "enablePodMonitor": { + "default": false, + "description": "Enable or disable the `PodMonitor`", + "type": "boolean" + }, + "podMonitorMetricRelabelings": { + "description": "The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "podMonitorRelabelings": { + "description": "The list of relabelings for the `PodMonitor`. Applied to samples before scraping.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "pgbouncer": { + "description": "The PgBouncer configuration", + "properties": { + "authQuery": { + "description": "The query that will be used to download the hash of the password\nof a certain user. Default: \"SELECT usename, passwd FROM public.user_search($1)\".\nIn case it is specified, also an AuthQuerySecret has to be specified and\nno automatic CNPG Cluster integration will be triggered.", + "type": "string" + }, + "authQuerySecret": { + "description": "The credentials of the user that need to be used for the authentication\nquery. In case it is specified, also an AuthQuery\n(e.g. \"SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1\")\nhas to be specified and no automatic CNPG Cluster integration will be triggered.", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Additional parameters to be passed to PgBouncer - please check\nthe CNPG documentation for a list of options you can configure", + "type": "object" + }, + "paused": { + "default": false, + "description": "When set to `true`, PgBouncer will disconnect from the PostgreSQL\nserver, first waiting for all queries to complete, and pause all new\nclient connections until this value is set to `false` (default). Internally,\nthe operator calls PgBouncer's `PAUSE` and `RESUME` commands.", + "type": "boolean" + }, + "pg_hba": { + "description": "PostgreSQL Host Based Authentication rules (lines to be appended\nto the pg_hba.conf file)", + "items": { + "type": "string" + }, + "type": "array" + }, + "poolMode": { + "default": "session", + "description": "The pool mode. Default: `session`.", + "enum": [ + "session", + "transaction" + ], + "type": "string" + } + }, + "type": "object" + }, + "serviceTemplate": { + "description": "Template for the Service to be created", + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "The name of the resource. Only supported for certain types", + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "Specification of the desired behavior of the service.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically\nallocated for services with type LoadBalancer. Default is \"true\". It\nmay be set to \"false\" if the cluster load-balancer does not rely on\nNodePorts. If the caller requests specific NodePorts (by specifying a\nvalue), those requests will be respected, regardless of this field.\nThis field may only be set for services with type LoadBalancer and will\nbe cleared if the type is changed to any other type.", + "type": "boolean" + }, + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned\nrandomly. If an address is specified manually, is in-range (as per\nsystem configuration), and is not in use, it will be allocated to the\nservice; otherwise creation of the service will fail. This field may not\nbe changed through updates unless the type field is also being changed\nto ExternalName (which requires this field to be blank) or the type\nfield is being changed from ExternalName (in which case this field may\noptionally be specified, as describe above). Valid values are \"None\",\nempty string (\"\"), or a valid IP address. Setting this to \"None\" makes a\n\"headless service\" (no virtual IP), which is useful when direct endpoint\nconnections are preferred and proxying is not required. Only applies to\ntypes ClusterIP, NodePort, and LoadBalancer. If this field is specified\nwhen creating a Service of type ExternalName, creation will fail. This\nfield will be wiped when updating a Service to type ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are\nusually assigned randomly. If an address is specified manually, is\nin-range (as per system configuration), and is not in use, it will be\nallocated to the service; otherwise creation of the service will fail.\nThis field may not be changed through updates unless the type field is\nalso being changed to ExternalName (which requires this field to be\nempty) or the type field is being changed from ExternalName (in which\ncase this field may optionally be specified, as describe above). Valid\nvalues are \"None\", empty string (\"\"), or a valid IP address. Setting\nthis to \"None\" makes a \"headless service\" (no virtual IP), which is\nuseful when direct endpoint connections are preferred and proxying is\nnot required. Only applies to types ClusterIP, NodePort, and\nLoadBalancer. If this field is specified when creating a Service of type\nExternalName, creation will fail. This field will be wiped when updating\na Service to type ExternalName. If this field is not specified, it will\nbe initialized from the clusterIP field. If this field is specified,\nclients must ensure that clusterIPs[0] and clusterIP have the same\nvalue.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order).\nThese IPs must correspond to the values of the ipFamilies field. Both\nclusterIPs and ipFamilies are governed by the ipFamilyPolicy field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster\nwill also accept traffic for this service. These IPs are not managed by\nKubernetes. The user is responsible for ensuring that traffic arrives\nat a node with this IP. A common example is external load-balancers\nthat are not part of the Kubernetes system.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will\nreturn as an alias for this service (e.g. a DNS CNAME record). No\nproxying will be involved. Must be a lowercase RFC-1123 hostname\n(https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts,\nExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure\nthe service in a way that assumes that external load balancers will take care\nof balancing the service traffic between nodes, and so each node will deliver\ntraffic only to the node-local endpoints of the service, without masquerading\nthe client source IP. (Traffic mistakenly sent to a node with no endpoints will\nbe dropped.) The default value, \"Cluster\", uses the standard behavior of\nrouting to all endpoints evenly (possibly modified by topology and other\nfeatures). Note that traffic sent to an External IP or LoadBalancer IP from\nwithin the cluster will always get \"Cluster\" semantics, but clients sending to\na NodePort from within the cluster may need to take traffic policy into account\nwhen picking a node.", + "type": "string" + }, + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service.\nThis only applies when type is set to LoadBalancer and\nexternalTrafficPolicy is set to Local. If a value is specified, is\nin-range, and is not in use, it will be used. If not specified, a value\nwill be automatically allocated. External systems (e.g. load-balancers)\ncan use this port to determine if a given node holds endpoints for this\nservice or not. If this field is specified when creating a Service\nwhich does not need it, creation will fail. This field will be wiped\nwhen updating a Service to no longer need it (e.g. changing type).\nThis field cannot be updated once set.", + "format": "int32", + "type": "integer" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on the ClusterIP. If set to \"Local\", the proxy will assume that pods\nonly want to talk to endpoints of the service on the same node as the pod,\ndropping the traffic if there are no local endpoints. The default value,\n\"Cluster\", uses the standard behavior of routing to all endpoints evenly\n(possibly modified by topology and other features).", + "type": "string" + }, + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this\nservice. This field is usually assigned automatically based on cluster\nconfiguration and the ipFamilyPolicy field. If this field is specified\nmanually, the requested family is available in the cluster,\nand ipFamilyPolicy allows it, it will be used; otherwise creation of\nthe service will fail. This field is conditionally mutable: it allows\nfor adding or removing a secondary IP family, but it does not allow\nchanging the primary IP family of the Service. Valid values are \"IPv4\"\nand \"IPv6\". This field only applies to Services of types ClusterIP,\nNodePort, and LoadBalancer, and does apply to \"headless\" services.\nThis field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in\neither order). These families must correspond to the values of the\nclusterIPs field, if specified. Both clusterIPs and ipFamilies are\ngoverned by the ipFamilyPolicy field.", + "items": { + "description": "IPFamily represents the IP Family (IPv4 or IPv6). This type is used\nto express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail). The\nipFamilies and clusterIPs fields depend on the value of this field. This\nfield will be wiped when updating a service to type ExternalName.", + "type": "string" + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to.\nIf specified, the value of this field must be a label-style identifier, with an optional prefix,\ne.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users.\nThis field can only be set when the Service type is 'LoadBalancer'. If not set, the default load\nbalancer implementation is used, today this is typically done through the cloud provider integration,\nbut should apply for any default implementation. If set, it is assumed that a load balancer\nimplementation is watching for Services with a matching class. Any default load balancer\nimplementation (e.g. cloud providers) should ignore Services that set this field.\nThis field can only be set when creating or updating a Service to type 'LoadBalancer'.\nOnce set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer.\nThis feature depends on whether the underlying cloud-provider supports specifying\nthe loadBalancerIP when a load balancer is created.\nThis field will be ignored if the cloud-provider does not support the feature.\nDeprecated: This field was under-specified and its meaning varies across implementations.\nUsing it is non-portable and it may not support dual-stack.\nUsers are encouraged to use implementation-specific annotations when available.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider\nload-balancer will be restricted to the specified client IPs. This field will be ignored if the\ncloud-provider does not support the feature.\"\nMore info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ports": { + "description": "The list of ports that are exposed by this service.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "description": "ServicePort contains information on service's port.", + "properties": { + "appProtocol": { + "description": "The application protocol for this port.\nThis is used as a hint for implementations to offer richer behavior for protocols that they understand.\nThis field follows standard Kubernetes label syntax.\nValid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per\nRFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as\nmycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL.\nAll ports within a ServiceSpec must have unique names. When considering\nthe endpoints for a Service, this must match the 'name' field in the\nEndpointPort.\nOptional if only one ServicePort is defined on this service.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is\nNodePort or LoadBalancer. Usually assigned by the system. If a value is\nspecified, in-range, and not in use it will be used, otherwise the\noperation will fail. If not specified, a port will be allocated if this\nService requires one. If this field is specified when creating a\nService which does not need it, creation will fail. This field will be\nwiped when updating a Service to no longer need it (e.g. changing type\nfrom NodePort to ClusterIP).\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "format": "int32", + "type": "integer" + }, + "port": { + "description": "The port that will be exposed by this service.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\".\nDefault is TCP.", + "type": "string" + }, + "targetPort": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the pods targeted by the service.\nNumber must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.\nIf this is a string, it will be looked up as a named port in the\ntarget Pod's container ports. If this is not specified, the value\nof the 'port' field is used (an identity map).\nThis field is ignored for services with clusterIP=None, and should be\nomitted or set equal to the 'port' field.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this\nService should disregard any indications of ready/not-ready.\nThe primary use case for setting this field is for a StatefulSet's Headless Service to\npropagate SRV DNS records for its Pods for the purpose of peer discovery.\nThe Kubernetes controllers that generate Endpoints and EndpointSlice resources for\nServices interpret this to mean that all endpoints are considered \"ready\" even if the\nPods themselves are not. Agents which consume only Kubernetes generated endpoints\nthrough the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "additionalProperties": { + "type": "string" + }, + "description": "Route service traffic to pods with label keys and values matching this\nselector. If empty or not present, the service is assumed to have an\nexternal process managing its endpoints, which Kubernetes will not\nmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.\nIgnored if type is ExternalName.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity.\nEnable client IP based session affinity.\nMust be ClientIP or None.\nDefaults to None.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "sessionAffinityConfig": { + "description": "sessionAffinityConfig contains the configurations of session affinity.", + "properties": { + "clientIP": { + "description": "clientIP contains the configurations of Client IP based session affinity.", + "properties": { + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time.\nThe value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\".\nDefault value is 10800(for 3 hours).", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic\nis distributed to Service endpoints. Implementations can use this field\nas a hint, but are not required to guarantee strict adherence. If the\nfield is not set, the implementation will apply its default routing\nstrategy. If set to \"PreferClose\", implementations should prioritize\nendpoints that are in the same zone.", + "type": "string" + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid\noptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.\n\"ClusterIP\" allocates a cluster-internal IP address for load-balancing\nto endpoints. Endpoints are determined by the selector or if that is not\nspecified, by manual construction of an Endpoints object or\nEndpointSlice objects. If clusterIP is \"None\", no virtual IP is\nallocated and the endpoints are published as a set of endpoints rather\nthan a virtual IP.\n\"NodePort\" builds on ClusterIP and allocates a port on every node which\nroutes to the same endpoints as the clusterIP.\n\"LoadBalancer\" builds on NodePort and creates an external load-balancer\n(if supported in the current cloud) which routes to the same endpoints\nas the clusterIP.\n\"ExternalName\" aliases this service to the specified externalName.\nSeveral other fields do not apply to ExternalName services.\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "template": { + "description": "The template of the Pod to be created", + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", + "type": "object" + }, + "name": { + "description": "The name of the resource. Only supported for certain types", + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "Specification of the desired behavior of the pod.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to\nStartTime before the system will actively try to mark it failed and kill associated containers.\nValue must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "affinity": { + "description": "If specified, the pod's scheduling constraints", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { - "model": { - "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "name": { - "description": "User's defined name for this sound device", + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" }, - "tpm": { - "description": "Whether to emulate a TPM device.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { - "enabled": { - "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", - "type": "boolean" + "key": { + "description": "The label key that the selector applies to.", + "type": "string" }, - "persistent": { - "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "useVirtioTransitional": { - "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", - "type": "boolean" - }, - "video": { - "description": "Video describes the video device configuration for the vmi.", - "properties": { - "type": { - "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" - } - }, - "type": "object" - }, - "watchdog": { - "description": "Watchdog describes a watchdog device which can be added to the vmi.", - "properties": { - "diag288": { - "description": "diag288 watchdog device (specific to s390x architecture).", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } - }, - "type": "object" }, - "i6300esb": { - "description": "i6300esb watchdog device.", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "type": "object" - }, - "name": { - "description": "Name of the watchdog.", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "name" + "key", + "operator" ], "type": "object" - } - }, - "type": "object" - }, - "features": { - "description": "Features like acpi, apic, hyperv, smm.", - "properties": { - "acpi": { - "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "apic": { - "description": "Defaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "endOfInterrupt": { - "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Defaults to the machine type setting.", - "properties": { - "evmcs": { - "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "frequencies": { - "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "ipi": { - "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reenlightenment": { - "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "relaxed": { - "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reset": { - "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "runtime": { - "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "spinlocks": { - "description": "Spinlocks allows to configure the spinlock retry attempts.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "spinlocks": { - "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "synic": { - "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "synictimer": { - "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", - "properties": { - "direct": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "tlbflush": { - "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vapic": { - "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vendorid": { - "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "vendorid": { - "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", - "type": "string" - } - }, - "type": "object" - }, - "vpindex": { - "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hypervPassthrough": { - "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "Configure how KVM presence is exposed to the guest.", - "properties": { - "hidden": { - "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "pvspinlock": { - "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" }, - "smm": { - "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "firmware": { - "description": "Firmware.", - "properties": { - "acpi": { - "description": "Information that can be set in the ACPI table", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { - "msdmNameRef": { - "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", + "key": { + "description": "The label key that the selector applies to.", "type": "string" }, - "slicNameRef": { - "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" - } - }, - "type": "object" - }, - "bootloader": { - "description": "Settings to control the bootloader that is used.", - "properties": { - "bios": { - "description": "If set (default), BIOS will be used.", - "properties": { - "useSerial": { - "description": "If set, the BIOS output will be transmitted over serial", - "type": "boolean" - } - }, - "type": "object" }, - "efi": { - "description": "If set, EFI will be used instead of BIOS.", - "properties": { - "persistent": { - "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", - "type": "boolean" - }, - "secureBoot": { - "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "kernelBoot": { - "description": "Settings to set the kernel for booting.", - "properties": { - "container": { - "description": "Container defines the container that containes kernel artifacts", - "properties": { - "image": { - "description": "Image that contains initrd / kernel files.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "initrdPath": { - "description": "the fully-qualified path to the ramdisk image in the host OS", - "type": "string" - }, - "kernelPath": { - "description": "The fully-qualified path to the kernel image in the host OS", - "type": "string" - } + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" }, - "required": [ - "image" - ], - "type": "object" - }, - "kernelArgs": { - "description": "Arguments to be passed to the kernel at boot time", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "serial": { - "description": "The system-serial-number in SMBIOS", - "type": "string" - }, - "uuid": { - "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", - "type": "string" - } - }, - "type": "object" - }, - "ioThreads": { - "description": "IOThreads specifies the IOThreads options.", - "properties": { - "supplementalPoolThreadCount": { - "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "ioThreadsPolicy": { - "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", - "type": "string" - }, - "launchSecurity": { - "description": "Launch Security setting of the vmi.", - "properties": { - "sev": { - "description": "AMD Secure Encrypted Virtualization (SEV).", + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { - "attestation": { - "description": "If specified, run the attestation process for a vmi.", - "type": "object" - }, - "dhCert": { - "description": "Base64 encoded guest owner's Diffie-Hellman key.", - "type": "string" - }, - "policy": { - "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", - "properties": { - "encryptedState": { - "description": "SEV-ES is required.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "session": { - "description": "Base64 encoded session blob.", + "key": { + "description": "The label key that the selector applies to.", "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "machine": { - "description": "Machine type.", - "properties": { - "type": { - "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", - "type": "string" - } - }, - "type": "object" - }, - "memory": { - "description": "Memory allow specifying the VMI memory features.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "hugepages": { - "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", - "properties": { - "pageSize": { - "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" - } - }, - "type": "object" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" }, - { - "type": "string" - } - ], - "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "type": "object" - }, - "resources": { - "description": "Resources describes the Compute Resources required by this vmi.", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - }, - "overcommitGuestOverhead": { - "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "devices" - ], - "type": "object" - }, - "evictionStrategy": { - "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", - "type": "string" - }, - "hostname": { - "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", - "type": "string" - }, - "livenessProbe": { - "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "networks": { - "description": "List of networks that can be attached to a vm's virtual interface.", - "items": { - "description": "Network represents a network type and a resource that should be connected to the vm.", - "properties": { - "multus": { - "description": "Represents the multus cni network.", - "properties": { - "default": { - "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", - "type": "boolean" - }, - "networkName": { - "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", - "type": "string" - } - }, - "required": [ - "networkName" - ], - "type": "object" - }, - "name": { - "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "pod": { - "description": "Represents the stock pod network interface.", - "properties": { - "vmIPv6NetworkCIDR": { - "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", - "type": "string" - }, - "vmNetworkCIDR": { - "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "readinessProbe": { - "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resourceClaims": { - "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", - "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", - "type": "string" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "schedulerName": { - "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", - "type": "string" - }, - "startStrategy": { - "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", - "type": "string" - }, - "subdomain": { - "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If toleration is specified, obey all the toleration rules.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -310230,1232 +262656,1364 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", - "type": "string" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" + "topologyKey" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "volumes": { - "description": "List of volumes that can be mounted by disks belonging to the vmi.", - "items": { - "description": "Volume represents a named volume in a vmi.", + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "cloudInitConfigDrive": { - "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", - "properties": { - "networkData": { - "description": "NetworkData contains config drive inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains config drive inline cloud-init userdata.", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "userDataBase64": { - "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "cloudInitNoCloud": { - "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", - "properties": { - "networkData": { - "description": "NetworkData contains NoCloud inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains NoCloud inline cloud-init userdata.", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "userDataBase64": { - "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "configMap": { - "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or it's keys must be defined", - "type": "boolean" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "containerDisk": { - "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", - "properties": { - "image": { - "description": "Image is the name of the image with the embedded disk.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "path": { - "description": "Path defines the path to disk file in the container", - "type": "string" - } + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "required": [ - "image" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "dataVolume": { - "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", - "properties": { - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "name": { - "description": "Name of both the DataVolume and the PVC in the same namespace.", - "type": "string" - } + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "downwardAPI": { - "description": "DownwardAPI represents downward API about the pod that should populate this volume", + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { - "fields": { - "description": "Fields is a list of downward API volume file", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "path" + "key", + "operator" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } - }, - "type": "object" - }, - "downwardMetrics": { - "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", - "type": "object" - }, - "emptyDisk": { - "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", - "properties": { - "capacity": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Capacity of the sparse disk.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "capacity" - ], - "type": "object" - }, - "ephemeral": { - "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", - "properties": { - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "claimName" - ], + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" - }, - "hostDisk": { - "description": "HostDisk represents a disk created on the cluster level", - "properties": { - "capacity": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Capacity of the sparse disk", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "path": { - "description": "The path to HostDisk image located on the cluster", - "type": "string" - }, - "shared": { - "description": "Shared indicate whether the path is shared between nodes", - "type": "boolean" - }, - "type": { - "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", - "type": "string" - } - }, - "required": [ - "path", - "type" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "memoryDump": { - "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" }, - "required": [ - "claimName" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" - }, - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - }, - "secret": { - "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", - "properties": { - "optional": { - "description": "Specify whether the Secret or it's keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "serviceAccount": { - "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "properties": { - "serviceAccountName": { - "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - } + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" - }, - "sysprep": { - "description": "Represents a Sysprep volume source.", - "properties": { - "configMap": { - "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "required": [ - "name" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "maxItems": 256, - "type": "array" - } + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "required": [ - "domain" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" - }, - "updateVolumesStrategy": { - "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", - "type": "string" } }, - "required": [ - "template" - ], "type": "object" }, - "status": { - "description": "Status holds the current state of the controller and brief information\nabout its associated VirtualMachineInstance", - "properties": { - "conditions": { - "description": "Hold the state information of the VirtualMachine and its VirtualMachineInstance", - "items": { - "description": "VirtualMachineCondition represents the state of VirtualMachine", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "created": { - "description": "Created indicates if the virtual machine is created in the cluster", - "type": "boolean" - }, - "desiredGeneration": { - "description": "DesiredGeneration is the generation which is desired for the VMI.\nThis will be used in comparisons with ObservedGeneration to understand when\nthe VMI is out of sync. This will be changed at the same time as\nObservedGeneration to remove errors which could occur if Generation is\nupdated through an Update() before ObservedGeneration in Status.", - "format": "int64", - "type": "integer" - }, - "instancetypeRef": { - "description": "InstancetypeRef captures the state of any referenced instance type from the VirtualMachine", - "nullable": true, - "properties": { - "controllerRevisionRef": { - "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", - "properties": { - "name": { - "description": "Name of the ControllerRevision", - "type": "string" - } - }, - "type": "object" - }, - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", - "type": "string" - }, - "kind": { - "description": "Kind specifies the kind of resource", + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" + }, + "containers": { + "description": "List of containers belonging to the pod.\nContainers cannot currently be added or removed.\nThere must be at least one container in a Pod.\nCannot be updated.", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { "type": "string" }, - "name": { - "description": "Name is the name of resource", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "memoryDumpRequest": { - "description": "MemoryDumpRequest tracks memory dump request phase and info of getting a memory\ndump to the given pvc", - "nullable": true, - "properties": { - "claimName": { - "description": "ClaimName is the name of the pvc that will contain the memory dump", - "type": "string" - }, - "endTimestamp": { - "description": "EndTimestamp represents the time the memory dump was completed", - "format": "date-time", - "type": "string" - }, - "fileName": { - "description": "FileName represents the name of the output file", - "type": "string" - }, - "message": { - "description": "Message is a detailed message about failure of the memory dump", - "type": "string" - }, - "phase": { - "description": "Phase represents the memory dump phase", - "type": "string" - }, - "remove": { - "description": "Remove represents request of dissociating the memory dump pvc", - "type": "boolean" - }, - "startTimestamp": { - "description": "StartTimestamp represents the time the memory dump started", - "format": "date-time", + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { "type": "string" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "claimName", - "phase" - ], - "type": "object" - }, - "observedGeneration": { - "description": "ObservedGeneration is the generation observed by the vmi when started.", - "format": "int64", - "type": "integer" - }, - "preferenceRef": { - "description": "PreferenceRef captures the state of any referenced preference from the VirtualMachine", - "nullable": true, - "properties": { - "controllerRevisionRef": { - "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { - "description": "Name of the ControllerRevision", + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" } }, + "required": [ + "name" + ], "type": "object" }, - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", - "type": "string" - }, - "kind": { - "description": "Kind specifies the kind of resource", - "type": "string" - }, - "name": { - "description": "Name is the name of resource", - "type": "string" - } - }, - "type": "object" - }, - "printableStatus": { - "default": "Stopped", - "description": "PrintableStatus is a human readable, high-level representation of the status of the virtual machine", - "type": "string" - }, - "ready": { - "description": "Ready indicates if the virtual machine is running and ready", - "type": "boolean" - }, - "restoreInProgress": { - "description": "RestoreInProgress is the name of the VirtualMachineRestore currently executing", - "type": "string" - }, - "runStrategy": { - "description": "RunStrategy tracks the last recorded RunStrategy used by the VM.\nThis is needed to correctly process the next strategy (for now only the RerunOnFailure)", - "type": "string" - }, - "snapshotInProgress": { - "description": "SnapshotInProgress is the name of the VirtualMachineSnapshot currently executing", - "type": "string" - }, - "startFailure": { - "description": "StartFailure tracks consecutive VMI startup failures for the purposes of\ncrash loop backoffs", - "nullable": true, - "properties": { - "consecutiveFailCount": { - "type": "integer" - }, - "lastFailedVMIUID": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - }, - "retryAfterTimestamp": { - "format": "date-time", - "type": "string" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "type": "object" - }, - "stateChangeRequests": { - "description": "StateChangeRequests indicates a list of actions that should be taken on a VMI\ne.g. stop a specific VMI then start a new one.", - "items": { - "properties": { - "action": { - "description": "Indicates the type of action that is requested. e.g. Start or Stop", - "type": "string" - }, - "data": { - "additionalProperties": { + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", "type": "string" }, - "description": "Provides additional data in order to perform the Action", - "type": "object" + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } }, - "uid": { - "description": "Indicates the UUID of an existing Virtual Machine Instance that this change request applies to -- if applicable", - "type": "string" - } + "type": "object" }, - "required": [ - "action" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array" - }, - "volumeRequests": { - "description": "VolumeRequests indicates a list of volumes add or remove from the VMI template and\nhotplug on an active running VMI.", - "items": { + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { - "addVolumeOptions": { - "description": "AddVolumeOptions when set indicates a volume should be added. The details\nwithin this field specify how to add the volume", + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { - "disk": { - "description": "Disk represents the hotplug disk that will be plugged into the running VMI", + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "blockSize": { - "description": "If specified, the virtual disk will be presented with the given block sizes.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "required": [ - "logical", - "physical" - ], - "type": "object" + "value": { + "description": "The header field value", + "type": "string" + } }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "cache": { - "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "cdrom": { - "description": "Attach a volume as a cdrom to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to true.", - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" }, - "tray": { - "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + { "type": "string" } - }, - "type": "object" + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "dedicatedIOThread": { - "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", - "type": "boolean" + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" }, - "disk": { - "description": "Attach a volume as a disk to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" }, - "pciAddress": { - "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + { "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, - "type": "object" - }, - "errorPolicy": { - "description": "If specified, it can change the default error policy (stop) for the disk", - "type": "string" - }, - "io": { - "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "lun": { - "description": "Attach a volume as a LUN to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } }, - "reservation": { - "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", - "type": "boolean" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" - }, - "name": { - "description": "Name is the device name", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "serial": { - "description": "Serial provides the ability to specify a serial number for the disk device.", + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "shareable": { - "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "tag": { - "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "name" + "port" ], "type": "object" }, - "dryRun": { - "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", - "items": { - "type": "string" + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "Name represents the name that will be used to map the\ndisk to the corresponding volume. This overrides any name\nset inside the Disk struct itself.", - "type": "string" + "required": [ + "seconds" + ], + "type": "object" }, - "volumeSource": { - "description": "VolumeSource represents the source of the volume to map to the disk.", + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { - "dataVolume": { - "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", - "properties": { - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "name": { - "description": "Name of both the DataVolume and the PVC in the same namespace.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" }, - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" + { + "type": "string" } - }, - "required": [ - "claimName" ], - "type": "object" + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, + "required": [ + "port" + ], "type": "object" } }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, "required": [ - "disk", - "name", - "volumeSource" + "port" ], "type": "object" }, - "removeVolumeOptions": { - "description": "RemoveVolumeOptions when set indicates a volume should be removed. The details\nwithin this field specify how to add the volume", + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "dryRun": { - "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "type": "string" + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "Name represents the name that maps to both the disk and volume that\nshould be removed", + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "required": [ - "name" + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" ], "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "volumeSnapshotStatuses": { - "description": "VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is\nsupported by each volume.", - "items": { - "properties": { - "enabled": { - "description": "True if the volume supports snapshotting", - "type": "boolean" - }, - "name": { - "description": "Volume name", - "type": "string" + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } }, - "reason": { - "description": "Empty if snapshotting is enabled, contains reason otherwise", - "type": "string" - } + "required": [ + "containerPort" + ], + "type": "object" }, - "required": [ - "enabled", - "name" + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" ], - "type": "object" + "x-kubernetes-list-type": "map" }, - "type": "array" - }, - "volumeUpdateState": { - "description": "VolumeUpdateState contains the information about the volumes set\nupdates related to the volumeUpdateStrategy", - "properties": { - "volumeMigrationState": { - "description": "VolumeMigrationState tracks the information related to the volume migration", - "properties": { - "migratedVolumes": { - "description": "MigratedVolumes lists the source and destination volumes during the volume migration", - "items": { - "description": "StorageMigratedVolumeInfo tracks the information about the source and destination volumes during the volume migration", - "properties": { - "destinationPVCInfo": { - "description": "DestinationPVCInfo contains the information about the destination PVC", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Capacity represents the capacity set on the corresponding PVC status", - "type": "object" - }, - "claimName": { - "description": "ClaimName is the name of the PVC", - "type": "string" - }, - "filesystemOverhead": { - "description": "Percentage of filesystem's size to be reserved when resizing the PVC", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "preallocated": { - "description": "Preallocated indicates if the PVC's storage is preallocated or not", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests represents the resources requested by the corresponding PVC spec", - "type": "object" - }, - "volumeMode": { - "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - } + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "type": "object" + "value": { + "description": "The header field value", + "type": "string" + } }, - "sourcePVCInfo": { - "description": "SourcePVCInfo contains the information about the source PVC", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Capacity represents the capacity set on the corresponding PVC status", - "type": "object" - }, - "claimName": { - "description": "ClaimName is the name of the PVC", - "type": "string" - }, - "filesystemOverhead": { - "description": "Percentage of filesystem's size to be reserved when resizing the PVC", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "preallocated": { - "description": "Preallocated indicates if the PVC's storage is preallocated or not", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests represents the resources requested by the corresponding PVC spec", - "type": "object" - }, - "volumeMode": { - "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - } - }, - "type": "object" + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "volumeName": { - "description": "VolumeName is the name of the volume that is being migrated", + { "type": "string" } - }, - "required": [ - "volumeName" ], - "type": "object" + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "virtualMachineSnapshotName": { - "type": "string" - }, - "volumeBackups": { - "items": { - "description": "VolumeBackup contains the data neeed to restore a PVC", - "properties": { - "persistentVolumeClaim": { - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "Spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, - "required": [ - "kind", - "name" - ], "type": "object" }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -311491,3672 +264049,3878 @@ }, "type": "object" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "type": "object" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "volumeName": { - "type": "string" - }, - "volumeSnapshotName": { - "type": "string" - } - }, - "required": [ - "persistentVolumeClaim", - "volumeName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "status": { - "description": "VirtualMachineSnapshotContentStatus is the status for a VirtualMachineSnapshotStatus resource", - "properties": { - "creationTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", - "properties": { - "message": { - "type": "string" - }, - "time": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "readyToUse": { - "type": "boolean" - }, - "volumeSnapshotStatus": { - "items": { - "description": "VolumeSnapshotStatus is the status of a VolumeSnapshot", - "properties": { - "creationTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", - "properties": { - "message": { - "type": "string" - }, - "time": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "readyToUse": { - "type": "boolean" - }, - "volumeSnapshotName": { - "type": "string" - } - }, - "required": [ - "volumeSnapshotName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotContent", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotContentList": { - "description": "VirtualMachineSnapshotContentList is a list of VirtualMachineSnapshotContent", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachinesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineSnapshotContent" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotContentList", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotList": { - "description": "VirtualMachineSnapshotList is a list of VirtualMachineSnapshot", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachinesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineSnapshot" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotList", - "version": "v1alpha1" - } - ] - }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineRestore": { - "description": "VirtualMachineRestore defines the operation of restoring a VM", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineRestoreSpec is the spec for a VirtualMachineRestore resource", - "properties": { - "patches": { - "description": "If the target for the restore does not exist, it will be created. Patches holds JSON patches that would be\napplied to the target manifest before it's created. Patches should fit the target's Kind.\n\nExample for a patch: {\"op\": \"replace\", \"path\": \"/metadata/name\", \"value\": \"new-vm-name\"}", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "target": { - "description": "initially only VirtualMachine type supported", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "targetReadinessPolicy": { - "description": "TargetReadinessPolicy defines how to handle the restore in case\nthe target is not ready", - "type": "string" - }, - "virtualMachineSnapshotName": { - "type": "string" - }, - "volumeRestoreOverrides": { - "description": "VolumeRestoreOverrides gives the option to change properties of each restored volume\nFor example, specifying the name of the restored volume, or adding labels/annotations to it", - "items": { - "description": "VolumeRestoreOverride specifies how a volume should be restored from a VirtualMachineSnapshot", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "restoreName": { - "type": "string" - }, - "volumeName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "volumeRestorePolicy": { - "description": "VolumeRestorePolicy defines how to handle the restore of snapshotted volumes", - "type": "string" - } - }, - "required": [ - "target", - "virtualMachineSnapshotName" - ], - "type": "object" - }, - "status": { - "description": "VirtualMachineRestoreStatus is the status for a VirtualMachineRestore resource", - "properties": { - "complete": { - "type": "boolean" - }, - "conditions": { - "items": { - "description": "Condition defines conditions", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the const type for Conditions", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "deletedDataVolumes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "restoreTime": { - "format": "date-time", - "type": "string" - }, - "restores": { - "items": { - "description": "VolumeRestore contains the data needed to restore a PVC", - "properties": { - "dataVolumeName": { - "type": "string" - }, - "persistentVolumeClaim": { - "type": "string" - }, - "volumeName": { - "type": "string" - }, - "volumeSnapshotName": { - "type": "string" - } - }, - "required": [ - "persistentVolumeClaim", - "volumeName", - "volumeSnapshotName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineRestore", - "version": "v1beta1" - } - ] - }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineRestoreList": { - "description": "VirtualMachineRestoreList is a list of VirtualMachineRestore", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of virtualmachinerestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineRestore" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineRestoreList", - "version": "v1beta1" - } - ] - }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshot": { - "description": "VirtualMachineSnapshot defines the operation of snapshotting a VM", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineSnapshotSpec is the spec for a VirtualMachineSnapshot resource", - "properties": { - "deletionPolicy": { - "description": "DeletionPolicy defines that to do with VirtualMachineSnapshot\nwhen VirtualMachineSnapshot is deleted", - "type": "string" - }, - "failureDeadline": { - "description": "This time represents the number of seconds we permit the vm snapshot\nto take. In case we pass this deadline we mark this snapshot\nas failed.\nDefaults to DefaultFailureDeadline - 5min", - "type": "string" - }, - "source": { - "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "source" - ], - "type": "object" - }, - "status": { - "description": "VirtualMachineSnapshotStatus is the status for a VirtualMachineSnapshot resource", - "properties": { - "conditions": { - "items": { - "description": "Condition defines conditions", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the const type for Conditions", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "creationTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", - "properties": { - "message": { - "type": "string" - }, - "time": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "indications": { - "items": { - "description": "Indication is a way to indicate the state of the vm when taking the snapshot", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "phase": { - "description": "VirtualMachineSnapshotPhase is the current phase of the VirtualMachineSnapshot", - "type": "string" - }, - "readyToUse": { - "type": "boolean" - }, - "snapshotVolumes": { - "description": "SnapshotVolumesLists includes the list of volumes which were included in the snapshot and volumes which were excluded from the snapshot", - "properties": { - "excludedVolumes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - }, - "includedVolumes": { - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "type": "object" - }, - "sourceUID": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", - "type": "string" - }, - "virtualMachineSnapshotContentName": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshot", - "version": "v1beta1" - } - ] - }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotContent": { - "description": "VirtualMachineSnapshotContent contains the snapshot data", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "VirtualMachineSnapshotContentSpec is the spec for a VirtualMachineSnapshotContent resource", - "properties": { - "source": { - "description": "SourceSpec contains the appropriate spec for the resource being snapshotted", - "properties": { - "virtualMachine": { - "properties": { - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "VirtualMachineSpec contains the VirtualMachine specification.", - "properties": { - "dataVolumeTemplates": { - "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", - "items": { - "nullable": true, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" }, - "spec": { - "description": "DataVolumeSpec contains the DataVolume specification.", + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "value": { + "description": "The header field value", "type": "string" } }, "required": [ - "current", - "previous" + "name", + "value" ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "port": { + "anyOf": [ + { + "type": "integer" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is this DNS resolver option's name.\nRequired.", + "type": "string" + }, + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "string" + }, + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's\nenvironment variables, matching the syntax of Docker links.\nOptional: Defaults to true.", + "type": "boolean" + }, + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", + "items": { + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" + "divisor": { + "anyOf": [ + { + "type": "integer" }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { + { "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" - }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" - }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } - }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "object" + "resource": { + "description": "Required: resource to select", + "type": "string" + } }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" - }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } - }, - "type": "object" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "type": "object" + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "kind", - "name" - ], - "type": "object" + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } }, - "storage": { - "description": "Storage is the requested storage specification", + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, + "required": [ + "port" + ], "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", - "nullable": true, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "type": "array" - }, - "instancetype": { - "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", - "type": "string" - }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } - }, - "type": "object" - }, - "preference": { - "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", - "properties": { - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", - "type": "string" - }, - "kind": { - "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", - "type": "string" - }, - "name": { - "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", - "type": "string" - }, - "revisionName": { - "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", - "type": "string" - } - }, - "type": "object" - }, - "runStrategy": { - "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running", - "type": "string" - }, - "running": { - "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", - "type": "boolean" - }, - "template": { - "description": "Template is the direct specification of VirtualMachineInstance", - "properties": { - "metadata": { - "nullable": true, - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - }, - "spec": { - "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", - "properties": { - "accessCredentials": { - "description": "Specifies a set of public keys to inject into the vm guest", - "items": { - "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { - "sshPublicKey": { - "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", - "properties": { - "propagationMethod": { - "description": "PropagationMethod represents how the public key is injected into the vm guest.", - "properties": { - "configDrive": { - "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", - "type": "object" - }, - "noCloud": { - "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", - "type": "object" - }, - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "properties": { - "users": { - "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "set" - } - }, - "required": [ - "users" - ], - "type": "object" - } - }, - "type": "object" - }, - "source": { - "description": "Source represents where the public keys are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "propagationMethod", - "source" - ], - "type": "object" + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" }, - "userPassword": { - "description": "UserPassword represents the source and method for applying a guest user's\npassword", - "properties": { - "propagationMethod": { - "description": "propagationMethod represents how the user passwords are injected into the vm guest.", - "properties": { - "qemuGuestAgent": { - "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", - "type": "object" - } - }, - "type": "object" + "port": { + "anyOf": [ + { + "type": "integer" }, - "source": { - "description": "Source represents where the user passwords are pulled from", - "properties": { - "secret": { - "description": "Secret means that the access credential is pulled from a kubernetes secret", - "properties": { - "secretName": { - "description": "SecretName represents the name of the secret in the VMI's namespace", - "type": "string" - } - }, - "required": [ - "secretName" - ], - "type": "object" - } - }, - "type": "object" + { + "type": "string" } - }, - "required": [ - "propagationMethod", - "source" ], - "type": "object" + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, + "required": [ + "port" + ], "type": "object" - }, - "maxItems": 256, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "affinity": { - "description": "If affinity is specifies, obey all the affinity rules", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "required": [ - "topologyKey" - ], - "type": "object" + "value": { + "description": "The header field value", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "architecture": { - "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL.\nThis name must be unique among all containers, init containers and ephemeral containers.", + "type": "string" + }, + "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", - "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, - "options": { - "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", - "items": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name.\nRequired.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "type": "object" + "value": { + "description": "The header field value", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "name", + "value" + ], + "type": "object" }, - "searches": { - "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", - "items": { + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, - "dnsPolicy": { - "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each\ncontainer within a pod.\nThis may only be set for init containers. You cannot set this field on\nephemeral containers.", + "type": "string" + }, + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined.", + "type": "string" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts\nfile if specified.", + "items": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + }, + "hostIPC": { + "description": "Use the host's ipc namespace.\nOptional: Default to false.", + "type": "boolean" + }, + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.\nDefault to false.", + "type": "boolean" + }, + "hostPID": { + "description": "Use the host's pid namespace.\nOptional: Default to false.", + "type": "boolean" + }, + "hostUsers": { + "description": "Use the host's user namespace.\nOptional: Default to true.\nIf set to true or not present, the pod will be run in the host user namespace, useful\nfor when the pod needs a feature only available to the host user namespace, such as\nloading a kernel module with CAP_SYS_MODULE.\nWhen set to false, a new userns is created for the pod. Setting false is useful for\nmitigating container breakout vulnerabilities even allowing users to run their\ncontainers as root without actually having root privileges on the host.\nThis field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod\nIf not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "initContainers": { + "description": "List of initialization containers belonging to the pod.\nInit containers are executed in order prior to containers being started. If any\ninit container fails, the pod is considered to have failed and is handled according\nto its restartPolicy. The name for an init container or normal container must be\nunique among all containers.\nInit containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.\nThe resourceRequirements of an init container are taken into account during scheduling\nby finding the highest request/limit for each resource type, and then using the max of\nthat value or the sum of the normal containers. Limits are applied to init containers\nin a similar fashion.\nInit containers cannot currently be added or removed.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, - "domain": { - "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { - "chassis": { - "description": "Chassis specifies the chassis info passed to the domain.", + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "properties": { - "asset": { - "type": "string" - }, - "manufacturer": { - "type": "string" - }, - "serial": { + "key": { + "description": "The key to select.", "type": "string" }, - "sku": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "version": { - "type": "string" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "clock": { - "description": "Clock sets the clock and timers of the vmi.", + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { - "timer": { - "description": "Timer specifies whih timers are attached to the vmi.", - "properties": { - "hpet": { - "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "pit": { - "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", - "type": "string" - } - }, - "type": "object" - }, - "rtc": { - "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", - "properties": { - "present": { - "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", - "type": "boolean" - }, - "tickPolicy": { - "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", - "type": "string" - }, - "track": { - "description": "Track the guest or the wall clock.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "timezone": { - "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, - "utc": { - "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", - "properties": { - "offsetSeconds": { - "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", - "type": "integer" - } - }, - "type": "object" + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" } }, + "required": [ + "fieldPath" + ], "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-map-type": "atomic" }, - "cpu": { - "description": "CPU allow specified the detailed CPU topology inside the vmi.", + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { - "cores": { - "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "dedicatedCpuPlacement": { - "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", - "type": "boolean" - }, - "features": { - "description": "Features specifies the CPU features list inside the VMI.", - "items": { - "description": "CPUFeature allows specifying a CPU feature.", - "properties": { - "name": { - "description": "Name of the CPU feature", - "type": "string" - }, - "policy": { - "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - }, - "isolateEmulatorThread": { - "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", - "type": "boolean" - }, - "maxSockets": { - "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", - "format": "int32", - "type": "integer" - }, - "model": { - "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", + "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, - "numa": { - "description": "NUMA allows specifying settings for the guest NUMA topology", - "properties": { - "guestMappingPassthrough": { - "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", - "type": "object" - } - }, - "type": "object" - }, - "realtime": { - "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", - "properties": { - "mask": { - "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", - "type": "string" - } - }, - "type": "object" - }, - "sockets": { - "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - }, - "threads": { - "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "devices": { - "description": "Devices allows adding disks, network interfaces, and others", - "properties": { - "autoattachGraphicsDevice": { - "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachInputDevice": { - "description": "Whether to attach an Input Device.\nDefaults to false.", - "type": "boolean" - }, - "autoattachMemBalloon": { - "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", - "type": "boolean" - }, - "autoattachPodInterface": { - "description": "Whether to attach a pod network interface. Defaults to true.", - "type": "boolean" - }, - "autoattachSerialConsole": { - "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", - "type": "boolean" - }, - "autoattachVSOCK": { - "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", - "type": "boolean" - }, - "blockMultiQueue": { - "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", - "type": "boolean" - }, - "clientPassthrough": { - "description": "To configure and access client devices such as redirecting USB", - "type": "object" - }, - "disableHotplug": { - "description": "DisableHotplug disabled the ability to hotplug disks.", - "type": "boolean" - }, - "disks": { - "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", - "items": { - "properties": { - "blockSize": { - "description": "If specified, the virtual disk will be presented with the given block sizes.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", - "type": "integer" - }, - "cache": { - "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", - "type": "string" - }, - "cdrom": { - "description": "Attach a volume as a cdrom to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to true.", - "type": "boolean" - }, - "tray": { - "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", - "type": "string" - } - }, - "type": "object" - }, - "dedicatedIOThread": { - "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", - "type": "boolean" - }, - "disk": { - "description": "Attach a volume as a disk to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", - "type": "string" - }, - "pciAddress": { - "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "errorPolicy": { - "description": "If specified, it can change the default error policy (stop) for the disk", - "type": "string" - }, - "io": { - "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", - "type": "string" - }, - "lun": { - "description": "Attach a volume as a LUN to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - }, - "reservation": { - "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", - "type": "boolean" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "serial": { - "description": "Serial provides the ability to specify a serial number for the disk device.", - "type": "string" - }, - "shareable": { - "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", - "type": "boolean" - }, - "tag": { - "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "downwardMetrics": { - "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", - "type": "object" - }, - "filesystems": { - "description": "Filesystems describes filesystem which is connected to the vmi.", - "items": { - "properties": { - "name": { - "description": "Name is the device name", - "type": "string" - }, - "virtiofs": { - "description": "Virtiofs is supported", - "type": "object" - } - }, - "required": [ - "name", - "virtiofs" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "gpus": { - "description": "Whether to attach a GPU device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "description": "Name of the GPU device as exposed by a device plugin", - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - }, - "virtualGPUOptions": { - "properties": { - "display": { - "properties": { - "enabled": { - "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "ramFB": { - "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "hostDevices": { - "description": "Whether to attach a host device to the vmi.", - "items": { - "properties": { - "claimName": { - "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", - "type": "string" - }, - "deviceName": { - "description": "DeviceName is the name of the device provisioned by device-plugins", - "type": "string" - }, - "name": { - "type": "string" - }, - "requestName": { - "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "inputs": { - "description": "Inputs describe input devices", - "items": { - "properties": { - "bus": { - "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", - "type": "string" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "type": { - "description": "Type indicated the type of input device.\nSupported values: tablet.", - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "interfaces": { - "description": "Interfaces describe network interfaces which are added to the vmi.", - "items": { - "properties": { - "acpiIndex": { - "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", - "type": "integer" - }, - "binding": { - "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", - "properties": { - "name": { - "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", - "type": "integer" - }, - "bridge": { - "description": "InterfaceBridge connects to a given network via a linux bridge.", - "type": "object" - }, - "dhcpOptions": { - "description": "If specified the network interface will pass additional DHCP options to the VMI", - "properties": { - "bootFileName": { - "description": "If specified will pass option 67 to interface's DHCP server", - "type": "string" - }, - "ntpServers": { - "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", - "items": { - "type": "string" - }, - "type": "array" - }, - "privateOptions": { - "description": "If specified will pass extra DHCP options for private use, range: 224-254", - "items": { - "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", - "properties": { - "option": { - "description": "Option is an Integer value from 224-254\nRequired.", - "type": "integer" - }, - "value": { - "description": "Value is a String value for the Option provided\nRequired.", - "type": "string" - } - }, - "required": [ - "option", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "tftpServerName": { - "description": "If specified will pass option 66 to interface's DHCP server", - "type": "string" - } - }, - "type": "object" - }, - "macAddress": { - "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", - "type": "string" - }, - "macvtap": { - "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "masquerade": { - "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", - "type": "object" - }, - "model": { - "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", - "type": "string" - }, - "name": { - "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", - "type": "string" - }, - "passt": { - "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", - "type": "object" - }, - "pciAddress": { - "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "ports": { - "description": "List of ports to be forwarded to the virtual machine.", - "items": { - "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", - "properties": { - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", - "type": "string" - }, - "port": { - "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", - "format": "int32", - "type": "integer" - }, - "protocol": { - "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "type": "array" - }, - "slirp": { - "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", - "type": "object" - }, - "sriov": { - "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", - "type": "object" - }, - "state": { - "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", - "type": "string" - }, - "tag": { - "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "logSerialConsole": { - "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", - "type": "boolean" - }, - "networkInterfaceMultiqueue": { - "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", - "type": "boolean" - }, - "panicDevices": { - "description": "PanicDevices provides additional crash information when a guest crashes.", - "items": { - "properties": { - "model": { - "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "rng": { - "description": "Whether to have random number generator from host", - "type": "object" - }, - "sound": { - "description": "Whether to emulate a sound device.", - "properties": { - "model": { - "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", - "type": "string" + "divisor": { + "anyOf": [ + { + "type": "integer" }, - "name": { - "description": "User's defined name for this sound device", + { "type": "string" } - }, - "required": [ - "name" ], - "type": "object" - }, - "tpm": { - "description": "Whether to emulate a TPM device.", - "properties": { - "enabled": { - "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", - "type": "boolean" - }, - "persistent": { - "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" - }, - "useVirtioTransitional": { - "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", - "type": "boolean" - }, - "video": { - "description": "Video describes the video device configuration for the vmi.", - "properties": { - "type": { - "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", - "type": "string" - } - }, - "type": "object" + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "watchdog": { - "description": "Watchdog describes a watchdog device which can be added to the vmi.", - "properties": { - "diag288": { - "description": "diag288 watchdog device (specific to s390x architecture).", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } - }, - "type": "object" - }, - "i6300esb": { - "description": "i6300esb watchdog device.", - "properties": { - "action": { - "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the watchdog.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" + "resource": { + "description": "Required: resource to select", + "type": "string" } }, - "type": "object" + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "features": { - "description": "Features like acpi, apic, hyperv, smm.", - "properties": { - "acpi": { - "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "apic": { - "description": "Defaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "endOfInterrupt": { - "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "hyperv": { - "description": "Defaults to the machine type setting.", - "properties": { - "evmcs": { - "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "frequencies": { - "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "ipi": { - "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reenlightenment": { - "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "relaxed": { - "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "reset": { - "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "runtime": { - "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "spinlocks": { - "description": "Spinlocks allows to configure the spinlock retry attempts.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "spinlocks": { - "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "synic": { - "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "synictimer": { - "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", - "properties": { - "direct": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "tlbflush": { - "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vapic": { - "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - }, - "vendorid": { - "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - }, - "vendorid": { - "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", - "type": "string" - } - }, - "type": "object" - }, - "vpindex": { - "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "hypervPassthrough": { - "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, - "kvm": { - "description": "Configure how KVM presence is exposed to the guest.", - "properties": { - "hidden": { - "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", - "type": "boolean" - } - }, - "type": "object" + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" }, - "pvspinlock": { - "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "smm": { - "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "firmware": { - "description": "Firmware.", - "properties": { - "acpi": { - "description": "Information that can be set in the ACPI table", + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "msdmNameRef": { - "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "slicNameRef": { - "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", + "value": { + "description": "The header field value", "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "bootloader": { - "description": "Settings to control the bootloader that is used.", - "properties": { - "bios": { - "description": "If set (default), BIOS will be used.", - "properties": { - "useSerial": { - "description": "If set, the BIOS output will be transmitted over serial", - "type": "boolean" - } - }, - "type": "object" - }, - "efi": { - "description": "If set, EFI will be used instead of BIOS.", - "properties": { - "persistent": { - "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", - "type": "boolean" - }, - "secureBoot": { - "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", - "type": "boolean" - } - }, - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object" + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" }, - "kernelBoot": { - "description": "Settings to set the kernel for booting.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "container": { - "description": "Container defines the container that containes kernel artifacts", - "properties": { - "image": { - "description": "Image that contains initrd / kernel files.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "initrdPath": { - "description": "the fully-qualified path to the ramdisk image in the host OS", - "type": "string" - }, - "kernelPath": { - "description": "The fully-qualified path to the kernel image in the host OS", - "type": "string" - } - }, - "required": [ - "image" - ], - "type": "object" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" }, - "kernelArgs": { - "description": "Arguments to be passed to the kernel at boot time", + "value": { + "description": "The header field value", "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "serial": { - "description": "The system-serial-number in SMBIOS", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, - "uuid": { - "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", + "value": { + "description": "The header field value", "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "ioThreads": { - "description": "IOThreads specifies the IOThreads options.", - "properties": { - "supplementalPoolThreadCount": { - "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object" - }, - "ioThreadsPolicy": { - "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "launchSecurity": { - "description": "Launch Security setting of the vmi.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "sev": { - "description": "AMD Secure Encrypted Virtualization (SEV).", - "properties": { - "attestation": { - "description": "If specified, run the attestation process for a vmi.", - "type": "object" - }, - "dhCert": { - "description": "Base64 encoded guest owner's Diffie-Hellman key.", - "type": "string" - }, - "policy": { - "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", - "properties": { - "encryptedState": { - "description": "SEV-ES is required.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "session": { - "description": "Base64 encoded session blob.", - "type": "string" - } - }, - "type": "object" + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "machine": { - "description": "Machine type.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "type": { - "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "memory": { - "description": "Memory allow specifying the VMI memory features.", - "properties": { - "guest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "hugepages": { - "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", - "properties": { - "pageSize": { - "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", - "type": "string" - } - }, - "type": "object" - }, - "maxGuest": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "object" + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "os": { + "description": "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup", + "properties": { + "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "overhead": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.\nThis field will be autopopulated at admission time by the RuntimeClass admission controller. If\nthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.\nThe RuntimeClass admission controller will reject Pod create requests which have the overhead already\nset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value\ndefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object" + }, + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority.\nOne of Never, PreemptLowerPriority.\nDefaults to PreemptLowerPriority if unset.", + "type": "string" + }, + "priority": { + "description": "The priority value. Various system components use this field to find the\npriority of the pod. When Priority Admission Controller is enabled, it\nprevents users from setting this field. The admission controller populates\nthis field from PriorityClassName.\nThe higher the value, the higher the priority.", + "format": "int32", + "type": "integer" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", + "type": "string" + }, + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness.\nA pod is ready when all its containers are ready AND\nall conditions specified in the readiness gates have status equal to \"True\"\nMore info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "items": { + "description": "PodReadinessGate contains the reference to a pod condition", + "properties": { + "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "type": "string" + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "items": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "resources": { + "description": "Resources is the total amount of CPU and Memory resources required by all\ncontainers in the pod. It supports specifying Requests and Limits for\n\"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the\nentire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature\ngate.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "Restart policy for all containers within the pod.\nOne of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.\nDefault to Always.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", + "type": "string" + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "type": "string" + }, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler.", + "type": "string" + }, + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "items": { + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "properties": { + "name": { + "description": "Name of the scheduling gate.\nEach scheduling gate must have a unique name field.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", + "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "items": { + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.\nDeprecated: Use serviceAccountName instead.", + "type": "string" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + }, + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).\nIn Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).\nIn Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN.\nIf a pod does not have FQDN, this has no effect.\nDefault to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod.\nWhen this is set containers will be able to view and signal processes from other containers\nin the same pod, and the first process in each container will not be assigned PID 1.\nHostPID and ShareProcessNamespace cannot both be set.\nOptional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\".\nIf not specified, the pod will not have a domainname at all.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nIf this value is nil, the default grace period will be used instead.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nDefaults to 30 seconds.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology\ndomains. Scheduler will schedule pods in a way which abides by the constraints.\nAll topologySpreadConstraints are ANDed.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "resources": { - "description": "Resources describes the Compute Resources required by this vmi.", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - }, - "overcommitGuestOverhead": { - "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", - "type": "object" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "devices" + "key", + "operator" ], "type": "object" }, - "evictionStrategy": { - "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", + "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { "type": "string" }, - "hostname": { - "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "properties": { + "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { "type": "string" }, - "livenessProbe": { - "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ - "port" + "fieldPath" ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, - "port": { + "divisor": { "anyOf": [ { "type": "integer" @@ -315165,297 +267929,166 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" } }, "required": [ - "port" + "resource" ], - "type": "object" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, + "required": [ + "path" + ], "type": "object" }, - "networks": { - "description": "List of networks that can be attached to a vm's virtual interface.", - "items": { - "description": "Network represents a network type and a resource that should be connected to the vm.", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", + "properties": { + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", + "type": "object" + }, + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { - "multus": { - "description": "Represents the multus cni network.", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { - "default": { - "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", - "type": "boolean" + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - "networkName": { - "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, "required": [ - "networkName" + "kind", + "name" ], - "type": "object" - }, - "name": { - "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "pod": { - "description": "Represents the stock pod network interface.", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { - "vmIPv6NetworkCIDR": { - "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "vmNetworkCIDR": { - "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, + "required": [ + "kind", + "name" + ], "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "maxItems": 256, - "type": "array" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", - "type": "string" - }, - "readinessProbe": { - "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "properties": { - "exec": { - "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", - "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } }, - "type": "object" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "guestAgentPing": { - "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", - "type": "object" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", - "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", - "items": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", - "properties": { - "name": { - "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "required": [ - "name", - "value" - ], + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - { - "type": "string" - } - ], - "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - }, - "scheme": { - "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", - "type": "string" - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", - "format": "int32", - "type": "integer" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", - "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "resourceClaims": { - "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", - "items": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", - "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", - "type": "string" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "schedulerName": { - "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", - "type": "string" - }, - "startStrategy": { - "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", - "type": "string" - }, - "subdomain": { - "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", - "type": "string" - }, - "terminationGracePeriodSeconds": { - "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", - "format": "int64", - "type": "integer" - }, - "tolerations": { - "description": "If toleration is specified, obey all the toleration rules.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "type": "object" }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", - "items": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "selector": { + "description": "selector is a label query over volumes to consider for binding.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -315499,1436 +268132,3881 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", - "format": "int32", - "type": "integer" - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", - "format": "int32", - "type": "integer" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + } }, - "volumes": { - "description": "List of volumes that can be mounted by disks belonging to the vmi.", - "items": { - "description": "Volume represents a named volume in a vmi.", - "properties": { - "cloudInitConfigDrive": { - "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", - "properties": { - "networkData": { - "description": "NetworkData contains config drive inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains config drive inline cloud-init userdata.", - "type": "string" - }, - "userDataBase64": { - "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", - "type": "string" - } - }, - "type": "object" - }, - "cloudInitNoCloud": { - "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", - "properties": { - "networkData": { - "description": "NetworkData contains NoCloud inline cloud-init networkdata.", - "type": "string" - }, - "networkDataBase64": { - "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", - "type": "string" - }, - "networkDataSecretRef": { - "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", + "type": "string" + }, + "repository": { + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", + "properties": { + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "properties": { + "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", + "type": "string" + }, + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "properties": { + "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", + "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secretRef": { - "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "matchLabels": { + "additionalProperties": { "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "userData": { - "description": "UserData contains NoCloud inline cloud-init userdata.", - "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "userDataBase64": { - "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - }, - "configMap": { - "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "optional": { - "description": "Specify whether the ConfigMap or it's keys must be defined", - "type": "boolean" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "containerDisk": { - "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", - "properties": { - "image": { - "description": "Image is the name of the image with the embedded disk.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", - "type": "string" - }, - "imagePullSecret": { - "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", - "type": "string" - }, - "path": { - "description": "Path defines the path to disk file in the container", - "type": "string" - } + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" }, - "required": [ - "image" - ], - "type": "object" - }, - "dataVolume": { - "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", - "properties": { - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "name": { - "description": "Name of both the DataVolume and the PVC in the same namespace.", - "type": "string" - } + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } }, - "downwardAPI": { - "description": "DownwardAPI represents downward API about the pod that should populate this volume", - "properties": { - "fields": { - "description": "Fields is a list of downward API volume file", - "items": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", - "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", - "type": "string" - }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string" - } - }, - "required": [ - "fieldPath" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", - "format": "int32", - "type": "integer" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", - "type": "string" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" - }, - "divisor": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "resource": { - "description": "Required: resource to select", - "type": "string" - } - }, - "required": [ - "resource" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "description": "configMap information about the configMap data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } - }, - "type": "object" - }, - "downwardMetrics": { - "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", - "type": "object" - }, - "emptyDisk": { - "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", - "properties": { - "capacity": { - "anyOf": [ - { + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", "type": "integer" }, - { + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } + }, + "required": [ + "key", + "path" ], - "description": "Capacity of the sparse disk.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - } + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "capacity" - ], - "type": "object" + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } }, - "ephemeral": { - "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", - "properties": { - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ - "claimName" + "path" ], "type": "object" - } - }, - "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "hostDisk": { - "description": "HostDisk represents a disk created on the cluster level", - "properties": { - "capacity": { - "anyOf": [ - { + "type": "object" + }, + "secret": { + "description": "secret information about the secret data to project", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", "type": "integer" }, - { + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } + }, + "required": [ + "key", + "path" ], - "description": "Capacity of the sparse disk", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "path": { - "description": "The path to HostDisk image located on the cluster", - "type": "string" - }, - "shared": { - "description": "Shared indicate whether the path is shared between nodes", - "type": "boolean" - }, - "type": { - "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", - "type": "string" - } - }, - "required": [ - "path", - "type" - ], - "type": "object" - }, - "memoryDump": { - "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" + "type": "object" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "claimName" - ], - "type": "object" - }, - "name": { - "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "required": [ - "claimName" - ], - "type": "object" + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "secret": { - "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", - "properties": { - "optional": { - "description": "Specify whether the Secret or it's keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" - }, - "volumeLabel": { - "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", - "type": "string" - } + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", + "type": "string" }, - "type": "object" - }, - "serviceAccount": { - "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "properties": { - "serviceAccountName": { - "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - } + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", + "format": "int64", + "type": "integer" }, - "type": "object" + "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", + "type": "string" + } }, - "sysprep": { - "description": "Represents a Sysprep volume source.", - "properties": { - "configMap": { - "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "secret": { - "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", - "properties": { - "name": { - "default": "", - "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - } + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "properties": { + "group": { + "description": "group to map volume access to\nDefault is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", + "type": "string" + }, + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", + "items": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "description": "key is the key to project.", + "type": "string" }, - "required": [ - "name" - ], - "type": "object" + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", + "type": "string" + } }, - "maxItems": 256, - "type": "array" - } + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "domain" - ], - "type": "object" - } + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "containers" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": { + "default": "rw", + "description": "Type of service to forward traffic to. Default: `rw`.", + "enum": [ + "rw", + "ro", + "r" + ], + "type": "string" + } + }, + "required": [ + "cluster", + "pgbouncer" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the Pooler. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "instances": { + "description": "The number of pods trying to be scheduled", + "format": "int32", + "type": "integer" + }, + "secrets": { + "description": "The resource version of the config object", + "properties": { + "clientCA": { + "description": "The client CA secret version", + "properties": { + "name": { + "description": "The name of the secret", + "type": "string" + }, + "version": { + "description": "The ResourceVersion of the secret", + "type": "string" + } + }, + "type": "object" + }, + "pgBouncerSecrets": { + "description": "The version of the secrets used by PgBouncer", + "properties": { + "authQuery": { + "description": "The auth query secret version", + "properties": { + "name": { + "description": "The name of the secret", + "type": "string" + }, + "version": { + "description": "The ResourceVersion of the secret", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serverCA": { + "description": "The server CA secret version", + "properties": { + "name": { + "description": "The name of the secret", + "type": "string" + }, + "version": { + "description": "The ResourceVersion of the secret", + "type": "string" + } + }, + "type": "object" + }, + "serverTLS": { + "description": "The server TLS secret version", + "properties": { + "name": { + "description": "The name of the secret", + "type": "string" + }, + "version": { + "description": "The ResourceVersion of the secret", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "Pooler", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/PoolerList": { + "description": "PoolerList is a list of Pooler", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of poolers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Pooler" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "PoolerList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/Publication": { + "description": "Publication is the Schema for the publications API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "PublicationSpec defines the desired state of Publication", + "properties": { + "cluster": { + "description": "The name of the PostgreSQL cluster that identifies the \"publisher\"", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dbname": { + "description": "The name of the database where the publication will be installed in\nthe \"publisher\" cluster", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "dbname is immutable", + "rule": "self == oldSelf" + } + ] + }, + "name": { + "description": "The name of the publication inside PostgreSQL", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "name is immutable", + "rule": "self == oldSelf" + } + ] + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Publication parameters part of the `WITH` clause as expected by\nPostgreSQL `CREATE PUBLICATION` command", + "type": "object" + }, + "publicationReclaimPolicy": { + "default": "retain", + "description": "The policy for end-of-life maintenance of this publication", + "enum": [ + "delete", + "retain" + ], + "type": "string" + }, + "target": { + "description": "Target of the publication as expected by PostgreSQL `CREATE PUBLICATION` command", + "properties": { + "allTables": { + "description": "Marks the publication as one that replicates changes for all tables\nin the database, including tables created in the future.\nCorresponding to `FOR ALL TABLES` in PostgreSQL.", + "type": "boolean", + "x-kubernetes-validations": [ + { + "message": "allTables is immutable", + "rule": "self == oldSelf" + } + ] + }, + "objects": { + "description": "Just the following schema objects", + "items": { + "description": "PublicationTargetObject is an object to publish", + "properties": { + "table": { + "description": "Specifies a list of tables to add to the publication. Corresponding\nto `FOR TABLE` in PostgreSQL.", + "properties": { + "columns": { + "description": "The columns to publish", + "items": { + "type": "string" + }, + "type": "array" }, - "type": "object" + "name": { + "description": "The table name", + "type": "string" + }, + "only": { + "description": "Whether to limit to the table only or include all its descendants", + "type": "boolean" + }, + "schema": { + "description": "The schema name", + "type": "string" + } }, - "updateVolumesStrategy": { - "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", - "type": "string" - } + "required": [ + "name" + ], + "type": "object" }, - "required": [ - "template" - ], - "type": "object" + "tablesInSchema": { + "description": "Marks the publication as one that replicates changes for all tables\nin the specified list of schemas, including tables created in the\nfuture. Corresponding to `FOR TABLES IN SCHEMA` in PostgreSQL.", + "type": "string" + } }, - "status": { - "description": "Status holds the current state of the controller and brief information\nabout its associated VirtualMachineInstance", - "properties": { - "conditions": { - "description": "Hold the state information of the VirtualMachine and its VirtualMachineInstance", - "items": { - "description": "VirtualMachineCondition represents the state of VirtualMachine", - "properties": { - "lastProbeTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "tablesInSchema and table are mutually exclusive", + "rule": "(has(self.tablesInSchema) && !has(self.table)) || (!has(self.tablesInSchema) && has(self.table))" + } + ] + }, + "maxItems": 100000, + "type": "array", + "x-kubernetes-validations": [ + { + "message": "specifying a column list when the publication also publishes tablesInSchema is not supported", + "rule": "!(self.exists(o, has(o.table) && has(o.table.columns)) && self.exists(o, has(o.tablesInSchema)))" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "allTables and objects are mutually exclusive", + "rule": "(has(self.allTables) && !has(self.objects)) || (!has(self.allTables) && has(self.objects))" + } + ] + } + }, + "required": [ + "cluster", + "dbname", + "name", + "target" + ], + "type": "object" + }, + "status": { + "description": "PublicationStatus defines the observed state of Publication", + "properties": { + "applied": { + "description": "Applied is true if the publication was reconciled correctly", + "type": "boolean" + }, + "message": { + "description": "Message is the reconciliation output message", + "type": "string" + }, + "observedGeneration": { + "description": "A sequence number representing the latest\ndesired state that was synchronized", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "Publication", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/PublicationList": { + "description": "PublicationList is a list of Publication", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of publications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Publication" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "PublicationList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ScheduledBackup": { + "description": "ScheduledBackup is the Schema for the scheduledbackups API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Specification of the desired behavior of the ScheduledBackup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "backupOwnerReference": { + "default": "none", + "description": "Indicates which ownerReference should be put inside the created backup resources.
\n- none: no owner reference for created backup objects (same behavior as before the field was introduced)
\n- self: sets the Scheduled backup object as owner of the backup
\n- cluster: set the cluster as owner of the backup
", + "enum": [ + "none", + "self", + "cluster" + ], + "type": "string" + }, + "cluster": { + "description": "The cluster to backup", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "immediate": { + "description": "If the first backup has to be immediately start after creation or not", + "type": "boolean" + }, + "method": { + "default": "barmanObjectStore", + "description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.", + "enum": [ + "barmanObjectStore", + "volumeSnapshot", + "plugin" + ], + "type": "string" + }, + "online": { + "description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'", + "type": "boolean" + }, + "onlineConfiguration": { + "description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza", + "properties": { + "immediateCheckpoint": { + "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", + "type": "boolean" + }, + "waitForArchive": { + "default": true, + "description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.", + "type": "boolean" + } + }, + "type": "object" + }, + "pluginConfiguration": { + "description": "Configuration parameters passed to the plugin managing this backup", + "properties": { + "name": { + "description": "Name is the name of the plugin managing this backup", + "type": "string" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup", + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "schedule": { + "description": "The schedule does not follow the same format used in Kubernetes CronJobs\nas it includes an additional seconds specifier,\nsee https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format", + "type": "string" + }, + "suspend": { + "description": "If this backup is suspended or not", + "type": "boolean" + }, + "target": { + "description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.", + "enum": [ + "primary", + "prefer-standby" + ], + "type": "string" + } + }, + "required": [ + "cluster", + "schedule" + ], + "type": "object" + }, + "status": { + "description": "Most recently observed status of the ScheduledBackup. This data may not be up\nto date. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "properties": { + "lastCheckTime": { + "description": "The latest time the schedule", + "format": "date-time", + "type": "string" + }, + "lastScheduleTime": { + "description": "Information when was the last time that backup was successfully scheduled.", + "format": "date-time", + "type": "string" + }, + "nextScheduleTime": { + "description": "Next time we will run a backup", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ScheduledBackup", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/ScheduledBackupList": { + "description": "ScheduledBackupList is a list of ScheduledBackup", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of scheduledbackups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.ScheduledBackup" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "ScheduledBackupList", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/Subscription": { + "description": "Subscription is the Schema for the subscriptions API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "SubscriptionSpec defines the desired state of Subscription", + "properties": { + "cluster": { + "description": "The name of the PostgreSQL cluster that identifies the \"subscriber\"", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dbname": { + "description": "The name of the database where the publication will be installed in\nthe \"subscriber\" cluster", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "dbname is immutable", + "rule": "self == oldSelf" + } + ] + }, + "externalClusterName": { + "description": "The name of the external cluster with the publication (\"publisher\")", + "type": "string" + }, + "name": { + "description": "The name of the subscription inside PostgreSQL", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "name is immutable", + "rule": "self == oldSelf" + } + ] + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Subscription parameters included in the `WITH` clause of the PostgreSQL\n`CREATE SUBSCRIPTION` command. Most parameters cannot be changed\nafter the subscription is created and will be ignored if modified\nlater, except for a limited set documented at:\nhttps://www.postgresql.org/docs/current/sql-altersubscription.html#SQL-ALTERSUBSCRIPTION-PARAMS-SET", + "type": "object" + }, + "publicationDBName": { + "description": "The name of the database containing the publication on the external\ncluster. Defaults to the one in the external cluster definition.", + "type": "string" + }, + "publicationName": { + "description": "The name of the publication inside the PostgreSQL database in the\n\"publisher\"", + "type": "string" + }, + "subscriptionReclaimPolicy": { + "default": "retain", + "description": "The policy for end-of-life maintenance of this subscription", + "enum": [ + "delete", + "retain" + ], + "type": "string" + } + }, + "required": [ + "cluster", + "dbname", + "externalClusterName", + "name", + "publicationName" + ], + "type": "object" + }, + "status": { + "description": "SubscriptionStatus defines the observed state of Subscription", + "properties": { + "applied": { + "description": "Applied is true if the subscription was reconciled correctly", + "type": "boolean" + }, + "message": { + "description": "Message is the reconciliation output message", + "type": "string" + }, + "observedGeneration": { + "description": "A sequence number representing the latest\ndesired state that was synchronized", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "Subscription", + "version": "v1" + } + ] + }, + "postgresql.cnpg.noobaa.io/v1/SubscriptionList": { + "description": "SubscriptionList is a list of Subscription", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of subscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.noobaa.cnpg.postgresql.v1.Subscription" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "postgresql.cnpg.noobaa.io", + "kind": "SubscriptionList", + "version": "v1" + } + ] + }, + "project.openshift.io/v1/Project": { + "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.project.v1.ProjectSpec" + } + ], + "default": {}, + "description": "Spec defines the behavior of the Namespace." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.project.v1.ProjectStatus" + } + ], + "default": {}, + "description": "Status describes the current status of a Namespace" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "project.openshift.io", + "kind": "Project", + "version": "v1" + } + ] + }, + "project.openshift.io/v1/ProjectList": { + "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of projects", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.project.v1.Project" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "project.openshift.io", + "kind": "ProjectList", + "version": "v1" + } + ] + }, + "project.openshift.io/v1/ProjectRequest": { + "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "description": { + "description": "Description is the description to apply to a project", + "type": "string" + }, + "displayName": { + "description": "DisplayName is the display name to apply to a project", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "project.openshift.io", + "kind": "ProjectRequest", + "version": "v1" + } + ] + }, + "quota.openshift.io/v1/AppliedClusterResourceQuota": { + "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + } + ], + "default": {}, + "description": "Spec defines the desired quota" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" + } + ], + "default": {}, + "description": "Status defines the actual enforced quota and its current usage" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "quota.openshift.io", + "kind": "AppliedClusterResourceQuota", + "version": "v1" + } + ] + }, + "quota.openshift.io/v1/AppliedClusterResourceQuotaList": { + "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of AppliedClusterResourceQuota", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "quota.openshift.io", + "kind": "AppliedClusterResourceQuotaList", + "version": "v1" + } + ] + }, + "quota.openshift.io/v1/ClusterResourceQuota": { + "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to\nsynthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec defines the desired quota", + "properties": { + "quota": { + "description": "quota defines the desired quota", + "properties": { + "hard": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "hard is the set of desired hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object" + }, + "scopeSelector": { + "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota\nbut expressed using ScopeSelectorOperator in combination with possible values.\nFor a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + "properties": { + "matchExpressions": { + "description": "A list of scope selector requirements by scope of the resources.", + "items": { + "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator\nthat relates the scope name and values.", + "properties": { + "operator": { + "description": "Represents a scope's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist.", + "type": "string" }, - "type": "array" - }, - "created": { - "description": "Created indicates if the virtual machine is created in the cluster", - "type": "boolean" - }, - "desiredGeneration": { - "description": "DesiredGeneration is the generation which is desired for the VMI.\nThis will be used in comparisons with ObservedGeneration to understand when\nthe VMI is out of sync. This will be changed at the same time as\nObservedGeneration to remove errors which could occur if Generation is\nupdated through an Update() before ObservedGeneration in Status.", - "format": "int64", - "type": "integer" - }, - "instancetypeRef": { - "description": "InstancetypeRef captures the state of any referenced instance type from the VirtualMachine", - "nullable": true, - "properties": { - "controllerRevisionRef": { - "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", - "properties": { - "name": { - "description": "Name of the ControllerRevision", - "type": "string" - } - }, - "type": "object" - }, - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", + "scopeName": { + "description": "The name of the scope that the selector applies to.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty.\nThis array is replaced during a strategic merge patch.", + "items": { "type": "string" }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "operator", + "scopeName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "scopes": { + "description": "A collection of filters that must match each object tracked by a quota.\nIf not specified, the quota matches all objects.", + "items": { + "description": "A ResourceQuotaScope defines a filter that must match each object tracked by a quota", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is the selector used to match projects.\nIt should only select active projects on the scale of dozens (though it can select\nmany more less active projects). These projects will contend on object creation through\nthis resource.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "AnnotationSelector is used to select projects by annotation.", + "nullable": true, + "type": "object" + }, + "labels": { + "description": "LabelSelector is used to select projects by label.", + "nullable": true, + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { "type": "string" }, - "kind": { - "description": "Kind specifies the kind of resource", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "quota", + "selector" + ], + "type": "object" + }, + "status": { + "description": "status defines the actual enforced quota and its current usage", + "properties": { + "namespaces": { + "description": "namespaces slices the usage by project. This division allows for quick resolution of\ndeletion reconciliation inside of a single project without requiring a recalculation\nacross all projects. This can be used to pull the deltas for a given project.", + "items": { + "description": "ResourceQuotaStatusByNamespace gives status for a particular project", + "properties": { + "namespace": { + "description": "namespace the project this status applies to", + "type": "string" + }, + "status": { + "description": "status indicates how many resources have been consumed by this project", + "properties": { + "hard": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Hard is the set of enforced hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object" + }, + "used": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "name": { - "description": "Name is the name of resource", + { "type": "string" } - }, - "type": "object" + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "memoryDumpRequest": { - "description": "MemoryDumpRequest tracks memory dump request phase and info of getting a memory\ndump to the given pvc", - "nullable": true, + "description": "Used is the current observed total usage of the resource in the namespace.", + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "namespace", + "status" + ], + "type": "object" + }, + "nullable": true, + "type": "array" + }, + "total": { + "description": "total defines the actual enforced quota and its current usage across all projects", + "properties": { + "hard": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Hard is the set of enforced hard limits for each named resource.\nMore info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object" + }, + "used": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Used is the current observed total usage of the resource in the namespace.", + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "total" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "quota.openshift.io", + "kind": "ClusterResourceQuota", + "version": "v1" + } + ] + }, + "quota.openshift.io/v1/ClusterResourceQuotaList": { + "description": "ClusterResourceQuotaList is a list of ClusterResourceQuota", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of clusterresourcequotas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.quota.v1.ClusterResourceQuota" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "quota.openshift.io", + "kind": "ClusterResourceQuotaList", + "version": "v1" + } + ] + }, + "ramendr.openshift.io/v1alpha1/Recipe": { + "description": "Recipe is the Schema for the recipes API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "RecipeSpec defines the desired state of Recipe", + "properties": { + "appType": { + "description": "Type of application the recipe is designed for. (AppType is not used yet. For now, we will\nmatch the name of the app CR)", + "type": "string" + }, + "groups": { + "description": "List of one or multiple groups", + "items": { + "description": "Groups defined in the recipe refine / narrow-down the scope of its parent groups defined in the\nApplication CR. Recipe groups are always be associated to a parent group in Application CR -\nexplicitly or implicitly. Recipe groups can be used in the context of backup and/or restore workflows", + "properties": { + "backupRef": { + "description": "Used for groups solely used in restore workflows to refer to another group that is used in\nbackup workflows.", + "type": "string" + }, + "essential": { + "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", + "type": "boolean" + }, + "excludedNamespaces": { + "description": "List of namespace to exclude", + "items": { + "type": "string" + }, + "type": "array" + }, + "excludedResourceTypes": { + "description": "List of resource types to exclude", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeClusterResources": { + "description": "Whether to include any cluster-scoped resources. If nil or true, cluster-scoped resources are\nincluded if they are associated with the included namespace-scoped resources", + "type": "boolean" + }, + "includedNamespaces": { + "description": "List of namespaces to include.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includedNamespacesByLabel": { + "description": "Selects namespaces by label", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "claimName": { - "description": "ClaimName is the name of the pvc that will contain the memory dump", - "type": "string" - }, - "endTimestamp": { - "description": "EndTimestamp represents the time the memory dump was completed", - "format": "date-time", - "type": "string" - }, - "fileName": { - "description": "FileName represents the name of the output file", - "type": "string" - }, - "message": { - "description": "Message is a detailed message about failure of the memory dump", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "phase": { - "description": "Phase represents the memory dump phase", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "remove": { - "description": "Remove represents request of dissociating the memory dump pvc", - "type": "boolean" - }, - "startTimestamp": { - "description": "StartTimestamp represents the time the memory dump started", - "format": "date-time", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ - "claimName", - "phase" + "key", + "operator" ], "type": "object" }, - "observedGeneration": { - "description": "ObservedGeneration is the generation observed by the vmi when started.", - "format": "int64", - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "preferenceRef": { - "description": "PreferenceRef captures the state of any referenced preference from the VirtualMachine", - "nullable": true, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "includedResourceTypes": { + "description": "List of resource types to include. If unspecified, all resource types are included.", + "items": { + "type": "string" + }, + "type": "array" + }, + "labelSelector": { + "description": "Select items based on label", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "controllerRevisionRef": { - "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", - "properties": { - "name": { - "description": "Name of the ControllerRevision", - "type": "string" - } - }, - "type": "object" - }, - "inferFromVolume": { - "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", - "type": "string" - }, - "inferFromVolumeFailurePolicy": { - "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "kind": { - "description": "Kind specifies the kind of resource", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "name": { - "description": "Name is the name of resource", - "type": "string" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "printableStatus": { - "default": "Stopped", - "description": "PrintableStatus is a human readable, high-level representation of the status of the virtual machine", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { "type": "string" }, - "ready": { - "description": "Ready indicates if the virtual machine is running and ready", - "type": "boolean" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Name of the group", + "type": "string" + }, + "nameSelector": { + "description": "If specified, resource's object name needs to match this expression. Valid for volume groups only.", + "type": "string" + }, + "parent": { + "description": "Name of the parent group defined in the associated Application CR. Optional - If unspecified,\nparent group is represented by the implicit default group of Application CR (implies the\nApplication CR does not specify groups explicitly).", + "type": "string" + }, + "restoreOverwriteResources": { + "description": "Whether to overwrite resources during restore. Default to false.", + "type": "boolean" + }, + "restoreStatus": { + "description": "RestoreStatus restores status if set to all the includedResources specified. Specify '*' to restore all statuses for all the CRs", + "properties": { + "excludedResources": { + "description": "List of resource types to exclude.", + "items": { + "type": "string" }, - "restoreInProgress": { - "description": "RestoreInProgress is the name of the VirtualMachineRestore currently executing", + "type": "array" + }, + "includedResources": { + "description": "List of resource types to include. If unspecified, all resource types are included.", + "items": { "type": "string" }, - "runStrategy": { - "description": "RunStrategy tracks the last recorded RunStrategy used by the VM.\nThis is needed to correctly process the next strategy (for now only the RerunOnFailure)", + "type": "array" + } + }, + "type": "object" + }, + "selectResource": { + "description": "Determines the resource type which the fields labelSelector and nameSelector apply to for selecting PVCs. Default selection is pvc. Valid for volume groups only.", + "enum": [ + "pvc", + "pod", + "deployment", + "statefulset" + ], + "type": "string" + }, + "type": { + "description": "Determines the type of group - volume data only, resources only", + "enum": [ + "volume", + "resource" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "hooks": { + "description": "List of one or multiple hooks", + "items": { + "description": "Hooks are actions to take during recipe processing", + "properties": { + "chks": { + "description": "Set of checks that the hook can apply", + "items": { + "description": "Operation to be invoked by the hook", + "properties": { + "condition": { + "description": "The condition to check for", "type": "string" }, - "snapshotInProgress": { - "description": "SnapshotInProgress is the name of the VirtualMachineSnapshot currently executing", + "name": { + "description": "Name of the check. Needs to be unique within the hook", "type": "string" }, - "startFailure": { - "description": "StartFailure tracks consecutive VMI startup failures for the purposes of\ncrash loop backoffs", - "nullable": true, + "onError": { + "description": "How to handle when check does not become true. Defaults to Fail.", + "type": "string" + }, + "timeout": { + "description": "How long to wait for the check to execute, in seconds", + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "essential": { + "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", + "type": "boolean" + }, + "labelSelector": { + "description": "If specified, resource object needs to match this label selector", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "consecutiveFailCount": { - "type": "integer" - }, - "lastFailedVMIUID": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "retryAfterTimestamp": { - "format": "date-time", + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "stateChangeRequests": { - "description": "StateChangeRequests indicates a list of actions that should be taken on a VMI\ne.g. stop a specific VMI then start a new one.", - "items": { - "properties": { - "action": { - "description": "Indicates the type of action that is requested. e.g. Start or Stop", - "type": "string" - }, - "data": { - "additionalProperties": { - "type": "string" - }, - "description": "Provides additional data in order to perform the Action", - "type": "object" - }, - "uid": { - "description": "Indicates the UUID of an existing Virtual Machine Instance that this change request applies to -- if applicable", - "type": "string" - } - }, - "required": [ - "action" - ], - "type": "object" - }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "volumeRequests": { - "description": "VolumeRequests indicates a list of volumes add or remove from the VMI template and\nhotplug on an active running VMI.", - "items": { - "properties": { - "addVolumeOptions": { - "description": "AddVolumeOptions when set indicates a volume should be added. The details\nwithin this field specify how to add the volume", - "properties": { - "disk": { - "description": "Disk represents the hotplug disk that will be plugged into the running VMI", - "properties": { - "blockSize": { - "description": "If specified, the virtual disk will be presented with the given block sizes.", - "properties": { - "custom": { - "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", - "properties": { - "logical": { - "type": "integer" - }, - "physical": { - "type": "integer" - } - }, - "required": [ - "logical", - "physical" - ], - "type": "object" - }, - "matchVolume": { - "description": "Represents if a feature is enabled or disabled.", - "properties": { - "enabled": { - "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "bootOrder": { - "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", - "type": "integer" - }, - "cache": { - "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", - "type": "string" - }, - "cdrom": { - "description": "Attach a volume as a cdrom to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to true.", - "type": "boolean" - }, - "tray": { - "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", - "type": "string" - } - }, - "type": "object" - }, - "dedicatedIOThread": { - "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", - "type": "boolean" - }, - "disk": { - "description": "Attach a volume as a disk to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", - "type": "string" - }, - "pciAddress": { - "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - } - }, - "type": "object" - }, - "errorPolicy": { - "description": "If specified, it can change the default error policy (stop) for the disk", - "type": "string" - }, - "io": { - "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", - "type": "string" - }, - "lun": { - "description": "Attach a volume as a LUN to the vmi.", - "properties": { - "bus": { - "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", - "type": "string" - }, - "readonly": { - "description": "ReadOnly.\nDefaults to false.", - "type": "boolean" - }, - "reservation": { - "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", - "type": "boolean" - } - }, - "type": "object" - }, - "name": { - "description": "Name is the device name", - "type": "string" - }, - "serial": { - "description": "Serial provides the ability to specify a serial number for the disk device.", - "type": "string" - }, - "shareable": { - "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", - "type": "boolean" - }, - "tag": { - "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "dryRun": { - "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "Name represents the name that will be used to map the\ndisk to the corresponding volume. This overrides any name\nset inside the Disk struct itself.", - "type": "string" - }, - "volumeSource": { - "description": "VolumeSource represents the source of the volume to map to the disk.", - "properties": { - "dataVolume": { - "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", - "properties": { - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "name": { - "description": "Name of both the DataVolume and the PVC in the same namespace.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "persistentVolumeClaim": { - "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string" - }, - "hotpluggable": { - "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", - "type": "boolean" - }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", - "type": "boolean" - } - }, - "required": [ - "claimName" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "required": [ - "disk", - "name", - "volumeSource" - ], - "type": "object" - }, - "removeVolumeOptions": { - "description": "RemoveVolumeOptions when set indicates a volume should be removed. The details\nwithin this field specify how to add the volume", - "properties": { - "dryRun": { - "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "Name represents the name that maps to both the disk and volume that\nshould be removed", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Hook name, unique within the Recipe CR", + "type": "string" + }, + "nameSelector": { + "description": "If specified, resource's object name needs to match this expression", + "type": "string" + }, + "namespace": { + "description": "Namespace", + "type": "string" + }, + "onError": { + "default": "fail", + "description": "Default behavior in case of failing operations (custom or built-in ops). Defaults to Fail.", + "enum": [ + "fail", + "continue" + ], + "type": "string" + }, + "ops": { + "description": "Set of operations that the hook can be invoked for", + "items": { + "description": "Operation to be invoked by the hook", + "properties": { + "command": { + "description": "The command to execute", + "minLength": 1, + "type": "string" }, - "volumeSnapshotStatuses": { - "description": "VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is\nsupported by each volume.", - "items": { - "properties": { - "enabled": { - "description": "True if the volume supports snapshotting", - "type": "boolean" - }, - "name": { - "description": "Volume name", - "type": "string" - }, - "reason": { - "description": "Empty if snapshotting is enabled, contains reason otherwise", - "type": "string" - } - }, - "required": [ - "enabled", - "name" - ], - "type": "object" - }, - "type": "array" + "container": { + "description": "The container where the command should be executed", + "type": "string" }, - "volumeUpdateState": { - "description": "VolumeUpdateState contains the information about the volumes set\nupdates related to the volumeUpdateStrategy", - "properties": { - "volumeMigrationState": { - "description": "VolumeMigrationState tracks the information related to the volume migration", - "properties": { - "migratedVolumes": { - "description": "MigratedVolumes lists the source and destination volumes during the volume migration", - "items": { - "description": "StorageMigratedVolumeInfo tracks the information about the source and destination volumes during the volume migration", - "properties": { - "destinationPVCInfo": { - "description": "DestinationPVCInfo contains the information about the destination PVC", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Capacity represents the capacity set on the corresponding PVC status", - "type": "object" - }, - "claimName": { - "description": "ClaimName is the name of the PVC", - "type": "string" - }, - "filesystemOverhead": { - "description": "Percentage of filesystem's size to be reserved when resizing the PVC", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "preallocated": { - "description": "Preallocated indicates if the PVC's storage is preallocated or not", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests represents the resources requested by the corresponding PVC spec", - "type": "object" - }, - "volumeMode": { - "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - } - }, - "type": "object" - }, - "sourcePVCInfo": { - "description": "SourcePVCInfo contains the information about the source PVC", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "capacity": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Capacity represents the capacity set on the corresponding PVC status", - "type": "object" - }, - "claimName": { - "description": "ClaimName is the name of the PVC", - "type": "string" - }, - "filesystemOverhead": { - "description": "Percentage of filesystem's size to be reserved when resizing the PVC", - "pattern": "^(0(?:\\.\\d{1,3})?|1)$", - "type": "string" - }, - "preallocated": { - "description": "Preallocated indicates if the PVC's storage is preallocated or not", - "type": "boolean" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests represents the resources requested by the corresponding PVC spec", - "type": "object" - }, - "volumeMode": { - "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - } - }, - "type": "object" - }, - "volumeName": { - "description": "VolumeName is the name of the volume that is being migrated", - "type": "string" - } - }, - "required": [ - "volumeName" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } + "inverseOp": { + "description": "Name of another operation that reverts the effect of this operation (e.g. quiesce vs. unquiesce)", + "type": "string" + }, + "name": { + "description": "Name of the operation. Needs to be unique within the hook", + "type": "string" + }, + "onError": { + "description": "How to handle command returning with non-zero exit code. Defaults to Fail.", + "type": "string" + }, + "timeout": { + "description": "How long to wait for the command to execute, in seconds", + "type": "integer" + } + }, + "required": [ + "command", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "selectResource": { + "description": "Resource type to that a hook applies to", + "type": "string" + }, + "singlePodOnly": { + "description": "Boolean flag that indicates whether to execute command on a single pod or on all pods that\nmatch the selector", + "type": "boolean" + }, + "skipHookIfNotPresent": { + "default": false, + "description": "Flag to skip a Hook.", + "type": "boolean" + }, + "timeout": { + "description": "Default timeout in seconds applied to custom and built-in operations. If not specified, equals to 30s.", + "type": "integer" + }, + "type": { + "description": "Hook type", + "enum": [ + "exec", + "scale", + "check" + ], + "type": "string" + } + }, + "required": [ + "name", + "namespace", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "volumes": { + "description": "Volumes to protect from disaster", + "properties": { + "backupRef": { + "description": "Used for groups solely used in restore workflows to refer to another group that is used in\nbackup workflows.", + "type": "string" + }, + "essential": { + "description": "Defaults to true, if set to false, a failure is not necessarily handled as fatal", + "type": "boolean" + }, + "excludedNamespaces": { + "description": "List of namespace to exclude", + "items": { + "type": "string" + }, + "type": "array" + }, + "excludedResourceTypes": { + "description": "List of resource types to exclude", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeClusterResources": { + "description": "Whether to include any cluster-scoped resources. If nil or true, cluster-scoped resources are\nincluded if they are associated with the included namespace-scoped resources", + "type": "boolean" + }, + "includedNamespaces": { + "description": "List of namespaces to include.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includedNamespacesByLabel": { + "description": "Selects namespaces by label", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" }, - "type": "object" - } + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "includedResourceTypes": { + "description": "List of resource types to include. If unspecified, all resource types are included.", + "items": { + "type": "string" + }, + "type": "array" + }, + "labelSelector": { + "description": "Select items based on label", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Name of the group", + "type": "string" + }, + "nameSelector": { + "description": "If specified, resource's object name needs to match this expression. Valid for volume groups only.", + "type": "string" + }, + "parent": { + "description": "Name of the parent group defined in the associated Application CR. Optional - If unspecified,\nparent group is represented by the implicit default group of Application CR (implies the\nApplication CR does not specify groups explicitly).", + "type": "string" + }, + "restoreOverwriteResources": { + "description": "Whether to overwrite resources during restore. Default to false.", + "type": "boolean" + }, + "restoreStatus": { + "description": "RestoreStatus restores status if set to all the includedResources specified. Specify '*' to restore all statuses for all the CRs", + "properties": { + "excludedResources": { + "description": "List of resource types to exclude.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includedResources": { + "description": "List of resource types to include. If unspecified, all resource types are included.", + "items": { + "type": "string" + }, + "type": "array" + } + }, "type": "object" + }, + "selectResource": { + "description": "Determines the resource type which the fields labelSelector and nameSelector apply to for selecting PVCs. Default selection is pvc. Valid for volume groups only.", + "enum": [ + "pvc", + "pod", + "deployment", + "statefulset" + ], + "type": "string" + }, + "type": { + "description": "Determines the type of group - volume data only, resources only", + "enum": [ + "volume", + "resource" + ], + "type": "string" } }, + "required": [ + "name", + "type" + ], "type": "object" }, - "virtualMachineSnapshotName": { - "type": "string" - }, - "volumeBackups": { + "workflows": { + "description": "Workflow is the sequence of actions to take", "items": { - "description": "VolumeBackup contains the data neeed to restore a PVC", + "description": "Workflow is the sequence of actions to take", "properties": { - "persistentVolumeClaim": { - "properties": { - "metadata": { - "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "failOn": { + "default": "any-error", + "description": "Implies behaviour in case of failure: any-error (default), essential-error, full-error", + "enum": [ + "any-error", + "essential-error", + "full-error" + ], + "type": "string" + }, + "name": { + "description": "Name of recipe. Names \"backup\" and \"restore\" are reserved and implicitly used by default for\nbackup or restore respectively", + "type": "string" + }, + "sequence": { + "description": "List of the names of groups or hooks, in the order in which they should be executed\nFormat: : [/]", + "items": { + "additionalProperties": { + "type": "string" }, - "spec": { - "description": "Spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "sequence" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "appType" + ], + "type": "object" + }, + "status": { + "description": "RecipeStatus defines the observed state of Recipe", + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ramendr.openshift.io", + "kind": "Recipe", + "version": "v1alpha1" + } + ] + }, + "ramendr.openshift.io/v1alpha1/RecipeList": { + "description": "RecipeList is a list of Recipe", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of recipes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.ramendr.v1alpha1.Recipe" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ramendr.openshift.io", + "kind": "RecipeList", + "version": "v1alpha1" + } + ] + }, + "rbac.authorization.k8s.io/v1/ClusterRole": { + "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", + "namespaced": false, + "properties": { + "aggregationRule": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.AggregationRule" + } + ], + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + }, + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.PolicyRule" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + }, + "roleRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleRef" + } + ], + "default": {}, + "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Subject" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBinding", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of ClusterRoleBindings", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.ClusterRoleBinding" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleBindingList", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of ClusterRoles", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.ClusterRole" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "ClusterRoleList", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/Role": { + "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + }, + "rules": { + "description": "Rules holds all the PolicyRules for this Role", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.PolicyRule" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "Role", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/RoleBinding": { + "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + }, + "roleRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleRef" + } + ], + "default": {}, + "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Subject" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "RoleBinding", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of RoleBindings", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.RoleBinding" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "RoleBindingList", + "version": "v1" + } + ] + }, + "rbac.authorization.k8s.io/v1/RoleList": { + "description": "RoleList is a collection of Roles", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of Roles", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.Role" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard object's metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "rbac.authorization.k8s.io", + "kind": "RoleList", + "version": "v1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplication": { + "description": "VolumeGroupReplication is the Schema for the volumegroupreplications API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "VolumeGroupReplicationSpec defines the desired state of VolumeGroupReplication", + "properties": { + "autoResync": { + "default": false, + "description": "AutoResync represents the group to be auto resynced when\nReplicationState is \"secondary\"", + "type": "boolean" + }, + "external": { + "default": false, + "description": "External represents if VolumeGroupReplication should be reconciled by the csi-addons controller\nor an external controller managed by the storage vendor.", + "type": "boolean", + "x-kubernetes-validations": [ + { + "message": "source is immutable", + "rule": "self == oldSelf" + } + ] + }, + "replicationState": { + "description": "ReplicationState represents the replication operation to be performed on the group.\nSupported operations are \"primary\", \"secondary\" and \"resync\"", + "enum": [ + "primary", + "secondary", + "resync" + ], + "type": "string" + }, + "source": { + "description": "Source specifies where a group replications will be created from.\nThis field is immutable after creation.\nRequired.", + "properties": { + "selector": { + "description": "Selector is a label query over persistent volume claims that are to be\ngrouped together for replication.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" } }, + "required": [ + "key", + "operator" + ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "selector is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "required": [ + "selector" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "source is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeGroupReplicationClassName": { + "description": "volumeGroupReplicationClassName is the volumeGroupReplicationClass name for this VolumeGroupReplication resource", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeGroupReplicationClassName is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeGroupReplicationContentName": { + "description": "Name of the VolumeGroupReplicationContent object created for this volumeGroupReplication", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeGroupReplicationContentName is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeReplicationClassName": { + "description": "volumeReplicationClassName is the volumeReplicationClass name for the VolumeReplication object\ncreated for this volumeGroupReplication", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeReplicationClassName is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeReplicationName": { + "description": "Name of the VolumeReplication object created for this volumeGroupReplication", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeReplicationName is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "required": [ + "autoResync", + "replicationState", + "source", + "volumeGroupReplicationClassName" + ], + "type": "object" + }, + "status": { + "description": "VolumeGroupReplicationStatus defines the observed state of VolumeGroupReplication", + "properties": { + "conditions": { + "description": "Conditions are the list of conditions and their status.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" }, - "volumeName": { + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, - "volumeSnapshotName": { + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ - "persistentVolumeClaim", - "volumeName" + "lastTransitionTime", + "message", + "reason", + "status", + "type" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" + }, + "lastCompletionTime": { + "format": "date-time", + "type": "string" + }, + "lastStartTime": { + "format": "date-time", + "type": "string" + }, + "lastSyncBytes": { + "format": "int64", + "type": "integer" + }, + "lastSyncDuration": { + "type": "string" + }, + "lastSyncTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change the operator has dealt with", + "format": "int64", + "type": "integer" + }, + "persistentVolumeClaimsRefList": { + "description": "PersistentVolumeClaimsRefList is the list of PVCs for the volume group replication.\nThe maximum number of allowed PVCs in the group is 100.", + "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "state": { + "description": "State captures the latest state of the replication operation.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplication", + "version": "v1alpha1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationClass": { + "description": "VolumeGroupReplicationClass is the Schema for the volumegroupreplicationclasses API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "VolumeGroupReplicationClassSpec specifies parameters that an underlying storage system uses\nwhen creating a volumegroup replica. A specific VolumeGroupReplicationClass is used by specifying\nits name in a VolumeGroupReplication object.", + "properties": { + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a key-value map with storage provisioner specific configurations for\ncreating volume group replicas", + "type": "object", + "x-kubernetes-validations": [ + { + "message": "parameters are immutable", + "rule": "self == oldSelf" + } + ] + }, + "provisioner": { + "description": "Provisioner is the name of storage provisioner", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "provisioner is immutable", + "rule": "self == oldSelf" + } + ] } }, "required": [ - "source" + "provisioner" ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "parameters are immutable", + "rule": "has(self.parameters) == has(oldSelf.parameters)" + } + ] }, "status": { - "description": "VirtualMachineSnapshotContentStatus is the status for a VirtualMachineSnapshotStatus resource", + "description": "VolumeGroupReplicationClassStatus defines the observed state of VolumeGroupReplicationClass", + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplicationClass", + "version": "v1alpha1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationClassList": { + "description": "VolumeGroupReplicationClassList is a list of VolumeGroupReplicationClass", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of volumegroupreplicationclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplicationClass" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplicationClassList", + "version": "v1alpha1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationContent": { + "description": "VolumeGroupReplicationContent is the Schema for the volumegroupreplicationcontents API", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "VolumeGroupReplicationContentSpec defines the desired state of VolumeGroupReplicationContent", "properties": { - "creationTime": { - "format": "date-time", - "nullable": true, + "provisioner": { + "description": "provisioner is the name of the CSI driver used to create the physical\nvolume group on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", "type": "string" }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", + "source": { + "description": "Source specifies whether the volume group is (or should be) dynamically provisioned\nor already exists using the volumes listed here, and just requires a\nKubernetes object representation.\nRequired.", "properties": { - "message": { - "type": "string" - }, - "time": { - "format": "date-time", - "type": "string" + "volumeHandles": { + "description": "VolumeHandles is a list of volume handles on the backend to be grouped\nand replicated.", + "items": { + "type": "string" + }, + "type": "array" } }, + "required": [ + "volumeHandles" + ], "type": "object" }, - "readyToUse": { - "type": "boolean" + "volumeGroupAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "volumeGroupAttributes holds the contextual information of the volume group.", + "type": "object", + "x-kubernetes-validations": [ + { + "message": "field is immutable", + "rule": "self == oldSelf" + } + ] }, - "volumeSnapshotStatus": { + "volumeGroupReplicationClassName": { + "description": "VolumeGroupReplicationClassName is the name of the VolumeGroupReplicationClass from\nwhich this group replication was (or will be) created.\nRequired.", + "type": "string" + }, + "volumeGroupReplicationHandle": { + "description": "VolumeGroupReplicationHandle is a unique id returned by the CSI driver\nto identify the VolumeGroupReplication on the storage system.", + "type": "string" + }, + "volumeGroupReplicationRef": { + "description": "VolumeGroupreplicationRef specifies the VolumeGroupReplication object to which this\nVolumeGroupReplicationContent object is bound.\nVolumeGroupReplication.Spec.VolumeGroupReplicationContentName field must reference to\nthis VolumeGroupReplicationContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeGroupReplication object, MUST provide an empty/nil value for\nVolumeGroupReplicationRef for the auto-binding to happen.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "volumeGroupReplicationRef.name, volumeGroupReplicationRef.namespace and volumeGroupReplicationRef.uid must be set if volumeGroupReplicationRef is defined", + "rule": "self != null ? has(self.name) && has(self.__namespace__) && has(self.uid) : true" + } + ] + } + }, + "required": [ + "provisioner", + "source", + "volumeGroupReplicationClassName" + ], + "type": "object" + }, + "status": { + "description": "VolumeGroupReplicationContentStatus defines the status of VolumeGroupReplicationContent", + "properties": { + "persistentVolumeRefList": { + "description": "PersistentVolumeRefList is the list of PV for the group replication\nThe maximum number of allowed PV in the group is 100.", "items": { - "description": "VolumeSnapshotStatus is the status of a VolumeSnapshot", + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { - "creationTime": { - "format": "date-time", - "nullable": true, - "type": "string" - }, - "error": { - "description": "Error is the last error encountered during the snapshot/restore", - "properties": { - "message": { - "type": "string" - }, - "time": { - "format": "date-time", - "type": "string" - } - }, - "type": "object" - }, - "readyToUse": { - "type": "boolean" - }, - "volumeSnapshotName": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "volumeSnapshotName" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" } }, "type": "object" } }, - "required": [ - "spec" - ], + "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotContent", - "version": "v1beta1" + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplicationContent", + "version": "v1alpha1" } ] }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotContentList": { - "description": "VirtualMachineSnapshotContentList is a list of VirtualMachineSnapshotContent", + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationContentList": { + "description": "VolumeGroupReplicationContentList is a list of VolumeGroupReplicationContent", "namespaced": true, "properties": { "apiVersion": { @@ -316936,9 +272014,9 @@ "type": "string" }, "items": { - "description": "List of virtualmachinesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of volumegroupreplicationcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineSnapshotContent" + "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplicationContent" }, "type": "array" }, @@ -316961,14 +272039,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotContentList", - "version": "v1beta1" + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplicationContentList", + "version": "v1alpha1" } ] }, - "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotList": { - "description": "VirtualMachineSnapshotList is a list of VirtualMachineSnapshot", + "replication.storage.openshift.io/v1alpha1/VolumeGroupReplicationList": { + "description": "VolumeGroupReplicationList is a list of VolumeGroupReplication", "namespaced": true, "properties": { "apiVersion": { @@ -316976,9 +272054,9 @@ "type": "string" }, "items": { - "description": "List of virtualmachinesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of volumegroupreplications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineSnapshot" + "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeGroupReplication" }, "type": "array" }, @@ -317001,14 +272079,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.kubevirt.io", - "kind": "VirtualMachineSnapshotList", - "version": "v1beta1" + "group": "replication.storage.openshift.io", + "kind": "VolumeGroupReplicationList", + "version": "v1alpha1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshot": { - "description": "VolumeSnapshot is a user's request for either creating a point-in-time\nsnapshot of a persistent volume, or binding to a pre-existing snapshot.", + "replication.storage.openshift.io/v1alpha1/VolumeReplication": { + "description": "VolumeReplication is the Schema for the volumereplications API.", "namespaced": true, "properties": { "apiVersion": { @@ -317028,111 +272106,161 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec defines the desired characteristics of a snapshot requested by a user.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots\nRequired.", + "description": "VolumeReplicationSpec defines the desired state of VolumeReplication.", "properties": { - "source": { - "description": "source specifies where a snapshot will be created from.\nThis field is immutable after creation.\nRequired.", + "autoResync": { + "default": false, + "description": "AutoResync represents the volume to be auto resynced when\nReplicationState is \"secondary\"", + "type": "boolean" + }, + "dataSource": { + "description": "DataSource represents the object associated with the volume", "properties": { - "persistentVolumeClaimName": { - "description": "persistentVolumeClaimName specifies the name of the PersistentVolumeClaim\nobject representing the volume from which a snapshot should be created.\nThis PVC is assumed to be in the same namespace as the VolumeSnapshot\nobject.\nThis field should be set if the snapshot does not exists, and needs to be\ncreated.\nThis field is immutable.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "persistentVolumeClaimName is immutable", - "rule": "self == oldSelf" - } - ] + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - "volumeSnapshotContentName": { - "description": "volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent\nobject representing an existing volume snapshot.\nThis field should be set if the snapshot already exists and only needs a representation in Kubernetes.\nThis field is immutable.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeSnapshotContentName is immutable", - "rule": "self == oldSelf" - } - ] + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-map-type": "atomic", "x-kubernetes-validations": [ { - "message": "persistentVolumeClaimName is required once set", - "rule": "!has(oldSelf.persistentVolumeClaimName) || has(self.persistentVolumeClaimName)" - }, - { - "message": "volumeSnapshotContentName is required once set", - "rule": "!has(oldSelf.volumeSnapshotContentName) || has(self.volumeSnapshotContentName)" - }, - { - "message": "exactly one of volumeSnapshotContentName and persistentVolumeClaimName must be set", - "rule": "(has(self.volumeSnapshotContentName) && !has(self.persistentVolumeClaimName)) || (!has(self.volumeSnapshotContentName) && has(self.persistentVolumeClaimName))" + "message": "dataSource is immutable", + "rule": "self == oldSelf" } ] }, - "volumeSnapshotClassName": { - "description": "VolumeSnapshotClassName is the name of the VolumeSnapshotClass\nrequested by the VolumeSnapshot.\nVolumeSnapshotClassName may be left nil to indicate that the default\nSnapshotClass should be used.\nA given cluster may have multiple default Volume SnapshotClasses: one\ndefault per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass,\nVolumeSnapshotSource will be checked to figure out what the associated\nCSI Driver is, and the default VolumeSnapshotClass associated with that\nCSI Driver will be used. If more than one VolumeSnapshotClass exist for\na given CSI Driver and more than one have been marked as default,\nCreateSnapshot will fail and generate an event.\nEmpty string is not allowed for this field.", + "replicationHandle": { + "description": "replicationHandle represents an existing (but new) replication id", + "type": "string" + }, + "replicationState": { + "description": "ReplicationState represents the replication operation to be performed on the volume.\nSupported operations are \"primary\", \"secondary\" and \"resync\"", + "enum": [ + "primary", + "secondary", + "resync" + ], + "type": "string" + }, + "volumeReplicationClass": { + "description": "VolumeReplicationClass is the VolumeReplicationClass name for this VolumeReplication resource", "type": "string", "x-kubernetes-validations": [ { - "message": "volumeSnapshotClassName must not be the empty string when set", - "rule": "size(self) > 0" + "message": "volumeReplicationClass is immutable", + "rule": "self == oldSelf" } ] } }, "required": [ - "source" + "autoResync", + "dataSource", + "replicationState", + "volumeReplicationClass" ], "type": "object" }, "status": { - "description": "status represents the current information of a snapshot.\nConsumers must verify binding between VolumeSnapshot and\nVolumeSnapshotContent objects is successful (by validating that both\nVolumeSnapshot and VolumeSnapshotContent point at each other) before\nusing this object.", + "description": "VolumeReplicationStatus defines the observed state of VolumeReplication.", "properties": { - "boundVolumeSnapshotContentName": { - "description": "boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent\nobject to which this VolumeSnapshot object intends to bind to.\nIf not specified, it indicates that the VolumeSnapshot object has not been\nsuccessfully bound to a VolumeSnapshotContent object yet.\nNOTE: To avoid possible security issues, consumers must verify binding between\nVolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that\nboth VolumeSnapshot and VolumeSnapshotContent point at each other) before using\nthis object.", + "conditions": { + "description": "Conditions are the list of conditions and their status.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "lastCompletionTime": { + "format": "date-time", "type": "string" }, - "creationTime": { - "description": "creationTime is the timestamp when the point-in-time snapshot is taken\nby the underlying storage system.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"creation_time\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"creation_time\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nIf not specified, it may indicate that the creation time of the snapshot is unknown.", + "lastStartTime": { "format": "date-time", "type": "string" }, - "error": { - "description": "error is the last observed error during snapshot creation, if any.\nThis field could be helpful to upper level controllers(i.e., application controller)\nto decide whether they should continue on waiting for the snapshot to be created\nbased on the type of error reported.\nThe snapshot controller will keep retrying when an error occurs during the\nsnapshot creation. Upon success, this error field will be cleared.", - "properties": { - "message": { - "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", - "type": "string" - }, - "time": { - "description": "time is the timestamp when the error was encountered.", - "format": "date-time", - "type": "string" - } - }, - "type": "object" + "lastSyncBytes": { + "format": "int64", + "type": "integer" }, - "readyToUse": { - "description": "readyToUse indicates if the snapshot is ready to be used to restore a volume.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"ready_to_use\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"ready_to_use\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it,\notherwise, this field will be set to \"True\".\nIf not specified, it means the readiness of a snapshot is unknown.", - "type": "boolean" + "lastSyncDuration": { + "type": "string" }, - "restoreSize": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "restoreSize represents the minimum size of volume required to create a volume\nfrom this snapshot.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"size_bytes\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"size_bytes\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nWhen restoring a volume from this snapshot, the size of the volume MUST NOT\nbe smaller than the restoreSize if it is specified, otherwise the restoration will fail.\nIf not specified, it indicates that the size is unknown.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "type": "string", - "x-kubernetes-int-or-string": true + "lastSyncTime": { + "format": "date-time", + "type": "string" }, - "volumeGroupSnapshotName": { - "description": "VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot of which this\nVolumeSnapshot is a part of.", + "message": { + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change the operator has dealt with", + "format": "int64", + "type": "integer" + }, + "state": { + "description": "State captures the latest state of the replication operation.", "type": "string" } }, @@ -317145,30 +272273,173 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshot", - "version": "v1" + "group": "replication.storage.openshift.io", + "kind": "VolumeReplication", + "version": "v1alpha1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshotClass": { - "description": "VolumeSnapshotClass specifies parameters that a underlying storage system uses when\ncreating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its\nname in a VolumeSnapshot object.\nVolumeSnapshotClasses are non-namespaced", + "replication.storage.openshift.io/v1alpha1/VolumeReplicationClass": { + "description": "VolumeReplicationClass is the Schema for the volumereplicationclasses API.", "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "deletionPolicy": { - "description": "deletionPolicy determines whether a VolumeSnapshotContent created through\nthe VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted.\nRequired.", - "enum": [ - "Delete", - "Retain" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "VolumeReplicationClassSpec specifies parameters that an underlying storage system uses\nwhen creating a volume replica. A specific VolumeReplicationClass is used by specifying\nits name in a VolumeReplication object.", + "properties": { + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "Parameters is a key-value map with storage provisioner specific configurations for\ncreating volume replicas", + "type": "object", + "x-kubernetes-validations": [ + { + "message": "parameters are immutable", + "rule": "self == oldSelf" + } + ] + }, + "provisioner": { + "description": "Provisioner is the name of storage provisioner", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "provisioner is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "required": [ + "provisioner" ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "parameters are immutable", + "rule": "has(self.parameters) == has(oldSelf.parameters)" + } + ] + }, + "status": { + "description": "VolumeReplicationClassStatus defines the observed state of VolumeReplicationClass.", + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeReplicationClass", + "version": "v1alpha1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeReplicationClassList": { + "description": "VolumeReplicationClassList is a list of VolumeReplicationClass", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "driver": { - "description": "driver is the name of the storage driver that handles this VolumeSnapshotClass.\nRequired.", + "items": { + "description": "List of volumereplicationclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeReplicationClass" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeReplicationClassList", + "version": "v1alpha1" + } + ] + }, + "replication.storage.openshift.io/v1alpha1/VolumeReplicationList": { + "description": "VolumeReplicationList is a list of VolumeReplication", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of volumereplications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.storage.replication.v1alpha1.VolumeReplication" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "replication.storage.openshift.io", + "kind": "VolumeReplicationList", + "version": "v1alpha1" + } + ] + }, + "route.openshift.io/v1/Route": { + "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { @@ -317181,31 +272452,42 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "parameters": { - "additionalProperties": { - "type": "string" - }, - "description": "parameters is a key-value map with storage driver specific parameters for creating snapshots.\nThese values are opaque to Kubernetes.", - "type": "object" + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteSpec" + } + ], + "default": {}, + "description": "spec is the desired state of the route" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteStatus" + } + ], + "default": {}, + "description": "status is the current state of the route" } }, "required": [ - "deletionPolicy", - "driver" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshotClass", + "group": "route.openshift.io", + "kind": "Route", "version": "v1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshotClassList": { - "description": "VolumeSnapshotClassList is a list of VolumeSnapshotClass", + "route.openshift.io/v1/RouteList": { + "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -317213,9 +272495,14 @@ "type": "string" }, "items": { - "description": "List of volumesnapshotclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "items is a list of routes", "items": { - "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshotClass" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.route.v1.Route" + } + ], + "default": {} }, "type": "array" }, @@ -317229,7 +272516,8 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ @@ -317238,14 +272526,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshotClassList", + "group": "route.openshift.io", + "kind": "RouteList", "version": "v1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshotContent": { - "description": "VolumeSnapshotContent represents the actual \"on-disk\" snapshot object in the\nunderlying storage system", + "samples.operator.openshift.io/v1/Config": { + "description": "Config contains the configuration and detailed condition status for the Samples Operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": false, "properties": { "apiVersion": { @@ -317265,169 +272553,116 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "spec defines properties of a VolumeSnapshotContent created by the underlying storage system.\nRequired.", + "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", "properties": { - "deletionPolicy": { - "description": "deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on\nthe underlying storage system should be deleted when its bound VolumeSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted.\nFor dynamically provisioned snapshots, this field will automatically be filled in by the\nCSI snapshotter sidecar with the \"DeletionPolicy\" field defined in the corresponding\nVolumeSnapshotClass.\nFor pre-existing snapshots, users MUST specify this field when creating the\n VolumeSnapshotContent object.\nRequired.", - "enum": [ - "Delete", - "Retain" - ], + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", + "items": { + "type": "string" + }, + "type": "array" + }, + "managementState": { + "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", "type": "string" }, - "driver": { - "description": "driver is the name of the CSI driver used to create the physical snapshot on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", "type": "string" }, - "source": { - "description": "source specifies whether the snapshot is (or should be) dynamically provisioned\nor already exists, and just requires a Kubernetes object representation.\nThis field is immutable after creation.\nRequired.", - "properties": { - "snapshotHandle": { - "description": "snapshotHandle specifies the CSI \"snapshot_id\" of a pre-existing snapshot on\nthe underlying storage system for which a Kubernetes object representation\nwas (or should be) created.\nThis field is immutable.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "snapshotHandle is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeHandle": { - "description": "volumeHandle specifies the CSI \"volume_id\" of the volume from which a snapshot\nshould be dynamically taken from.\nThis field is immutable.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "volumeHandle is immutable", - "rule": "self == oldSelf" - } - ] - } + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "volumeHandle is required once set", - "rule": "!has(oldSelf.volumeHandle) || has(self.volumeHandle)" - }, - { - "message": "snapshotHandle is required once set", - "rule": "!has(oldSelf.snapshotHandle) || has(self.snapshotHandle)" - }, - { - "message": "exactly one of volumeHandle and snapshotHandle must be set", - "rule": "(has(self.volumeHandle) && !has(self.snapshotHandle)) || (!has(self.volumeHandle) && has(self.snapshotHandle))" - } - ] - }, - "sourceVolumeMode": { - "description": "SourceVolumeMode is the mode of the volume whose snapshot is taken.\nCan be either \u201cFilesystem\u201d or \u201cBlock\u201d.\nIf not specified, it indicates the source volume's mode is unknown.\nThis field is immutable.\nThis field is an alpha field.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "sourceVolumeMode is immutable", - "rule": "self == oldSelf" - } - ] - }, - "volumeSnapshotClassName": { - "description": "name of the VolumeSnapshotClass from which this snapshot was (or will be)\ncreated.\nNote that after provisioning, the VolumeSnapshotClass may be deleted or\nrecreated with different set of values, and as such, should not be referenced\npost-snapshot creation.", - "type": "string" + "type": "array" }, - "volumeSnapshotRef": { - "description": "volumeSnapshotRef specifies the VolumeSnapshot object to which this\nVolumeSnapshotContent object is bound.\nVolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to\nthis VolumeSnapshotContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeSnapshotContent object, name and namespace of the\nVolumeSnapshot object MUST be provided for binding to happen.\nThis field is immutable after creation.\nRequired.", - "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - }, - "namespace": { - "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" - }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "uid": { - "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" - } + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "items": { + "type": "string" }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "x-kubernetes-validations": [ - { - "message": "both spec.volumeSnapshotRef.name and spec.volumeSnapshotRef.namespace must be set", - "rule": "has(self.name) && has(self.__namespace__)" - } - ] + "type": "array" } }, - "required": [ - "deletionPolicy", - "driver", - "source", - "volumeSnapshotRef" - ], - "type": "object", - "x-kubernetes-validations": [ - { - "message": "sourceVolumeMode is required once set", - "rule": "!has(oldSelf.sourceVolumeMode) || has(self.sourceVolumeMode)" - } - ] + "type": "object" }, "status": { - "description": "status represents the current information of a snapshot.", + "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", "properties": { - "creationTime": { - "description": "creationTime is the timestamp when the point-in-time snapshot is taken\nby the underlying storage system.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"creation_time\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"creation_time\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nIf not specified, it indicates the creation time is unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command `date +%s%N` returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.", - "format": "int64", - "type": "integer" - }, - "error": { - "description": "error is the last observed error during snapshot creation, if any.\nUpon success after retry, this error field will be cleared.", - "properties": { - "message": { - "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", - "type": "string" - }, - "time": { - "description": "time is the timestamp when the error was encountered.", - "format": "date-time", - "type": "string" - } + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "readyToUse": { - "description": "readyToUse indicates if a snapshot is ready to be used to restore a volume.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"ready_to_use\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"ready_to_use\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it,\notherwise, this field will be set to \"True\".\nIf not specified, it means the readiness of a snapshot is unknown.", - "type": "boolean" + "conditions": { + "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", + "items": { + "description": "ConfigCondition captures various conditions of the Config as entries are processed.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "lastUpdateTime": { + "description": "lastUpdateTime is the last time this condition was updated.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "reason is what caused the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "type of condition.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" }, - "restoreSize": { - "description": "restoreSize represents the complete size of the snapshot in bytes.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"size_bytes\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"size_bytes\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nWhen restoring a volume from this snapshot, the size of the volume MUST NOT\nbe smaller than the restoreSize if it is specified, otherwise the restoration will fail.\nIf not specified, it indicates that the size is unknown.", - "format": "int64", - "minimum": 0, - "type": "integer" + "managementState": { + "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", + "pattern": "^(Managed|Unmanaged|Force|Removed)$", + "type": "string" }, - "snapshotHandle": { - "description": "snapshotHandle is the CSI \"snapshot_id\" of a snapshot on the underlying storage system.\nIf not specified, it indicates that dynamic snapshot creation has either failed\nor it is still in progress.", + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", "type": "string" }, - "volumeGroupSnapshotHandle": { - "description": "VolumeGroupSnapshotHandle is the CSI \"group_snapshot_id\" of a group snapshot\non the underlying storage system.", + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don\u2019t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", "type": "string" } }, @@ -317435,19 +272670,20 @@ } }, "required": [ + "metadata", "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshotContent", + "group": "samples.operator.openshift.io", + "kind": "Config", "version": "v1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshotContentList": { - "description": "VolumeSnapshotContentList is a list of VolumeSnapshotContent", + "samples.operator.openshift.io/v1/ConfigList": { + "description": "ConfigList is a list of Config", "namespaced": true, "properties": { "apiVersion": { @@ -317455,9 +272691,9 @@ "type": "string" }, "items": { - "description": "List of volumesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshotContent" + "$ref": "#/components/schemas/io.openshift.operator.samples.v1.Config" }, "type": "array" }, @@ -317480,59 +272716,27 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshotContentList", + "group": "samples.operator.openshift.io", + "kind": "ConfigList", "version": "v1" } ] }, - "snapshot.storage.k8s.io/v1/VolumeSnapshotList": { - "description": "VolumeSnapshotList is a list of VolumeSnapshot", - "namespaced": true, + "scheduling.k8s.io/v1/PriorityClass": { + "description": "PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of volumesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshot" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": { + "description": "description is an arbitrary string that usually provides guidelines on when this priority class should be used.", "type": "string" }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "snapshot.storage.k8s.io", - "kind": "VolumeSnapshotList", - "version": "v1" - } - ] - }, - "sriovnetwork.openshift.io/v1/OVSNetwork": { - "description": "OVSNetwork is the Schema for the ovsnetworks API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "globalDefault": { + "description": "globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.", + "type": "boolean" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -317544,97 +272748,38 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], + "default": {}, "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "spec": { - "description": "OVSNetworkSpec defines the desired state of OVSNetwork", - "properties": { - "bridge": { - "description": "name of the OVS bridge, if not set OVS will automatically select bridge\nbased on VF PCI address", - "type": "string" - }, - "capabilities": { - "description": "Capabilities to be configured for this network.\nCapabilities supported: (mac|ips), e.g. '{\"mac\": true}'", - "type": "string" - }, - "interfaceType": { - "description": "The type of interface on ovs.", - "type": "string" - }, - "ipam": { - "description": "IPAM configuration to be used for this network.", - "type": "string" - }, - "metaPlugins": { - "description": "MetaPluginsConfig configuration to be used in order to chain metaplugins", - "type": "string" - }, - "mtu": { - "description": "Mtu for the OVS port", - "type": "integer" - }, - "networkNamespace": { - "description": "Namespace of the NetworkAttachmentDefinition custom resource", - "type": "string" - }, - "resourceName": { - "description": "OVS Network device plugin endpoint resource name", - "type": "string" - }, - "trunk": { - "description": "Trunk configuration for the OVS port", - "items": { - "description": "TrunkConfig contains configuration for bridge trunk", - "properties": { - "id": { - "maximum": 4095, - "minimum": 0, - "type": "integer" - }, - "maxID": { - "maximum": 4095, - "minimum": 0, - "type": "integer" - }, - "minID": { - "maximum": 4095, - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "type": "array" - }, - "vlan": { - "description": "Vlan to assign for the OVS port", - "maximum": 4095, - "minimum": 0, - "type": "integer" - } - }, - "required": [ - "resourceName" + "preemptionPolicy": { + "description": "preemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", + "enum": [ + "Never", + "PreemptLowerPriority" ], - "type": "object" + "type": "string" }, - "status": { - "description": "OVSNetworkStatus defines the observed state of OVSNetwork", - "type": "object" + "value": { + "default": 0, + "description": "value represents the integer value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.", + "format": "int32", + "type": "integer" } }, - "required": [], + "required": [ + "value" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "OVSNetwork", + "group": "scheduling.k8s.io", + "kind": "PriorityClass", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/OVSNetworkList": { - "description": "OVSNetworkList is a list of OVSNetwork", + "scheduling.k8s.io/v1/PriorityClassList": { + "description": "PriorityClassList is a collection of priority classes.", "namespaced": true, "properties": { "apiVersion": { @@ -317642,9 +272787,14 @@ "type": "string" }, "items": { - "description": "List of ovsnetworks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "items is the list of PriorityClasses", "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.OVSNetwork" + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.scheduling.v1.PriorityClass" + } + ], + "default": {} }, "type": "array" }, @@ -317658,7 +272808,8 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ @@ -317667,20 +272818,24 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "OVSNetworkList", + "group": "scheduling.k8s.io", + "kind": "PriorityClassList", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovIBNetwork": { - "description": "SriovIBNetwork is the Schema for the sriovibnetworks API", - "namespaced": true, + "security.internal.openshift.io/v1/RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\nThis is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap\nwith each bit set to one to represent a range is taken.", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -317693,61 +272848,23 @@ ], "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "spec": { - "description": "SriovIBNetworkSpec defines the desired state of SriovIBNetwork", - "properties": { - "capabilities": { - "description": "Capabilities to be configured for this network.\nCapabilities supported: (infinibandGUID), e.g. '{\"infinibandGUID\": true}'", - "type": "string" - }, - "ipam": { - "description": "IPAM configuration to be used for this network.", - "type": "string" - }, - "linkState": { - "description": "VF link state (enable|disable|auto)", - "enum": [ - "auto", - "enable", - "disable" - ], - "type": "string" - }, - "metaPlugins": { - "description": "MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned\nby the operator.", - "type": "string" - }, - "networkNamespace": { - "description": "Namespace of the NetworkAttachmentDefinition custom resource", - "type": "string" - }, - "resourceName": { - "description": "SRIOV Network device plugin endpoint resource name", - "type": "string" - } - }, - "required": [ - "resourceName" - ], - "type": "object" - }, - "status": { - "description": "SriovIBNetworkStatus defines the observed state of SriovIBNetwork", - "type": "object" + "range": { + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "type": "string" } }, "required": [], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovIBNetwork", + "group": "security.internal.openshift.io", + "kind": "RangeAllocation", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovIBNetworkList": { - "description": "SriovIBNetworkList is a list of SriovIBNetwork", + "security.internal.openshift.io/v1/RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocation", "namespaced": true, "properties": { "apiVersion": { @@ -317755,9 +272872,9 @@ "type": "string" }, "items": { - "description": "List of sriovibnetworks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of rangeallocations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovIBNetwork" + "$ref": "#/components/schemas/io.openshift.internal.security.v1.RangeAllocation" }, "type": "array" }, @@ -317780,14 +272897,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovIBNetworkList", + "group": "security.internal.openshift.io", + "kind": "RangeAllocationList", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetwork": { - "description": "SriovNetwork is the Schema for the sriovnetworks API", + "security.openshift.io/v1/PodSecurityPolicyReview": { + "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -317798,180 +272915,136 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" } ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "default": {}, + "description": "spec is the PodSecurityPolicy to check." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" + } + ], + "default": {}, + "description": "status represents the current information/status for the PodSecurityPolicyReview." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "security.openshift.io", + "kind": "PodSecurityPolicyReview", + "version": "v1" + } + ] + }, + "security.openshift.io/v1/PodSecurityPolicySelfSubjectReview": { + "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, "spec": { - "description": "SriovNetworkSpec defines the desired state of SriovNetwork", - "properties": { - "capabilities": { - "description": "Capabilities to be configured for this network.\nCapabilities supported: (mac|ips), e.g. '{\"mac\": true}'", - "type": "string" - }, - "ipam": { - "description": "IPAM configuration to be used for this network.", - "type": "string" - }, - "linkState": { - "description": "VF link state (enable|disable|auto)", - "enum": [ - "auto", - "enable", - "disable" - ], - "type": "string" - }, - "logFile": { - "description": "LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus\nto multus and container runtime logs.", - "type": "string" - }, - "logLevel": { - "default": "info", - "description": "LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults\nto info if left blank.", - "enum": [ - "panic", - "error", - "warning", - "info", - "debug", - "" - ], - "type": "string" - }, - "maxTxRate": { - "description": "Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no rate limiting)", - "minimum": 0, - "type": "integer" - }, - "metaPlugins": { - "description": "MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned\nby the operator.", - "type": "string" - }, - "minTxRate": { - "description": "Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no rate limiting). min_tx_rate should be <= max_tx_rate.", - "minimum": 0, - "type": "integer" - }, - "networkNamespace": { - "description": "Namespace of the NetworkAttachmentDefinition custom resource", - "type": "string" - }, - "resourceName": { - "description": "SRIOV Network device plugin endpoint resource name", - "type": "string" - }, - "spoofChk": { - "description": "VF spoof check, (on|off)", - "enum": [ - "on", - "off" - ], - "type": "string" - }, - "trust": { - "description": "VF trust mode (on|off)", - "enum": [ - "on", - "off" - ], - "type": "string" - }, - "vlan": { - "description": "VLAN ID to assign for the VF. Defaults to 0.", - "maximum": 4096, - "minimum": 0, - "type": "integer" - }, - "vlanProto": { - "description": "VLAN proto to assign for the VF. Defaults to 802.1q.", - "enum": [ - "802.1q", - "802.1Q", - "802.1ad", - "802.1AD" - ], - "type": "string" - }, - "vlanQoS": { - "description": "VLAN QoS ID to assign for the VF. Defaults to 0.", - "maximum": 7, - "minimum": 0, - "type": "integer" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" } - }, - "required": [ - "resourceName" ], - "type": "object" + "default": {}, + "description": "spec defines specification the PodSecurityPolicySelfSubjectReview." }, "status": { - "description": "SriovNetworkStatus defines the observed state of SriovNetwork", - "type": "object" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + } + ], + "default": {}, + "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview." } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetwork", + "group": "security.openshift.io", + "kind": "PodSecurityPolicySelfSubjectReview", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkList": { - "description": "SriovNetworkList is a list of SriovNetwork", + "security.openshift.io/v1/PodSecurityPolicySubjectReview": { + "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of sriovnetworks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovNetwork" - }, - "type": "array" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "default": {}, + "description": "spec defines specification for the PodSecurityPolicySubjectReview." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + } + ], + "default": {}, + "description": "status represents the current information/status for the PodSecurityPolicySubjectReview." } }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkList", + "group": "security.openshift.io", + "kind": "PodSecurityPolicySubjectReview", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkNodePolicy": { - "description": "SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies API", - "namespaced": true, + "security.openshift.io/v1/RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "format": "byte", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -317982,224 +273055,30 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy", - "properties": { - "bridge": { - "description": "contains bridge configuration for matching PFs,\nvalid only for eSwitchMode==switchdev", - "properties": { - "ovs": { - "description": "contains configuration for the OVS bridge,", - "properties": { - "bridge": { - "description": "contains bridge level settings", - "properties": { - "datapathType": { - "description": "configure datapath_type field in the Bridge table in OVSDB", - "type": "string" - }, - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "IDs to inject to external_ids field in the Bridge table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "additional options to inject to other_config field in the bridge table in OVSDB", - "type": "object" - } - }, - "type": "object" - }, - "uplink": { - "description": "contains settings for uplink (PF)", - "properties": { - "interface": { - "description": "contains settings for PF interface in the OVS bridge", - "properties": { - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "external_ids field in the Interface table in OVSDB", - "type": "object" - }, - "mtuRequest": { - "description": "mtu_request field in the Interface table in OVSDB", - "type": "integer" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options field in the Interface table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "other_config field in the Interface table in OVSDB", - "type": "object" - }, - "type": { - "description": "type field in the Interface table in OVSDB", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "deviceType": { - "default": "netdevice", - "description": "The driver type for configured VFs. Allowed value \"netdevice\", \"vfio-pci\". Defaults to netdevice.", - "enum": [ - "netdevice", - "vfio-pci" - ], - "type": "string" - }, - "eSwitchMode": { - "description": "NIC Device Mode. Allowed value \"legacy\",\"switchdev\".", - "enum": [ - "legacy", - "switchdev" - ], - "type": "string" - }, - "excludeTopology": { - "description": "Exclude device's NUMA node when advertising this resource by SRIOV network device plugin. Default to false.", - "type": "boolean" - }, - "externallyManaged": { - "description": "don't create the virtual function only allocated them to the device plugin. Defaults to false.", - "type": "boolean" - }, - "isRdma": { - "description": "RDMA mode. Defaults to false.", - "type": "boolean" - }, - "linkType": { - "description": "NIC Link Type. Allowed value \"eth\", \"ETH\", \"ib\", and \"IB\".", - "enum": [ - "eth", - "ETH", - "ib", - "IB" - ], - "type": "string" - }, - "mtu": { - "description": "MTU of VF", - "minimum": 1, - "type": "integer" - }, - "needVhostNet": { - "description": "mount vhost-net device. Defaults to false.", - "type": "boolean" - }, - "nicSelector": { - "description": "NicSelector selects the NICs to be configured", - "properties": { - "deviceID": { - "description": "The device hex code of SR-IoV device. Allowed value \"0d58\", \"1572\", \"158b\", \"1013\", \"1015\", \"1017\", \"101b\".", - "type": "string" - }, - "netFilter": { - "description": "Infrastructure Networking selection filter. Allowed value \"openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"", - "type": "string" - }, - "pfNames": { - "description": "Name of SR-IoV PF.", - "items": { - "type": "string" - }, - "type": "array" - }, - "rootDevices": { - "description": "PCI address of SR-IoV PF.", - "items": { - "type": "string" - }, - "type": "array" - }, - "vendor": { - "description": "The vendor hex code of SR-IoV device. Allowed value \"8086\", \"15b3\".", - "type": "string" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector selects the nodes to be configured", - "type": "object" - }, - "numVfs": { - "description": "Number of VFs for each PF", - "minimum": 0, - "type": "integer" - }, - "priority": { - "description": "Priority of the policy, higher priority policies can override lower ones.", - "maximum": 99, - "minimum": 0, - "type": "integer" - }, - "resourceName": { - "description": "SRIOV Network device plugin endpoint resource name", - "type": "string" - }, - "vdpaType": { - "description": "VDPA device type. Allowed value \"virtio\", \"vhost\"", - "enum": [ - "virtio", - "vhost" - ], - "type": "string" - } - }, - "required": [ - "nicSelector", - "nodeSelector", - "numVfs", - "resourceName" - ], - "type": "object" + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "status": { - "description": "SriovNetworkNodePolicyStatus defines the observed state of SriovNetworkNodePolicy", - "type": "object" + "range": { + "default": "", + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "type": "string" } }, - "required": [], + "required": [ + "range", + "data" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkNodePolicy", + "group": "security.openshift.io", + "kind": "RangeAllocation", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkNodePolicyList": { - "description": "SriovNetworkNodePolicyList is a list of SriovNetworkNodePolicy", + "security.openshift.io/v1/RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespaced": true, "properties": { "apiVersion": { @@ -318207,9 +273086,14 @@ "type": "string" }, "items": { - "description": "List of sriovnetworknodepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of RangeAllocations.", "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovNetworkNodePolicy" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.security.v1.RangeAllocation" + } + ], + "default": {} }, "type": "array" }, @@ -318223,7 +273107,8 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ @@ -318232,20 +273117,152 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkNodePolicyList", + "group": "security.openshift.io", + "kind": "RangeAllocationList", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkNodeState": { - "description": "SriovNetworkNodeState is the Schema for the sriovnetworknodestates API", - "namespaced": true, + "security.openshift.io/v1/SecurityContextConstraints": { + "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext\nthat will be applied to a container.\nFor historical reasons SCC was exposed under the core Kubernetes API group.\nThat exposure is deprecated and will be removed in a future release - users\nshould instead use the security.openshift.io group to manage\nSecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { + "allowHostDirVolumePlugin": { + "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", + "type": "boolean" + }, + "allowHostIPC": { + "description": "allowHostIPC determines if the policy allows host ipc in the containers.", + "type": "boolean" + }, + "allowHostNetwork": { + "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", + "type": "boolean" + }, + "allowHostPID": { + "description": "allowHostPID determines if the policy allows host pid in the containers.", + "type": "boolean" + }, + "allowHostPorts": { + "description": "allowHostPorts determines if the policy allows host ports in the containers.", + "type": "boolean" + }, + "allowPrivilegeEscalation": { + "description": "allowPrivilegeEscalation determines if a pod can request to allow\nprivilege escalation. If unspecified, defaults to true.", + "nullable": true, + "type": "boolean" + }, + "allowPrivilegedContainer": { + "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", + "type": "boolean" + }, + "allowedCapabilities": { + "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container.\nCapabilities in this field maybe added at the pod author's discretion.\nYou must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.\nTo allow all capabilities you may use '*'.", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allowedFlexVolumes": { + "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all\nFlexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes\nis allowed in the \"Volumes\" field.", + "items": { + "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", + "properties": { + "driver": { + "description": "driver is the name of the Flexvolume driver.", + "type": "string" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allowedUnsafeSysctls": { + "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.\nEach entry is either a plain sysctl name or ends in \"*\" in which case it is considered\nas a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.\nKubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples:\ne.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc.\ne.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "defaultAddCapabilities": { + "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container\nunless the pod spec specifically drops the capability. You may not list a capabiility in both\nDefaultAddCapabilities and RequiredDropCapabilities.", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "defaultAllowPrivilegeEscalation": { + "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a\nprocess can gain more privileges than its parent process.", + "nullable": true, + "type": "boolean" + }, + "forbiddenSysctls": { + "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.\nEach entry is either a plain sysctl name or ends in \"*\" in which case it is considered\nas a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples:\ne.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc.\ne.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "fsGroup": { + "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", + "nullable": true, + "properties": { + "ranges": { + "description": "ranges are the allowed ranges of fs groups. If you would like to force a single\nfs group then supply a single range with the same start and end.", + "items": { + "description": "IDRange provides a min/max of an allowed range of IDs.", + "properties": { + "max": { + "description": "max is the end of the range, inclusive.", + "format": "int64", + "type": "integer" + }, + "min": { + "description": "min is the start of the range, inclusive.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "type": { + "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", + "type": "string" + } + }, + "type": "object" + }, + "groups": { + "description": "The groups that have permission to use this security context constraints", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -318258,435 +273275,180 @@ ], "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "spec": { - "description": "SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState", + "priority": { + "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for\na given pod request based on access in the Users and Groups fields. The higher the int, the\nhigher priority. An unset value is considered a 0 priority. If scores\nfor multiple SCCs are equal they will be sorted from most restrictive to\nleast restrictive. If both priorities and restrictions are equal the\nSCCs will be sorted by name.", + "format": "int32", + "nullable": true, + "type": "integer" + }, + "readOnlyRootFilesystem": { + "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file\nsystem. If the container specifically requests to run with a non-read only root file system\nthe SCC should deny the pod.\nIf set to false the container may run with a read only root file system if it wishes but it\nwill not be forced to.", + "type": "boolean" + }, + "requiredDropCapabilities": { + "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These\nare required to be dropped and cannot be added.", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "runAsUser": { + "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "nullable": true, "properties": { - "bridges": { - "description": "Bridges contains list of bridges", - "properties": { - "ovs": { - "items": { - "description": "OVSConfigExt contains configuration for the concrete OVS bridge", - "properties": { - "bridge": { - "description": "bridge-level configuration for the bridge", - "properties": { - "datapathType": { - "description": "configure datapath_type field in the Bridge table in OVSDB", - "type": "string" - }, - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "IDs to inject to external_ids field in the Bridge table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "additional options to inject to other_config field in the bridge table in OVSDB", - "type": "object" - } - }, - "type": "object" - }, - "name": { - "description": "name of the bridge", - "type": "string" - }, - "uplinks": { - "description": "uplink-level bridge configuration for each uplink(PF).\ncurrently must contain only one element", - "items": { - "description": "OVSUplinkConfigExt contains configuration for the concrete OVS uplink(PF)", - "properties": { - "interface": { - "description": "configuration from the Interface OVS table for the PF", - "properties": { - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "external_ids field in the Interface table in OVSDB", - "type": "object" - }, - "mtuRequest": { - "description": "mtu_request field in the Interface table in OVSDB", - "type": "integer" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options field in the Interface table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "other_config field in the Interface table in OVSDB", - "type": "object" - }, - "type": { - "description": "type field in the Interface table in OVSDB", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "name of the PF interface", - "type": "string" - }, - "pciAddress": { - "description": "pci address of the PF", - "type": "string" - } - }, - "required": [ - "pciAddress" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" + "type": { + "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "type": "string" }, - "interfaces": { - "items": { - "properties": { - "eSwitchMode": { - "type": "string" - }, - "externallyManaged": { - "type": "boolean" - }, - "linkType": { - "type": "string" - }, - "mtu": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "numVfs": { - "type": "integer" - }, - "pciAddress": { - "type": "string" - }, - "vfGroups": { - "items": { - "properties": { - "deviceType": { - "type": "string" - }, - "isRdma": { - "type": "boolean" - }, - "mtu": { - "type": "integer" - }, - "policyName": { - "type": "string" - }, - "resourceName": { - "type": "string" - }, - "vdpaType": { - "type": "string" - }, - "vfRange": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "pciAddress" - ], - "type": "object" - }, - "type": "array" + "uid": { + "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using\nnamespace/service account allocated uids.", + "format": "int64", + "type": "integer" }, - "system": { - "properties": { - "rdmaMode": { - "description": "RDMA subsystem. Allowed value \"shared\", \"exclusive\".", - "enum": [ - "shared", - "exclusive" - ], - "type": "string" - } - }, - "type": "object" + "uidRangeMax": { + "description": "uidRangeMax defines the max value for a strategy that allocates by range.", + "format": "int64", + "type": "integer" + }, + "uidRangeMin": { + "description": "uidRangeMin defines the min value for a strategy that allocates by range.", + "format": "int64", + "type": "integer" } }, "type": "object" }, - "status": { - "description": "SriovNetworkNodeStateStatus defines the observed state of SriovNetworkNodeState", + "seLinuxContext": { + "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", + "nullable": true, "properties": { - "bridges": { - "description": "Bridges contains list of bridges", + "seLinuxOptions": { + "description": "seLinuxOptions required to run as; required for MustRunAs", "properties": { - "ovs": { - "items": { - "description": "OVSConfigExt contains configuration for the concrete OVS bridge", - "properties": { - "bridge": { - "description": "bridge-level configuration for the bridge", - "properties": { - "datapathType": { - "description": "configure datapath_type field in the Bridge table in OVSDB", - "type": "string" - }, - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "IDs to inject to external_ids field in the Bridge table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "additional options to inject to other_config field in the bridge table in OVSDB", - "type": "object" - } - }, - "type": "object" - }, - "name": { - "description": "name of the bridge", - "type": "string" - }, - "uplinks": { - "description": "uplink-level bridge configuration for each uplink(PF).\ncurrently must contain only one element", - "items": { - "description": "OVSUplinkConfigExt contains configuration for the concrete OVS uplink(PF)", - "properties": { - "interface": { - "description": "configuration from the Interface OVS table for the PF", - "properties": { - "externalIDs": { - "additionalProperties": { - "type": "string" - }, - "description": "external_ids field in the Interface table in OVSDB", - "type": "object" - }, - "mtuRequest": { - "description": "mtu_request field in the Interface table in OVSDB", - "type": "integer" - }, - "options": { - "additionalProperties": { - "type": "string" - }, - "description": "options field in the Interface table in OVSDB", - "type": "object" - }, - "otherConfig": { - "additionalProperties": { - "type": "string" - }, - "description": "other_config field in the Interface table in OVSDB", - "type": "object" - }, - "type": { - "description": "type field in the Interface table in OVSDB", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "name of the PF interface", - "type": "string" - }, - "pciAddress": { - "description": "pci address of the PF", - "type": "string" - } - }, - "required": [ - "pciAddress" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" } }, "type": "object" }, - "interfaces": { + "type": { + "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfiles": { + "description": "seccompProfiles lists the allowed profiles that may be set for the pod or\ncontainer's seccomp annotations. An unset (nil) or empty value means that no profiles may\nbe specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When\nused to generate a value for a pod the first non-wildcard profile will be used as\nthe default.", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroups": { + "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", + "nullable": true, + "properties": { + "ranges": { + "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single\nsupplemental group then supply a single range with the same start and end.", "items": { + "description": "IDRange provides a min/max of an allowed range of IDs.", "properties": { - "Vfs": { - "items": { - "properties": { - "Vlan": { - "type": "integer" - }, - "assigned": { - "type": "string" - }, - "deviceID": { - "type": "string" - }, - "driver": { - "type": "string" - }, - "guid": { - "type": "string" - }, - "mac": { - "type": "string" - }, - "mtu": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "pciAddress": { - "type": "string" - }, - "representorName": { - "type": "string" - }, - "vdpaType": { - "type": "string" - }, - "vendor": { - "type": "string" - }, - "vfID": { - "type": "integer" - } - }, - "required": [ - "pciAddress", - "vfID" - ], - "type": "object" - }, - "type": "array" - }, - "deviceID": { - "type": "string" - }, - "driver": { - "type": "string" - }, - "eSwitchMode": { - "type": "string" - }, - "externallyManaged": { - "type": "boolean" - }, - "linkAdminState": { - "type": "string" - }, - "linkSpeed": { - "type": "string" - }, - "linkType": { - "type": "string" - }, - "mac": { - "type": "string" - }, - "mtu": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "netFilter": { - "type": "string" - }, - "numVfs": { + "max": { + "description": "max is the end of the range, inclusive.", + "format": "int64", "type": "integer" }, - "pciAddress": { - "type": "string" - }, - "totalvfs": { + "min": { + "description": "min is the start of the range, inclusive.", + "format": "int64", "type": "integer" - }, - "vendor": { - "type": "string" } }, - "required": [ - "pciAddress" - ], "type": "object" }, - "type": "array" - }, - "lastSyncError": { - "type": "string" - }, - "syncStatus": { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "system": { - "properties": { - "rdmaMode": { - "description": "RDMA subsystem. Allowed value \"shared\", \"exclusive\".", - "enum": [ - "shared", - "exclusive" - ], - "type": "string" - } - }, - "type": "object" + "type": { + "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", + "type": "string" } }, "type": "object" + }, + "userNamespaceLevel": { + "default": "AllowHostLevel", + "description": "userNamespaceLevel determines if the policy allows host users in containers.\nValid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted.\nWhen \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`.\nWhen \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`.\nWhen omitted, the default value is \"AllowHostLevel\".", + "enum": [ + "AllowHostLevel", + "RequirePodLevel" + ], + "type": "string" + }, + "users": { + "description": "The users who have permissions to use this security context constraints", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumes": { + "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names\nof a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\".\nTo allow no volumes, set to [\"none\"].", + "items": { + "description": "FS Type gives strong typing to different file systems that are used by volumes.", + "type": "string" + }, + "nullable": true, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [], + "required": [ + "allowHostDirVolumePlugin", + "allowHostIPC", + "allowHostNetwork", + "allowHostPID", + "allowHostPorts", + "allowPrivilegedContainer", + "allowedCapabilities", + "defaultAddCapabilities", + "priority", + "readOnlyRootFilesystem", + "requiredDropCapabilities", + "volumes" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkNodeState", + "group": "security.openshift.io", + "kind": "SecurityContextConstraints", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkNodeStateList": { - "description": "SriovNetworkNodeStateList is a list of SriovNetworkNodeState", + "security.openshift.io/v1/SecurityContextConstraintsList": { + "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints", "namespaced": true, "properties": { "apiVersion": { @@ -318694,9 +273456,9 @@ "type": "string" }, "items": { - "description": "List of sriovnetworknodestates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of securitycontextconstraints. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovNetworkNodeState" + "$ref": "#/components/schemas/io.openshift.security.v1.SecurityContextConstraints" }, "type": "array" }, @@ -318719,14 +273481,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkNodeStateList", + "group": "security.openshift.io", + "kind": "SecurityContextConstraintsList", "version": "v1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkPoolConfig": { - "description": "SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs API", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineRestore": { + "description": "VirtualMachineRestore defines the operation of restoring a VM", "namespaced": true, "properties": { "apiVersion": { @@ -318746,103 +273508,185 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig", + "description": "VirtualMachineRestoreSpec is the spec for a VirtualMachineRestore resource", "properties": { - "maxUnavailable": { - "anyOf": [ - { - "type": "integer" + "patches": { + "description": "If the target for the restore does not exist, it will be created. Patches holds JSON patches that would be\napplied to the target manifest before it's created. Patches should fit the target's Kind.\n\nExample for a patch: {\"op\": \"replace\", \"path\": \"/metadata/name\", \"value\": \"new-vm-name\"}", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "target": { + "description": "initially only VirtualMachine type supported", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - { + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", "type": "string" } + }, + "required": [ + "kind", + "name" ], - "description": "maxUnavailable defines either an integer number or percentage\nof nodes in the pool that can go Unavailable during an update.\n\n\nA value larger than 1 will mean multiple nodes going unavailable during\nthe update, which may affect your workload stress on the remaining nodes.\nDrain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,\neven if maxUnavailable is greater than one.", - "x-kubernetes-int-or-string": true + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "nodeSelector": { - "description": "nodeSelector specifies a label selector for Nodes", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "targetReadinessPolicy": { + "description": "TargetReadinessPolicy defines how to handle the restore in case\nthe target is not ready", + "type": "string" + }, + "virtualMachineSnapshotName": { + "type": "string" + }, + "volumeRestoreOverrides": { + "description": "VolumeRestoreOverrides gives the option to change properties of each restored volume\nFor example, specifying the name of the restored volume, or adding labels/annotations to it", + "items": { + "description": "VolumeRestoreOverride specifies how a volume should be restored from a VirtualMachineSnapshot", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "restoreName": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "ovsHardwareOffloadConfig": { - "description": "OvsHardwareOffloadConfig describes the OVS HWOL configuration for selected Nodes", - "properties": { - "name": { - "description": "Name is mandatory and must be unique.\nOn Kubernetes:\nName is the name of OvsHardwareOffloadConfig\nOn OpenShift:\nName is the name of MachineConfigPool to be enabled with OVS hardware offload", - "type": "string" - } + "volumeName": { + "type": "string" + } + }, + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "rdmaMode": { - "description": "RDMA subsystem. Allowed value \"shared\", \"exclusive\".", - "enum": [ - "shared", - "exclusive" - ], + "volumeRestorePolicy": { + "description": "VolumeRestorePolicy defines how to handle the restore of snapshotted volumes", "type": "string" } }, + "required": [ + "target", + "virtualMachineSnapshotName" + ], "type": "object" }, "status": { - "description": "SriovNetworkPoolConfigStatus defines the observed state of SriovNetworkPoolConfig", + "description": "VirtualMachineRestoreStatus is the status for a VirtualMachineRestore resource", + "properties": { + "complete": { + "type": "boolean" + }, + "conditions": { + "items": { + "description": "Condition defines conditions", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the const type for Conditions", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "deletedDataVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "restoreTime": { + "format": "date-time", + "type": "string" + }, + "restores": { + "items": { + "description": "VolumeRestore contains the data needed to restore a PVC", + "properties": { + "dataVolumeName": { + "type": "string" + }, + "persistentVolumeClaim": { + "type": "string" + }, + "volumeName": { + "type": "string" + }, + "volumeSnapshotName": { + "type": "string" + } + }, + "required": [ + "persistentVolumeClaim", + "volumeName", + "volumeSnapshotName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkPoolConfig", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineRestore", + "version": "v1alpha1" } ] }, - "sriovnetwork.openshift.io/v1/SriovNetworkPoolConfigList": { - "description": "SriovNetworkPoolConfigList is a list of SriovNetworkPoolConfig", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineRestoreList": { + "description": "VirtualMachineRestoreList is a list of VirtualMachineRestore", "namespaced": true, "properties": { "apiVersion": { @@ -318850,9 +273694,9 @@ "type": "string" }, "items": { - "description": "List of sriovnetworkpoolconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of virtualmachinerestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovNetworkPoolConfig" + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineRestore" }, "type": "array" }, @@ -318875,14 +273719,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovNetworkPoolConfigList", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineRestoreList", + "version": "v1alpha1" } ] }, - "sriovnetwork.openshift.io/v1/SriovOperatorConfig": { - "description": "SriovOperatorConfig is the Schema for the sriovoperatorconfigs API", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshot": { + "description": "VirtualMachineSnapshot defines the operation of snapshotting a VM", "namespaced": true, "properties": { "apiVersion": { @@ -318902,137 +273746,163 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig", + "description": "VirtualMachineSnapshotSpec is the spec for a VirtualMachineSnapshot resource", "properties": { - "configDaemonNodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector selects the nodes to be configured", - "type": "object" + "deletionPolicy": { + "description": "DeletionPolicy defines that to do with VirtualMachineSnapshot\nwhen VirtualMachineSnapshot is deleted", + "type": "string" }, - "configurationMode": { - "description": "Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot\nDefault mode: daemon", - "enum": [ - "daemon", - "systemd" + "failureDeadline": { + "description": "This time represents the number of seconds we permit the vm snapshot\nto take. In case we pass this deadline we mark this snapshot\nas failed.\nDefaults to DefaultFailureDeadline - 5min", + "type": "string" + }, + "source": { + "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "status": { + "description": "VirtualMachineSnapshotStatus is the status for a VirtualMachineSnapshot resource", + "properties": { + "conditions": { + "items": { + "description": "Condition defines conditions", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the const type for Conditions", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "creationTime": { + "format": "date-time", + "nullable": true, "type": "string" }, - "disableDrain": { - "description": "Flag to disable nodes drain during debugging", - "type": "boolean" + "error": { + "description": "Error is the last error encountered during the snapshot/restore", + "properties": { + "message": { + "type": "string" + }, + "time": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" }, - "disablePlugins": { - "description": "DisablePlugins is a list of sriov-network-config-daemon plugins to disable", + "indications": { "items": { - "description": "PluginNameValue defines the plugin name", - "enum": [ - "mellanox" - ], + "description": "Indication is a way to indicate the state of the vm when taking the snapshot", "type": "string" }, - "type": "array" - }, - "enableInjector": { - "description": "Flag to control whether the network resource injector webhook shall be deployed", - "type": "boolean" + "type": "array", + "x-kubernetes-list-type": "set" }, - "enableOperatorWebhook": { - "description": "Flag to control whether the operator admission controller webhook shall be deployed", - "type": "boolean" + "phase": { + "description": "VirtualMachineSnapshotPhase is the current phase of the VirtualMachineSnapshot", + "type": "string" }, - "enableOvsOffload": { - "description": "Flag to enable OVS hardware offload. Set to 'true' to provision switchdev-configuration.service and enable OpenvSwitch hw-offload on nodes.", + "readyToUse": { "type": "boolean" }, - "featureGates": { - "additionalProperties": { - "type": "boolean" + "snapshotVolumes": { + "description": "SnapshotVolumesLists includes the list of volumes which were included in the snapshot and volumes which were excluded from the snapshot", + "properties": { + "excludedVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "includedVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } }, - "description": "FeatureGates to enable experimental features", "type": "object" }, - "logLevel": { - "description": "Flag to control the log verbose level of the operator. Set to '0' to show only the basic logs. And set to '2' to show all the available logs.", - "maximum": 2, - "minimum": 0, - "type": "integer" - }, - "useCDI": { - "description": "Flag to enable Container Device Interface mode for SR-IOV Network Device Plugin", - "type": "boolean" - } - }, - "type": "object" - }, - "status": { - "description": "SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig", - "properties": { - "injector": { - "description": "Show the runtime status of the network resource injector webhook", + "sourceUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" }, - "operatorWebhook": { - "description": "Show the runtime status of the operator admission controller webhook", + "virtualMachineSnapshotContentName": { "type": "string" } }, "type": "object" } }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "sriovnetwork.openshift.io", - "kind": "SriovOperatorConfig", - "version": "v1" - } - ] - }, - "sriovnetwork.openshift.io/v1/SriovOperatorConfigList": { - "description": "SriovOperatorConfigList is a list of SriovOperatorConfig", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of sriovoperatorconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.openshift.sriovnetwork.v1.SriovOperatorConfig" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "sriovnetwork.openshift.io", - "kind": "SriovOperatorConfigList", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshot", + "version": "v1alpha1" } ] }, - "ssp.kubevirt.io/v1beta2/SSP": { - "description": "SSP is the Schema for the ssps API", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotContent": { + "description": "VirtualMachineSnapshotContent contains the snapshot data", "namespaced": true, "properties": { "apiVersion": { @@ -319052,2963 +273922,3304 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "SSPSpec defines the desired state of SSP", + "description": "VirtualMachineSnapshotContentSpec is the spec for a VirtualMachineSnapshotContent resource", "properties": { - "commonInstancetypes": { - "description": "CommonInstancetypes is ignored.\nDeprecated: This field is ignored.", - "properties": { - "url": { - "description": "URL of a remote Kustomize target from which to generate and deploy resources.\n\nThe following caveats apply to the provided URL:\n\n* Only 'https://' and 'git://' URLs are supported.\n\n* The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific\n reference. It is recommended that the reference be a specific commit or tag\n to ensure the generated contents does not change over time. As such it is\n recommended not to use branches as the ref for the time being.\n\n* Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype\n resources generated from the URL are deployed by the operand.\n\nSee the following Kustomize documentation for more details:\n\nremote targets\nhttps://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md", - "type": "string" - } - }, - "type": "object" - }, - "commonTemplates": { - "description": "CommonTemplates is the configuration of the common templates operand", + "source": { + "description": "SourceSpec contains the appropriate spec for the resource being snapshotted", "properties": { - "dataImportCronTemplates": { - "description": "DataImportCronTemplates defines a list of DataImportCrons managed by the SSP\nOperator. This is intended for images used by CommonTemplates.", - "items": { - "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "virtualMachine": { + "properties": { + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineSpec contains the VirtualMachine specification.", + "properties": { + "dataVolumeTemplates": { + "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", + "items": { + "nullable": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "DataVolumeSpec contains the DataVolume specification.", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } + }, + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", + "nullable": true, + "type": "object" + } }, + "required": [ + "spec" + ], "type": "object" }, - "finalizers": { - "items": { + "type": "array" + }, + "instancetype": { + "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", "type": "string" }, - "type": "array" - }, - "labels": { - "additionalProperties": { + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", "type": "string" }, - "type": "object" - }, - "name": { - "type": "string" + "kind": { + "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } }, - "namespace": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "spec": { - "description": "DataImportCronSpec defines specification for DataImportCron", - "properties": { - "garbageCollect": { - "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", - "type": "string" - }, - "importsToKeep": { - "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", - "format": "int32", - "type": "integer" - }, - "managedDataSource": { - "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", - "type": "string" - }, - "retentionPolicy": { - "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", - "type": "string" - }, - "schedule": { - "description": "Schedule specifies in cron format when and how often to look for new imports", - "type": "string" + "preference": { + "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", + "type": "string" + }, + "kind": { + "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } }, - "template": { - "description": "Template specifies template for the DVs to be created", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "type": "object" + }, + "runStrategy": { + "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running\nFollowing are allowed values:\n- \"Always\": VMI should always be running.\n- \"Halted\": VMI should never be running.\n- \"Manual\": VMI can be started/stopped using API endpoints.\n- \"RerunOnFailure\": VMI will initially be running and restarted if a failure occurs, but will not be restarted upon successful completion.\n- \"Once\": VMI will run once and not be restarted upon completion regardless if the completion is of phase Failure or Success.", + "type": "string" + }, + "running": { + "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", + "type": "boolean" + }, + "template": { + "description": "Template is the direct specification of VirtualMachineInstance", + "properties": { + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", + "properties": { + "accessCredentials": { + "description": "Specifies a set of public keys to inject into the vm guest", + "items": { + "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", + "properties": { + "sshPublicKey": { + "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", + "properties": { + "propagationMethod": { + "description": "PropagationMethod represents how the public key is injected into the vm guest.", + "properties": { + "configDrive": { + "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", + "type": "object" + }, + "noCloud": { + "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", + "type": "object" + }, + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", + "properties": { + "users": { + "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "users" + ], + "type": "object" + } + }, + "type": "object" + }, + "source": { + "description": "Source represents where the public keys are pulled from", + "properties": { + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } + }, + "required": [ + "secretName" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "propagationMethod", + "source" + ], + "type": "object" + }, + "userPassword": { + "description": "UserPassword represents the source and method for applying a guest user's\npassword", + "properties": { + "propagationMethod": { + "description": "propagationMethod represents how the user passwords are injected into the vm guest.", + "properties": { + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", + "type": "object" + } + }, + "type": "object" + }, + "source": { + "description": "Source represents where the user passwords are pulled from", + "properties": { + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } + }, + "required": [ + "secretName" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "propagationMethod", + "source" + ], + "type": "object" + } }, "type": "object" }, - "finalizers": { - "items": { - "type": "string" + "maxItems": 256, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "affinity": { + "description": "If affinity is specifies, obey all the affinity rules", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "current", - "previous" - ], "type": "object" - }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" + } }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" + }, + "architecture": { + "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", + "type": "string" + }, + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", + "items": { + "type": "string" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, "name": { - "description": "Name is the name of resource being referenced", + "description": "Name is this DNS resolver option's name.\nRequired.", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "value": { + "description": "Value is this DNS resolver option's value.", "type": "string" } }, - "required": [ - "kind", - "name" - ], "type": "object" }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "string" + }, + "domain": { + "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", + "properties": { + "chassis": { + "description": "Chassis specifies the chassis info passed to the domain.", + "properties": { + "asset": { + "type": "string" + }, + "manufacturer": { + "type": "string" + }, + "serial": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "clock": { + "description": "Clock sets the clock and timers of the vmi.", + "properties": { + "timer": { + "description": "Timer specifies whih timers are attached to the vmi.", + "properties": { + "hpet": { + "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" }, - { + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", "type": "string" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "hyperv": { + "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "kvm": { + "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "pit": { + "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" }, - { + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", "type": "string" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "rtc": { + "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "track": { + "description": "Track the guest or the wall clock.", + "type": "string" } }, - "required": [ - "key", - "operator" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } + "timezone": { + "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", + "type": "string" }, - "required": [ - "url" - ], - "type": "object" - }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { - "type": "string" - }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" + "utc": { + "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", + "properties": { + "offsetSeconds": { + "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", + "type": "integer" + } }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" + "type": "object" + } }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" - }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "cpu": { + "description": "CPU allow specified the detailed CPU topology inside the vmi.", + "properties": { + "cores": { + "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" }, - "required": [ - "diskId", - "url" - ], - "type": "object" - }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } + "dedicatedCpuPlacement": { + "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", + "type": "boolean" }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" - }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", - "type": "string" - }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", + "features": { + "description": "Features specifies the CPU features list inside the VMI.", + "items": { + "description": "CPUFeature allows specifying a CPU feature.", "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", + "name": { + "description": "Name of the CPU feature", + "type": "string" + }, + "policy": { + "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } + "isolateEmulatorThread": { + "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", + "type": "boolean" }, - "required": [ - "url" - ], - "type": "object" - }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", - "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", - "type": "string" - } + "maxSockets": { + "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", + "format": "int32", + "type": "integer" }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" - }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", - "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "extraArgs": { - "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" + "model": { + "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", + "type": "string" + }, + "numa": { + "description": "NUMA allows specifying settings for the guest NUMA topology", + "properties": { + "guestMappingPassthrough": { + "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", + "type": "object" + } }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", - "type": "string" + "type": "object" + }, + "realtime": { + "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", + "properties": { + "mask": { + "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", + "type": "string" + } }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", - "type": "string" - } + "type": "object" }, - "type": "object" - } - }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" + "sockets": { + "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + }, + "threads": { + "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + } }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } + "type": "object" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" + "devices": { + "description": "Devices allows adding disks, network interfaces, and others", + "properties": { + "autoattachGraphicsDevice": { + "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", + "type": "boolean" }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "autoattachInputDevice": { + "description": "Whether to attach an Input Device.\nDefaults to false.", + "type": "boolean" + }, + "autoattachMemBalloon": { + "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", + "type": "boolean" + }, + "autoattachPodInterface": { + "description": "Whether to attach a pod network interface. Defaults to true.", + "type": "boolean" + }, + "autoattachSerialConsole": { + "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", + "type": "boolean" + }, + "autoattachVSOCK": { + "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", + "type": "boolean" + }, + "blockMultiQueue": { + "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", + "type": "boolean" + }, + "clientPassthrough": { + "description": "To configure and access client devices such as redirecting USB", + "type": "object" + }, + "disableHotplug": { + "description": "DisableHotplug disabled the ability to hotplug disks.", + "type": "boolean" + }, + "disks": { + "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", + "items": { + "properties": { + "blockSize": { + "description": "If specified, the virtual disk will be presented with the given block sizes.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", + "type": "integer" + }, + "cache": { + "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "type": "string" + }, + "cdrom": { + "description": "Attach a volume as a cdrom to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to true.", + "type": "boolean" + }, + "tray": { + "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + "type": "string" + } + }, + "type": "object" + }, + "dedicatedIOThread": { + "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", + "type": "boolean" + }, + "disk": { + "description": "Attach a volume as a disk to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", + "type": "string" + }, + "pciAddress": { + "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "errorPolicy": { + "description": "If specified, it can change the default error policy (stop) for the disk", + "type": "string" + }, + "io": { + "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "string" + }, + "lun": { + "description": "Attach a volume as a LUN to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + }, + "reservation": { + "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", + "type": "boolean" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "serial": { + "description": "Serial provides the ability to specify a serial number for the disk device.", + "type": "string" + }, + "shareable": { + "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", + "type": "boolean" + }, + "tag": { + "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } + "maxItems": 256, + "type": "array" }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" + "downwardMetrics": { + "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", + "type": "object" + }, + "filesystems": { + "description": "Filesystems describes filesystem which is connected to the vmi.", + "items": { + "properties": { + "name": { + "description": "Name is the device name", + "type": "string" + }, + "virtiofs": { + "description": "Virtiofs is supported", + "type": "object" + } + }, + "required": [ + "name", + "virtiofs" + ], + "type": "object" }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gpus": { + "description": "Whether to attach a GPU device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "description": "Name of the GPU device as exposed by a device plugin", + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + }, + "virtualGPUOptions": { + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "hostDevices": { + "description": "Whether to attach a host device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "inputs": { + "description": "Inputs describe input devices", + "items": { + "properties": { + "bus": { + "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", + "type": "string" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "type": { + "description": "Type indicated the type of input device.\nSupported values: tablet.", + "type": "string" + } }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "required": [ + "name", + "type" + ], "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "array" }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "interfaces": { + "description": "Interfaces describe network interfaces which are added to the vmi.", + "items": { + "properties": { + "acpiIndex": { + "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", + "type": "integer" + }, + "binding": { + "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", + "properties": { + "name": { + "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", + "type": "string" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "required": [ + "name" + ], + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", + "type": "integer" + }, + "bridge": { + "description": "InterfaceBridge connects to a given network via a linux bridge.", + "type": "object" + }, + "dhcpOptions": { + "description": "If specified the network interface will pass additional DHCP options to the VMI", + "properties": { + "bootFileName": { + "description": "If specified will pass option 67 to interface's DHCP server", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "ntpServers": { + "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", + "items": { + "type": "string" + }, + "type": "array" + }, + "privateOptions": { + "description": "If specified will pass extra DHCP options for private use, range: 224-254", + "items": { + "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", + "properties": { + "option": { + "description": "Option is an Integer value from 224-254\nRequired.", + "type": "integer" + }, + "value": { + "description": "Value is a String value for the Option provided\nRequired.", + "type": "string" + } + }, + "required": [ + "option", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "tftpServerName": { + "description": "If specified will pass option 66 to interface's DHCP server", + "type": "string" + } + }, + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "macAddress": { + "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", + "type": "string" + }, + "macvtap": { + "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "masquerade": { + "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", + "type": "object" + }, + "model": { + "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", + "type": "string" + }, + "name": { + "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", + "type": "string" + }, + "passt": { + "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "pciAddress": { + "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "ports": { + "description": "List of ports to be forwarded to the virtual machine.", + "items": { + "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", + "properties": { + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "port": { + "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "type": "array" + }, + "slirp": { + "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", + "type": "object" + }, + "sriov": { + "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", + "type": "object" + }, + "state": { + "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "name" + ], "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" - }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeStatus contains the current status of the DataVolume", - "properties": { - "claimName": { - "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", - "type": "string" - }, - "conditions": { - "items": { - "description": "DataVolumeCondition represents the state of a data volume condition.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" + }, + "maxItems": 256, + "type": "array" }, - "reason": { - "type": "string" + "logSerialConsole": { + "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", + "type": "boolean" }, - "status": { - "type": "string" + "networkInterfaceMultiqueue": { + "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", + "type": "boolean" }, - "type": { - "description": "DataVolumeConditionType is the string representation of known condition types", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "phase": { - "description": "Phase is the current phase of the data volume", - "type": "string" - }, - "progress": { - "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", - "type": "string" - }, - "restartCount": { - "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "required": [ - "managedDataSource", - "schedule", - "template" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "type": "array" - }, - "namespace": { - "description": "Namespace is the k8s namespace where CommonTemplates should be installed", - "maxLength": 63, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - } - }, - "required": [ - "namespace" - ], - "type": "object" - }, - "featureGates": { - "description": "FeatureGates for SSP", - "properties": { - "deployCommonInstancetypes": { - "description": "Deprecated: This field is ignored.", - "type": "boolean" - }, - "deployTektonTaskResources": { - "description": "Deprecated: This field is ignored.", - "type": "boolean" - }, - "deployVmConsoleProxy": { - "description": "Deprecated: This field is ignored.", - "type": "boolean" - } - }, - "type": "object" - }, - "tektonPipelines": { - "description": "TektonPipelines is the configuration of the tekton-pipelines operand\nDeprecated: This field is ignored.", - "properties": { - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "tektonTasks": { - "description": "TektonTasks is the configuration of the tekton-tasks operand\nDeprecated: This field is ignored.", - "properties": { - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "templateValidator": { - "description": "TemplateValidator is configuration of the template validator operand", - "properties": { - "placement": { - "description": "Placement describes the node scheduling configuration", - "properties": { - "affinity": { - "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "panicDevices": { + "description": "PanicDevices provides additional crash information when a guest crashes.", + "items": { + "properties": { + "model": { + "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + } + }, + "type": "object" }, - "required": [ - "key", - "operator" - ], + "type": "array" + }, + "rng": { + "description": "Whether to have random number generator from host", "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "sound": { + "description": "Whether to emulate a sound device.", "properties": { - "key": { - "description": "The label key that the selector applies to.", + "model": { + "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", "type": "string" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "name": { + "description": "User's defined name for this sound device", "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "tpm": { + "description": "Whether to emulate a TPM device.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" + "enabled": { + "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", + "type": "boolean" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "persistent": { + "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", + "type": "boolean" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "useVirtioTransitional": { + "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", + "type": "boolean" + }, + "video": { + "description": "Video describes the video device configuration for the vmi.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": { + "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "watchdog": { + "description": "Watchdog describes a watchdog device which can be added to the vmi.", + "properties": { + "diag288": { + "description": "diag288 watchdog device (specific to s390x architecture).", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "i6300esb": { + "description": "i6300esb watchdog device.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "name": { + "description": "Name of the watchdog.", "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } }, "required": [ - "key", - "operator" + "name" ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "features": { + "description": "Features like acpi, apic, hyperv, smm.", + "properties": { + "acpi": { + "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "apic": { + "description": "Defaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "endOfInterrupt": { + "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "hyperv": { + "description": "Defaults to the machine type setting.", + "properties": { + "evmcs": { + "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "frequencies": { + "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "ipi": { + "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reenlightenment": { + "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "relaxed": { + "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reset": { + "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime": { + "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "spinlocks": { + "description": "Spinlocks allows to configure the spinlock retry attempts.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "spinlocks": { + "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "synic": { + "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "synictimer": { + "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", + "properties": { + "direct": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "enabled": { + "type": "boolean" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "tlbflush": { + "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "vapic": { + "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "vendorid": { + "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "vendorid": { + "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", + "type": "string" + } + }, + "type": "object" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "vpindex": { + "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "hypervPassthrough": { + "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "enabled": { + "type": "boolean" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "kvm": { + "description": "Configure how KVM presence is exposed to the guest.", + "properties": { + "hidden": { + "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "replicas": { - "default": 2, - "description": "Replicas is the number of replicas of the template validator pod", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile is a configuration for the TLS.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - }, - "tokenGenerationService": { - "description": "TokenGenerationService configures the service for generating tokens to access VNC for a VM.", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "commonTemplates" - ], - "type": "object" - }, - "status": { - "description": "SSPStatus defines the observed state of SSP", - "properties": { - "conditions": { - "description": "A list of current conditions of the resource", - "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { - "type": "string" - }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", - "type": "string" - } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "ObservedGeneration is the latest generation observed by the operator.", - "format": "int64", - "type": "integer" - }, - "observedVersion": { - "description": "The observed version of the resource", - "type": "string" - }, - "operatorVersion": { - "description": "The version of the resource as defined by the operator", - "type": "string" - }, - "paused": { - "description": "Paused is true when the operator notices paused annotation.", - "type": "boolean" - }, - "phase": { - "description": "Phase is the current phase of the deployment", - "type": "string" - }, - "targetVersion": { - "description": "The desired version of the resource", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ssp.kubevirt.io", - "kind": "SSP", - "version": "v1beta2" - } - ] - }, - "ssp.kubevirt.io/v1beta2/SSPList": { - "description": "SSPList is a list of SSP", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ssps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.ssp.v1beta2.SSP" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ssp.kubevirt.io", - "kind": "SSPList", - "version": "v1beta2" - } - ] - }, - "ssp.kubevirt.io/v1beta3/SSP": { - "description": "SSP is the Schema for the ssps API", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "description": "SSPSpec defines the desired state of SSP", - "properties": { - "cluster": { - "description": "Cluster specifies what node architectures are present in the cluster.", - "properties": { - "controlPlaneArchitectures": { - "description": "ControlPlaneArchitectures is a list of control plane architectures supported by the cluster", - "items": { - "type": "string" - }, - "type": "array" - }, - "workloadArchitectures": { - "description": "WorkloadArchitectures is a list of workload architectures supported by the cluster", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "commonTemplates": { - "description": "CommonTemplates is the configuration of the common templates operand", - "properties": { - "dataImportCronTemplates": { - "description": "DataImportCronTemplates defines a list of DataImportCrons managed by the SSP Operator.", - "items": { - "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataImportCronSpec defines specification for DataImportCron", - "properties": { - "garbageCollect": { - "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", - "type": "string" - }, - "importsToKeep": { - "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", - "format": "int32", - "type": "integer" - }, - "managedDataSource": { - "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", - "type": "string" - }, - "retentionPolicy": { - "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", - "type": "string" - }, - "schedule": { - "description": "Schedule specifies in cron format when and how often to look for new imports", - "type": "string" - }, - "template": { - "description": "Template specifies template for the DVs to be created", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "description": "DataVolumeSpec defines the DataVolume type specification", - "properties": { - "checkpoints": { - "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", - "items": { - "description": "DataVolumeCheckpoint defines a stage in a warm migration.", - "properties": { - "current": { - "description": "Current is the identifier of the snapshot created for this checkpoint.", - "type": "string" + "pvspinlock": { + "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" }, - "previous": { - "description": "Previous is the identifier of the snapshot from the previous checkpoint.", - "type": "string" + "smm": { + "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" } }, - "required": [ - "current", - "previous" - ], "type": "object" }, - "type": "array" - }, - "contentType": { - "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", - "enum": [ - "kubevirt", - "archive" - ], - "type": "string" - }, - "finalCheckpoint": { - "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", - "type": "boolean" - }, - "preallocation": { - "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", - "type": "boolean" - }, - "priorityClassName": { - "description": "PriorityClassName for Importer, Cloner and Uploader pod", - "type": "string" - }, - "pvc": { - "description": "PVC is the PVC specification", - "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" + "firmware": { + "description": "Firmware.", + "properties": { + "acpi": { + "description": "Information that can be set in the ACPI table", + "properties": { + "msdmNameRef": { + "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", + "type": "string" + }, + "slicNameRef": { + "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", + "type": "string" + } }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + "type": "object" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" + "bootloader": { + "description": "Settings to control the bootloader that is used.", + "properties": { + "bios": { + "description": "If set (default), BIOS will be used.", + "properties": { + "useSerial": { + "description": "If set, the BIOS output will be transmitted over serial", + "type": "boolean" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "efi": { + "description": "If set, EFI will be used instead of BIOS.", + "properties": { + "persistent": { + "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", + "type": "boolean" }, - { - "type": "string" + "secureBoot": { + "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", + "type": "boolean" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + }, + "type": "object" + } + }, + "type": "object" }, - "type": "object" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "kernelBoot": { + "description": "Settings to set the kernel for booting.", + "properties": { + "container": { + "description": "Container defines the container that containes kernel artifacts", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "image": { + "description": "Image that contains initrd / kernel files.", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "initrdPath": { + "description": "the fully-qualified path to the ramdisk image in the host OS", + "type": "string" + }, + "kernelPath": { + "description": "The fully-qualified path to the kernel image in the host OS", + "type": "string" } }, "required": [ - "key", - "operator" + "image" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + "kernelArgs": { + "description": "Arguments to be passed to the kernel at boot time", "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + } + }, + "type": "object" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "serial": { + "description": "The system-serial-number in SMBIOS", + "type": "string" + }, + "uuid": { + "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", + "type": "string" + } }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "source": { - "description": "Source is the src of the data for the requested DataVolume", - "properties": { - "blank": { - "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", - "type": "object" - }, - "gcs": { - "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", - "properties": { - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the GCS source", - "type": "string" - }, - "url": { - "description": "URL is the url of the GCS source", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" + "ioThreads": { + "description": "IOThreads specifies the IOThreads options.", + "properties": { + "supplementalPoolThreadCount": { + "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", + "format": "int32", + "type": "integer" + } }, - "http": { - "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "extraHeaders": { - "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", - "items": { - "type": "string" + "type": "object" + }, + "ioThreadsPolicy": { + "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", + "type": "string" + }, + "launchSecurity": { + "description": "Launch Security setting of the vmi.", + "properties": { + "sev": { + "description": "AMD Secure Encrypted Virtualization (SEV).", + "properties": { + "attestation": { + "description": "If specified, run the attestation process for a vmi.", + "type": "object" }, - "type": "array" - }, - "secretExtraHeaders": { - "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", - "items": { + "dhCert": { + "description": "Base64 encoded guest owner's Diffie-Hellman key.", "type": "string" }, - "type": "array" - }, - "secretRef": { - "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", - "type": "string" + "policy": { + "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", + "properties": { + "encryptedState": { + "description": "SEV-ES is required.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "session": { + "description": "Base64 encoded session blob.", + "type": "string" + } }, - "url": { - "description": "URL is the URL of the http(s) endpoint", - "type": "string" - } - }, - "required": [ - "url" - ], - "type": "object" + "type": "object" + } }, - "imageio": { - "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the CA cert", - "type": "string" - }, - "diskId": { - "description": "DiskID provides id of a disk to be imported", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the ovirt-engine", - "type": "string" + "type": "object" + }, + "machine": { + "description": "Machine type.", + "properties": { + "type": { + "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "memory": { + "description": "Memory allow specifying the VMI memory features.", + "properties": { + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "hugepages": { + "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", + "properties": { + "pageSize": { + "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "type": "string" + } }, - "url": { - "description": "URL is the URL of the ovirt-engine", - "type": "string" - } + "type": "object" }, - "required": [ - "diskId", - "url" - ], - "type": "object" + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } }, - "pvc": { - "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", - "properties": { - "name": { - "description": "The name of the source PVC", - "type": "string" + "type": "object" + }, + "resources": { + "description": "Resources describes the Compute Resources required by this vmi.", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "namespace": { - "description": "The namespace of the source PVC", - "type": "string" - } + "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "registry": { - "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap provides a reference to the Registry certs", - "type": "string" + "overcommitGuestOverhead": { + "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", + "type": "boolean" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "imageStream": { - "description": "ImageStream is the name of image stream for import", + "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "devices" + ], + "type": "object" + }, + "evictionStrategy": { + "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", + "type": "string" + }, + "hostname": { + "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", + "type": "string" + }, + "livenessProbe": { + "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "platform": { - "description": "Platform describes the minimum runtime requirements of the image", + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { - "architecture": { - "description": "Architecture specifies the image target CPU architecture", + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "pullMethod": { - "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the Registry source", - "type": "string" - }, - "url": { - "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "s3": { - "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", - "properties": { - "certConfigMap": { - "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides the secret reference needed to access the S3 source", - "type": "string" - }, - "url": { - "description": "URL is the url of the S3 source", - "type": "string" - } + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" }, - "required": [ - "url" - ], - "type": "object" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } }, - "snapshot": { - "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "networks": { + "description": "List of networks that can be attached to a vm's virtual interface.", + "items": { + "description": "Network represents a network type and a resource that should be connected to the vm.", + "properties": { + "multus": { + "description": "Represents the multus cni network.", "properties": { - "name": { - "description": "The name of the source VolumeSnapshot", - "type": "string" + "default": { + "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", + "type": "boolean" }, - "namespace": { - "description": "The namespace of the source VolumeSnapshot", + "networkName": { + "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", "type": "string" } }, "required": [ - "name", - "namespace" + "networkName" ], "type": "object" }, - "upload": { - "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", - "type": "object" + "name": { + "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" }, - "vddk": { - "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "pod": { + "description": "Represents the stock pod network interface.", "properties": { - "backingFile": { - "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", - "type": "string" - }, - "extraArgs": { - "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", - "type": "string" - }, - "initImageURL": { - "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", - "type": "string" - }, - "secretRef": { - "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", - "type": "string" - }, - "thumbprint": { - "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", - "type": "string" - }, - "url": { - "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "vmIPv6NetworkCIDR": { + "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", "type": "string" }, - "uuid": { - "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "vmNetworkCIDR": { + "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", "type": "string" } }, "type": "object" } }, - "type": "object" - }, - "sourceRef": { - "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", - "properties": { - "kind": { - "description": "The kind of the source reference, currently only \"DataSource\" is supported", - "type": "string" - }, - "name": { - "description": "The name of the source reference", - "type": "string" - }, - "namespace": { - "description": "The namespace of the source reference, defaults to the DataVolume namespace", - "type": "string" - } - }, "required": [ - "kind", "name" ], "type": "object" }, - "storage": { - "description": "Storage is the requested storage specification", - "properties": { - "accessModes": { - "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "items": { - "type": "string" - }, - "type": "array" - }, - "dataSource": { - "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", + "maxItems": 256, + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", + "type": "string" + }, + "readinessProbe": { + "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { "type": "string" }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "dataSourceRef": { - "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" - } + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "resources": { - "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "properties": { - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "required": [ + "name", + "value" + ], "type": "object" }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - }, - "selector": { - "description": "A label query over volumes to consider for binding.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { + { "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "storageClassName": { - "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", - "type": "string" + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "volumeName": { - "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } + "required": [ + "port" + ], + "type": "object" }, - "type": "object" - } - }, - "type": "object" - }, - "status": { - "description": "DataVolumeStatus contains the current status of the DataVolume", - "properties": { - "claimName": { - "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", - "type": "string" - }, - "conditions": { - "items": { - "description": "DataVolumeCondition represents the state of a data volume condition.", + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" - }, - "status": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "type": { - "description": "DataVolumeConditionType is the string representation of known condition types", - "type": "string" + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true } }, "required": [ - "status", - "type" + "port" ], "type": "object" }, - "type": "array" - }, - "phase": { - "description": "Phase is the current phase of the data volume", - "type": "string" - }, - "progress": { - "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", - "type": "string" + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "restartCount": { - "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", - "format": "int32", - "type": "integer" - } + "type": "object" }, - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - } - }, - "required": [ - "managedDataSource", - "schedule", - "template" - ], - "type": "object" - } - }, - "required": [ - "spec" - ], - "type": "object" - }, - "type": "array" - }, - "namespace": { - "description": "Namespace is the k8s namespace where CommonTemplates should be installed", - "maxLength": 63, - "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", - "type": "string" - } - }, - "required": [ - "namespace" - ], - "type": "object" - }, - "enableMultipleArchitectures": { - "description": "EnableMultipleArchitectures enables deployment of common Templates,\nDataSources and DataImportCrons for multiple node architectures.", - "type": "boolean" - }, - "templateValidator": { - "description": "TemplateValidator is configuration of the template validator operand", - "properties": { - "placement": { - "description": "Placement describes the node scheduling configuration", - "properties": { - "affinity": { - "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", - "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", + "resourceClaims": { + "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", + "items": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "type": "string" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name" + ], + "type": "object" }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", + "schedulerName": { + "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", + "type": "string" + }, + "startStrategy": { + "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", + "type": "string" + }, + "subdomain": { + "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If toleration is specified, obey all the toleration rules.", "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -322052,1162 +277263,1420 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", "type": "string" } }, "required": [ - "topologyKey" + "maxSkew", + "topologyKey", + "whenUnsatisfiable" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" }, - "required": [ - "podAffinityTerm", - "weight" - ], + "volumes": { + "description": "List of volumes that can be mounted by disks belonging to the vmi.", + "items": { + "description": "Volume represents a named volume in a vmi.", + "properties": { + "cloudInitConfigDrive": { + "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", + "properties": { + "networkData": { + "description": "NetworkData contains config drive inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains config drive inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "cloudInitNoCloud": { + "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", + "properties": { + "networkData": { + "description": "NetworkData contains NoCloud inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains NoCloud inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or it's keys must be defined", + "type": "boolean" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "containerDisk": { + "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", + "properties": { + "image": { + "description": "Image is the name of the image with the embedded disk.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "path": { + "description": "Path defines the path to disk file in the container", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "dataVolume": { + "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", + "properties": { + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "name": { + "description": "Name of both the DataVolume and the PVC in the same namespace.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "downwardAPI": { + "description": "DownwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "fields": { + "description": "Fields is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "downwardMetrics": { + "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", + "type": "object" + }, + "emptyDisk": { + "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "capacity" + ], + "type": "object" + }, + "ephemeral": { + "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", + "properties": { + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + } + }, + "type": "object" + }, + "hostDisk": { + "description": "HostDisk represents a disk created on the cluster level", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "path": { + "description": "The path to HostDisk image located on the cluster", + "type": "string" + }, + "shared": { + "description": "Shared indicate whether the path is shared between nodes", + "type": "boolean" + }, + "type": { + "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", + "type": "string" + } + }, + "required": [ + "path", + "type" + ], + "type": "object" + }, + "memoryDump": { + "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "name": { + "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "secret": { + "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", + "properties": { + "optional": { + "description": "Specify whether the Secret or it's keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "properties": { + "serviceAccountName": { + "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + } + }, + "type": "object" + }, + "sysprep": { + "description": "Represents a Sysprep volume source.", + "properties": { + "configMap": { + "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + } + }, + "required": [ + "domain" + ], + "type": "object" + } + }, + "type": "object" + }, + "updateVolumesStrategy": { + "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", + "type": "string" + } + }, + "required": [ + "template" + ], + "type": "object" + }, + "status": { + "description": "Status holds the current state of the controller and brief information\nabout its associated VirtualMachineInstance", + "properties": { + "conditions": { + "description": "Hold the state information of the VirtualMachine and its VirtualMachineInstance", + "items": { + "description": "VirtualMachineCondition represents the state of VirtualMachine", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "created": { + "description": "Created indicates if the virtual machine is created in the cluster", + "type": "boolean" + }, + "desiredGeneration": { + "description": "DesiredGeneration is the generation which is desired for the VMI.\nThis will be used in comparisons with ObservedGeneration to understand when\nthe VMI is out of sync. This will be changed at the same time as\nObservedGeneration to remove errors which could occur if Generation is\nupdated through an Update() before ObservedGeneration in Status.", + "format": "int64", + "type": "integer" + }, + "instancetypeRef": { + "description": "InstancetypeRef captures the state of any referenced instance type from the VirtualMachine", + "nullable": true, + "properties": { + "controllerRevisionRef": { + "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", + "properties": { + "name": { + "description": "Name of the ControllerRevision", + "type": "string" + } + }, + "type": "object" + }, + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "type": "string" + }, + "kind": { + "description": "Kind specifies the kind of resource", + "type": "string" + }, + "name": { + "description": "Name is the name of resource", + "type": "string" + } + }, + "type": "object" + }, + "memoryDumpRequest": { + "description": "MemoryDumpRequest tracks memory dump request phase and info of getting a memory\ndump to the given pvc", + "nullable": true, + "properties": { + "claimName": { + "description": "ClaimName is the name of the pvc that will contain the memory dump", + "type": "string" + }, + "endTimestamp": { + "description": "EndTimestamp represents the time the memory dump was completed", + "format": "date-time", + "type": "string" + }, + "fileName": { + "description": "FileName represents the name of the output file", + "type": "string" + }, + "message": { + "description": "Message is a detailed message about failure of the memory dump", + "type": "string" + }, + "phase": { + "description": "Phase represents the memory dump phase", + "type": "string" + }, + "remove": { + "description": "Remove represents request of dissociating the memory dump pvc", + "type": "boolean" + }, + "startTimestamp": { + "description": "StartTimestamp represents the time the memory dump started", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "claimName", + "phase" + ], + "type": "object" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation observed by the vmi when started.", + "format": "int64", + "type": "integer" + }, + "preferenceRef": { + "description": "PreferenceRef captures the state of any referenced preference from the VirtualMachine", + "nullable": true, + "properties": { + "controllerRevisionRef": { + "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", + "properties": { + "name": { + "description": "Name of the ControllerRevision", + "type": "string" + } + }, + "type": "object" + }, + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "type": "string" + }, + "kind": { + "description": "Kind specifies the kind of resource", + "type": "string" + }, + "name": { + "description": "Name is the name of resource", + "type": "string" + } + }, + "type": "object" + }, + "printableStatus": { + "default": "Stopped", + "description": "PrintableStatus is a human readable, high-level representation of the status of the virtual machine", + "type": "string" + }, + "ready": { + "description": "Ready indicates if the virtual machine is running and ready", + "type": "boolean" + }, + "restoreInProgress": { + "description": "RestoreInProgress is the name of the VirtualMachineRestore currently executing", + "type": "string" + }, + "runStrategy": { + "description": "RunStrategy tracks the last recorded RunStrategy used by the VM.\nThis is needed to correctly process the next strategy (for now only the RerunOnFailure)", + "type": "string" + }, + "snapshotInProgress": { + "description": "SnapshotInProgress is the name of the VirtualMachineSnapshot currently executing", + "type": "string" + }, + "startFailure": { + "description": "StartFailure tracks consecutive VMI startup failures for the purposes of\ncrash loop backoffs", + "nullable": true, + "properties": { + "consecutiveFailCount": { + "type": "integer" + }, + "lastFailedVMIUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + }, + "retryAfterTimestamp": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "stateChangeRequests": { + "description": "StateChangeRequests indicates a list of actions that should be taken on a VMI\ne.g. stop a specific VMI then start a new one.", + "items": { + "properties": { + "action": { + "description": "Indicates the type of action that is requested. e.g. Start or Stop", + "type": "string" + }, + "data": { + "additionalProperties": { + "type": "string" + }, + "description": "Provides additional data in order to perform the Action", "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "uid": { + "description": "Indicates the UUID of an existing Virtual Machine Instance that this change request applies to -- if applicable", + "type": "string" + } }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "required": [ + "action" + ], + "type": "object" + }, + "type": "array" + }, + "volumeRequests": { + "description": "VolumeRequests indicates a list of volumes add or remove from the VMI template and\nhotplug on an active running VMI.", + "items": { + "properties": { + "addVolumeOptions": { + "description": "AddVolumeOptions when set indicates a volume should be added. The details\nwithin this field specify how to add the volume", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "disk": { + "description": "Disk represents the hotplug disk that will be plugged into the running VMI", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "blockSize": { + "description": "If specified, the virtual disk will be presented with the given block sizes.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "object" + } + }, + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", + "type": "integer" + }, + "cache": { + "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "type": "string" + }, + "cdrom": { + "description": "Attach a volume as a cdrom to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "readonly": { + "description": "ReadOnly.\nDefaults to true.", + "type": "boolean" + }, + "tray": { + "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "dedicatedIOThread": { + "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", + "type": "boolean" + }, + "disk": { + "description": "Attach a volume as a disk to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", + "type": "string" + }, + "pciAddress": { + "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "errorPolicy": { + "description": "If specified, it can change the default error policy (stop) for the disk", + "type": "string" + }, + "io": { + "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "string" + }, + "lun": { + "description": "Attach a volume as a LUN to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + }, + "reservation": { + "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", + "type": "boolean" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "serial": { + "description": "Serial provides the ability to specify a serial number for the disk device.", + "type": "string" + }, + "shareable": { + "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", + "type": "boolean" + }, + "tag": { + "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name" + ], + "type": "object" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "dryRun": { + "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name represents the name that will be used to map the\ndisk to the corresponding volume. This overrides any name\nset inside the Disk struct itself.", + "type": "string" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "volumeSource": { + "description": "VolumeSource represents the source of the volume to map to the disk.", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "dataVolume": { + "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", + "properties": { + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "name": { + "description": "Name of both the DataVolume and the PVC in the same namespace.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "name" + ], + "type": "object" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "claimName" + ], "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "object" + } + }, + "required": [ + "disk", + "name", + "volumeSource" + ], + "type": "object" + }, + "removeVolumeOptions": { + "description": "RemoveVolumeOptions when set indicates a volume should be removed. The details\nwithin this field specify how to add the volume", + "properties": { + "dryRun": { + "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "name": { + "description": "Name represents the name that maps to both the disk and volume that\nshould be removed", "type": "string" } }, "required": [ - "topologyKey" + "name" ], "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumeSnapshotStatuses": { + "description": "VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is\nsupported by each volume.", + "items": { + "properties": { + "enabled": { + "description": "True if the volume supports snapshotting", + "type": "boolean" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "name": { + "description": "Volume name", + "type": "string" + }, + "reason": { + "description": "Empty if snapshotting is enabled, contains reason otherwise", + "type": "string" + } + }, + "required": [ + "enabled", + "name" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "volumeUpdateState": { + "description": "VolumeUpdateState contains the information about the volumes set\nupdates related to the volumeUpdateStrategy", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "volumeMigrationState": { + "description": "VolumeMigrationState tracks the information related to the volume migration", + "properties": { + "migratedVolumes": { + "description": "MigratedVolumes lists the source and destination volumes during the volume migration", + "items": { + "description": "StorageMigratedVolumeInfo tracks the information about the source and destination volumes during the volume migration", "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "destinationPVCInfo": { + "description": "DestinationPVCInfo contains the information about the destination PVC", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + { "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } - }, - "required": [ - "key", - "operator" ], - "type": "object" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Capacity represents the capacity set on the corresponding PVC status", + "type": "object" }, - "matchLabels": { + "claimName": { + "description": "ClaimName is the name of the PVC", + "type": "string" + }, + "filesystemOverhead": { + "description": "Percentage of filesystem's size to be reserved when resizing the PVC", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "preallocated": { + "description": "Preallocated indicates if the PVC's storage is preallocated or not", + "type": "boolean" + }, + "requests": { "additionalProperties": { - "type": "string" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "Requests represents the resources requested by the corresponding PVC spec", "type": "object" + }, + "volumeMode": { + "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "sourcePVCInfo": { + "description": "SourcePVCInfo contains the information about the source PVC", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + { "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" } - }, - "required": [ - "key", - "operator" ], - "type": "object" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "description": "Capacity represents the capacity set on the corresponding PVC status", + "type": "object" }, - "matchLabels": { + "claimName": { + "description": "ClaimName is the name of the PVC", + "type": "string" + }, + "filesystemOverhead": { + "description": "Percentage of filesystem's size to be reserved when resizing the PVC", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "preallocated": { + "description": "Preallocated indicates if the PVC's storage is preallocated or not", + "type": "boolean" + }, + "requests": { "additionalProperties": { - "type": "string" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "Requests represents the resources requested by the corresponding PVC spec", "type": "object" + }, + "volumeMode": { + "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "volumeName": { + "description": "VolumeName is the name of the volume that is being migrated", "type": "string" } }, "required": [ - "topologyKey" + "volumeName" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "virtualMachineSnapshotName": { + "type": "string" + }, + "volumeBackups": { + "items": { + "description": "VolumeBackup contains the data neeed to restore a PVC", + "properties": { + "persistentVolumeClaim": { + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "Spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + { "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "items": { + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "object" - } - }, - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", - "type": "object" - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "replicas": { - "default": 2, - "description": "Replicas is the number of replicas of the template validator pod", - "format": "int32", - "minimum": 0, - "type": "integer" - } - }, - "type": "object" - }, - "tlsSecurityProfile": { - "description": "TLSSecurityProfile is a configuration for the TLS.", - "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", - "nullable": true, - "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", - "enum": [ - "VersionTLS10", - "VersionTLS11", - "VersionTLS12", - "VersionTLS13" - ], - "type": "string" - } - }, - "type": "object" - }, - "intermediate": { - "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", - "nullable": true, - "type": "object" - }, - "modern": { - "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", - "nullable": true, - "type": "object" - }, - "old": { - "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", - "nullable": true, - "type": "object" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", - "enum": [ - "Old", - "Intermediate", - "Modern", - "Custom" - ], - "type": "string" - } - }, - "type": "object" - }, - "tokenGenerationService": { - "description": "TokenGenerationService configures the service for generating tokens to access VNC for a VM.", - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "commonTemplates" - ], - "type": "object" - }, - "status": { - "description": "SSPStatus defines the observed state of SSP", - "properties": { - "conditions": { - "description": "A list of current conditions of the resource", - "items": { - "description": "Condition represents the state of the operator's\nreconciliation functionality.", - "properties": { - "lastHeartbeatTime": { - "format": "date-time", - "type": "string" - }, - "lastTransitionTime": { - "format": "date-time", - "type": "string" - }, - "message": { - "type": "string" - }, - "reason": { - "type": "string" + "type": "object" }, - "status": { + "volumeName": { "type": "string" }, - "type": { - "description": "ConditionType is the state of the operator's reconciliation functionality.", + "volumeSnapshotName": { "type": "string" } - }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "observedGeneration": { - "description": "ObservedGeneration is the latest generation observed by the operator.", - "format": "int64", - "type": "integer" - }, - "observedVersion": { - "description": "The observed version of the resource", - "type": "string" - }, - "operatorVersion": { - "description": "The version of the resource as defined by the operator", - "type": "string" - }, - "paused": { - "description": "Paused is true when the operator notices paused annotation.", - "type": "boolean" - }, - "phase": { - "description": "Phase is the current phase of the deployment", - "type": "string" - }, - "targetVersion": { - "description": "The desired version of the resource", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ssp.kubevirt.io", - "kind": "SSP", - "version": "v1beta3" - } - ] - }, - "ssp.kubevirt.io/v1beta3/SSPList": { - "description": "SSPList is a list of SSP", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ssps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", - "items": { - "$ref": "#/components/schemas/io.kubevirt.ssp.v1beta3.SSP" - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "ssp.kubevirt.io", - "kind": "SSPList", - "version": "v1beta3" - } - ] - }, - "storage.k8s.io/v1/CSIDriver": { - "description": "CSIDriver captures information about a Container Storage Interface (CSI) volume driver deployed on the cluster. Kubernetes attach detach controller uses this object to determine whether attach is required. Kubelet uses this object to determine whether pod information needs to be passed on mount. CSIDriver objects are non-namespaced.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata. metadata.Name indicates the name of the CSI driver that this object refers to; it MUST be the same name returned by the CSI GetPluginName() call for that driver. The driver name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIDriverSpec" - } - ], - "default": {}, - "description": "spec represents the specification of the CSI Driver." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSIDriver", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/CSIDriverList": { - "description": "CSIDriverList is a collection of CSIDriver objects.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of CSIDriver", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIDriver" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSIDriverList", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/CSINode": { - "description": "CSINode holds information about all CSI drivers installed on a node. CSI drivers do not need to create the CSINode object directly. As long as they use the node-driver-registrar sidecar container, the kubelet will automatically populate the CSINode object for the CSI driver as part of kubelet plugin registration. CSINode has the same name as a node. If the object is missing, it means either there are no CSI Drivers available on the node, or the Kubelet version is low enough that it doesn't create this object. CSINode has an OwnerReference that points to the corresponding node object.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. metadata.name must be the Kubernetes node name." - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSINodeSpec" - } - ], - "default": {}, - "description": "spec is the specification of CSINode" - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSINode", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/CSINodeList": { - "description": "CSINodeList is a collection of CSINode objects.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of CSINode", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSINode" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSINodeList", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/CSIStorageCapacity": { - "description": "CSIStorageCapacity stores the result of one CSI GetCapacity call. For a given StorageClass, this describes the available capacity in a particular topology segment. This can be used when considering where to instantiate new PersistentVolumes.\n\nFor example this can express things like: - StorageClass \"standard\" has \"1234 GiB\" available in \"topology.kubernetes.io/zone=us-east1\" - StorageClass \"localssd\" has \"10 GiB\" available in \"kubernetes.io/hostname=knode-abc123\"\n\nThe following three cases all imply that no capacity is available for a certain combination: - no object exists with suitable topology and storage class name - such an object exists, but the capacity is unset - such an object exists, but the capacity is zero\n\nThe producer of these objects can decide which approach is more suitable.\n\nThey are consumed by the kube-scheduler when a CSI driver opts into capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler compares the MaximumVolumeSize against the requested size of pending volumes to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back to a comparison against the less precise Capacity. If that is also unset, the scheduler assumes that capacity is insufficient and tries some other node.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "capacity": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - ], - "description": "capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.\n\nThe semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable." - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "maximumVolumeSize": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - ], - "description": "maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.\n\nThis is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim." - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-, a generated name, or a reverse-domain name which ends with the unique CSI driver name.\n\nObjects are namespaced.\n\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "nodeTopology": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - ], - "description": "nodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable." - }, - "storageClassName": { - "default": "", - "description": "storageClassName represents the name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.", - "type": "string" - } - }, - "required": [ - "storageClassName" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSIStorageCapacity", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/CSIStorageCapacityList": { - "description": "CSIStorageCapacityList is a collection of CSIStorageCapacity objects.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of CSIStorageCapacity objects.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIStorageCapacity" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + }, + "required": [ + "persistentVolumeClaim", + "volumeName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } - ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "CSIStorageCapacityList", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/StorageClass": { - "description": "StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.\n\nStorageClasses are non-namespaced; the name of the storage class according to etcd is in ObjectMeta.Name.", - "namespaced": false, - "properties": { - "allowVolumeExpansion": { - "description": "allowVolumeExpansion shows whether the storage class allow volume expand.", - "type": "boolean" - }, - "allowedTopologies": { - "description": "allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.TopologySelectorTerm" - } - ], - "default": {} }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } + "required": [ + "source" ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "mountOptions": { - "description": "mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. e.g. [\"ro\", \"soft\"]. Not validated - mount of the PVs will simply fail if one is invalid.", - "items": { - "default": "", - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "parameters": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "parameters holds the parameters for the provisioner that should create volumes of this storage class.", "type": "object" }, - "provisioner": { - "default": "", - "description": "provisioner indicates the type of the provisioner.", - "type": "string" - }, - "reclaimPolicy": { - "description": "reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. Defaults to Delete.\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", - "enum": [ - "Delete", - "Recycle", - "Retain" - ], - "type": "string" - }, - "volumeBindingMode": { - "description": "volumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.\n\nPossible enum values:\n - `\"Immediate\"` indicates that PersistentVolumeClaims should be immediately provisioned and bound. This is the default mode.\n - `\"WaitForFirstConsumer\"` indicates that PersistentVolumeClaims should not be provisioned and bound until the first Pod is created that references the PeristentVolumeClaim. The volume provisioning and binding will occur during Pod scheduing.", - "enum": [ - "Immediate", - "WaitForFirstConsumer" - ], - "type": "string" - } - }, - "required": [ - "provisioner" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "StorageClass", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/StorageClassList": { - "description": "StorageClassList is a collection of storage classes.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of StorageClasses", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.StorageClass" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "StorageClassList", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1/VolumeAttachment": { - "description": "VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node.\n\nVolumeAttachment objects are non-namespaced.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachmentSpec" - } - ], - "default": {}, - "description": "spec represents specification of the desired attach/detach volume behavior. Populated by the Kubernetes system." - }, "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachmentStatus" + "description": "VirtualMachineSnapshotContentStatus is the status for a VirtualMachineSnapshotStatus resource", + "properties": { + "creationTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "error": { + "description": "Error is the last error encountered during the snapshot/restore", + "properties": { + "message": { + "type": "string" + }, + "time": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "readyToUse": { + "type": "boolean" + }, + "volumeSnapshotStatus": { + "items": { + "description": "VolumeSnapshotStatus is the status of a VolumeSnapshot", + "properties": { + "creationTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "error": { + "description": "Error is the last error encountered during the snapshot/restore", + "properties": { + "message": { + "type": "string" + }, + "time": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "readyToUse": { + "type": "boolean" + }, + "volumeSnapshotName": { + "type": "string" + } + }, + "required": [ + "volumeSnapshotName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } - ], - "default": {}, - "description": "status represents status of the VolumeAttachment request. Populated by the entity completing the attach or detach operation, i.e. the external-attacher." + }, + "type": "object" } }, "required": [ @@ -323216,14 +278685,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "storage.k8s.io", - "kind": "VolumeAttachment", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotContent", + "version": "v1alpha1" } ] }, - "storage.k8s.io/v1/VolumeAttachmentList": { - "description": "VolumeAttachmentList is a collection of VolumeAttachment objects.", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotContentList": { + "description": "VirtualMachineSnapshotContentList is a list of VirtualMachineSnapshotContent", "namespaced": true, "properties": { "apiVersion": { @@ -323231,14 +278700,9 @@ "type": "string" }, "items": { - "description": "items is the list of VolumeAttachments", + "description": "List of virtualmachinesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachment" - } - ], - "default": {} + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineSnapshotContent" }, "type": "array" }, @@ -323252,8 +278716,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -323262,61 +278725,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "storage.k8s.io", - "kind": "VolumeAttachmentList", - "version": "v1" - } - ] - }, - "storage.k8s.io/v1beta1/VolumeAttributesClass": { - "description": "VolumeAttributesClass represents a specification of mutable volume attributes defined by the CSI driver. The class can be specified during dynamic provisioning of PersistentVolumeClaims, and changed in the PersistentVolumeClaim spec after provisioning.", - "namespaced": false, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "driverName": { - "default": "", - "description": "Name of the CSI driver This field is immutable.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "parameters": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "parameters hold volume attributes defined by the CSI driver. These values are opaque to the Kubernetes and are passed directly to the CSI driver. The underlying storage provider supports changing these attributes on an existing volume, however the parameters field itself is immutable. To invoke a volume update, a new VolumeAttributesClass should be created with new parameters, and the PersistentVolumeClaim should be updated to reference the new VolumeAttributesClass.\n\nThis field is required and must contain at least one key/value pair. The keys cannot be empty, and the maximum number of parameters is 512, with a cumulative max size of 256K. If the CSI driver rejects invalid parameters, the target PersistentVolumeClaim will be set to an \"Infeasible\" state in the modifyVolumeStatus field.", - "type": "object" - } - }, - "required": [ - "driverName" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "storage.k8s.io", - "kind": "VolumeAttributesClass", - "version": "v1beta1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotContentList", + "version": "v1alpha1" } ] }, - "storage.k8s.io/v1beta1/VolumeAttributesClassList": { - "description": "VolumeAttributesClassList is a collection of VolumeAttributesClass objects.", + "snapshot.kubevirt.io/v1alpha1/VirtualMachineSnapshotList": { + "description": "VirtualMachineSnapshotList is a list of VirtualMachineSnapshot", "namespaced": true, "properties": { "apiVersion": { @@ -323324,14 +278740,9 @@ "type": "string" }, "items": { - "description": "items is the list of VolumeAttributesClass objects.", + "description": "List of virtualmachinesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.storage.v1beta1.VolumeAttributesClass" - } - ], - "default": {} + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1alpha1.VirtualMachineSnapshot" }, "type": "array" }, @@ -323345,8 +278756,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -323355,15 +278765,15 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "storage.k8s.io", - "kind": "VolumeAttributesClassList", - "version": "v1beta1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotList", + "version": "v1alpha1" } ] }, - "template.openshift.io/v1/BrokerTemplateInstance": { - "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": false, + "snapshot.kubevirt.io/v1beta1/VirtualMachineRestore": { + "description": "VirtualMachineRestore defines the operation of restoring a VM", + "namespaced": true, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -323379,17 +278789,172 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" + "description": "VirtualMachineRestoreSpec is the spec for a VirtualMachineRestore resource", + "properties": { + "patches": { + "description": "If the target for the restore does not exist, it will be created. Patches holds JSON patches that would be\napplied to the target manifest before it's created. Patches should fit the target's Kind.\n\nExample for a patch: {\"op\": \"replace\", \"path\": \"/metadata/name\", \"value\": \"new-vm-name\"}", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "target": { + "description": "initially only VirtualMachine type supported", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetReadinessPolicy": { + "description": "TargetReadinessPolicy defines how to handle the restore in case\nthe target is not ready", + "type": "string" + }, + "virtualMachineSnapshotName": { + "type": "string" + }, + "volumeRestoreOverrides": { + "description": "VolumeRestoreOverrides gives the option to change properties of each restored volume\nFor example, specifying the name of the restored volume, or adding labels/annotations to it", + "items": { + "description": "VolumeRestoreOverride specifies how a volume should be restored from a VirtualMachineSnapshot", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "restoreName": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumeRestorePolicy": { + "description": "VolumeRestorePolicy defines how to handle the restore of snapshotted volumes", + "type": "string" } + }, + "required": [ + "target", + "virtualMachineSnapshotName" ], - "default": {}, - "description": "spec describes the state of this BrokerTemplateInstance." + "type": "object" + }, + "status": { + "description": "VirtualMachineRestoreStatus is the status for a VirtualMachineRestore resource", + "properties": { + "complete": { + "type": "boolean" + }, + "conditions": { + "items": { + "description": "Condition defines conditions", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the const type for Conditions", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "deletedDataVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "restoreTime": { + "format": "date-time", + "type": "string" + }, + "restores": { + "items": { + "description": "VolumeRestore contains the data needed to restore a PVC", + "properties": { + "dataVolumeName": { + "type": "string" + }, + "persistentVolumeClaim": { + "type": "string" + }, + "volumeName": { + "type": "string" + }, + "volumeSnapshotName": { + "type": "string" + } + }, + "required": [ + "persistentVolumeClaim", + "volumeName", + "volumeSnapshotName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" } }, "required": [ @@ -323398,14 +278963,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "template.openshift.io", - "kind": "BrokerTemplateInstance", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineRestore", + "version": "v1beta1" } ] }, - "template.openshift.io/v1/BrokerTemplateInstanceList": { - "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "snapshot.kubevirt.io/v1beta1/VirtualMachineRestoreList": { + "description": "VirtualMachineRestoreList is a list of VirtualMachineRestore", "namespaced": true, "properties": { "apiVersion": { @@ -323413,14 +278978,9 @@ "type": "string" }, "items": { - "description": "items is a list of BrokerTemplateInstances", + "description": "List of virtualmachinerestores. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.BrokerTemplateInstance" - } - ], - "default": {} + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineRestore" }, "type": "array" }, @@ -323434,8 +278994,7 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ @@ -323444,79 +279003,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "template.openshift.io", - "kind": "BrokerTemplateInstanceList", - "version": "v1" - } - ] - }, - "template.openshift.io/v1/Template": { - "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "labels": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", - "type": "object" - }, - "message": { - "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - }, - "objects": { - "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", - "items": { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "type": "array" - }, - "parameters": { - "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.Parameter" - } - ], - "default": {} - }, - "type": "array" - } - }, - "required": [ - "objects" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "template.openshift.io", - "kind": "Template", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineRestoreList", + "version": "v1beta1" } ] }, - "template.openshift.io/v1/TemplateInstance": { - "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshot": { + "description": "VirtualMachineSnapshot defines the operation of snapshotting a VM", "namespaced": true, "properties": { "apiVersion": { @@ -323533,134 +279027,166 @@ "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstanceSpec" + "description": "VirtualMachineSnapshotSpec is the spec for a VirtualMachineSnapshot resource", + "properties": { + "deletionPolicy": { + "description": "DeletionPolicy defines that to do with VirtualMachineSnapshot\nwhen VirtualMachineSnapshot is deleted", + "type": "string" + }, + "failureDeadline": { + "description": "This time represents the number of seconds we permit the vm snapshot\nto take. In case we pass this deadline we mark this snapshot\nas failed.\nDefaults to DefaultFailureDeadline - 5min", + "type": "string" + }, + "source": { + "description": "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } + }, + "required": [ + "source" ], - "default": {}, - "description": "spec describes the desired state of this TemplateInstance." + "type": "object" }, "status": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstanceStatus" - } - ], - "default": {}, - "description": "status describes the current state of this TemplateInstance." - } - }, - "required": [ - "spec" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "template.openshift.io", - "kind": "TemplateInstance", - "version": "v1" - } - ] - }, - "template.openshift.io/v1/TemplateInstanceList": { - "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of Templateinstances", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstance" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "description": "VirtualMachineSnapshotStatus is the status for a VirtualMachineSnapshot resource", + "properties": { + "conditions": { + "items": { + "description": "Condition defines conditions", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the const type for Conditions", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "creationTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "error": { + "description": "Error is the last error encountered during the snapshot/restore", + "properties": { + "message": { + "type": "string" + }, + "time": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "indications": { + "items": { + "description": "Indication is a way to indicate the state of the vm when taking the snapshot", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "phase": { + "description": "VirtualMachineSnapshotPhase is the current phase of the VirtualMachineSnapshot", + "type": "string" + }, + "readyToUse": { + "type": "boolean" + }, + "snapshotVolumes": { + "description": "SnapshotVolumesLists includes the list of volumes which were included in the snapshot and volumes which were excluded from the snapshot", + "properties": { + "excludedVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "includedVolumes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object" + }, + "sourceUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + }, + "virtualMachineSnapshotContentName": { + "type": "string" } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - } - }, - "required": [ - "items" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "template.openshift.io", - "kind": "TemplateInstanceList", - "version": "v1" - } - ] - }, - "template.openshift.io/v1/TemplateList": { - "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of templates", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.template.v1.Template" - } - ], - "default": {} }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - ], - "default": {}, - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + "type": "object" } }, "required": [ - "items" + "spec" ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "template.openshift.io", - "kind": "TemplateList", - "version": "v1" + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshot", + "version": "v1beta1" } ] }, - "tempo.grafana.com/v1alpha1/TempoMonolithic": { - "description": "TempoMonolithic manages a Tempo deployment in monolithic mode.", + "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotContent": { + "description": "VirtualMachineSnapshotContent contains the snapshot data", "namespaced": true, "properties": { "apiVersion": { @@ -323680,756 +279206,4490 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "TempoMonolithicSpec defines the desired state of TempoMonolithic.", + "description": "VirtualMachineSnapshotContentSpec is the spec for a VirtualMachineSnapshotContent resource", "properties": { - "affinity": { - "description": "Affinity defines the Affinity rules for scheduling pods.", + "source": { + "description": "SourceSpec contains the appropriate spec for the resource being snapshotted", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", + "virtualMachine": { "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", - "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineSpec contains the VirtualMachine specification.", + "properties": { + "dataVolumeTemplates": { + "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference.\nDataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle.", + "items": { + "nullable": true, "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "DataVolumeSpec contains the DataVolume specification.", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } + }, + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "DataVolumeTemplateDummyStatus is here simply for backwards compatibility with\na previous API.", + "nullable": true, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "type": "array" + }, + "instancetype": { + "description": "InstancetypeMatcher references a instancetype that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype\nto be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher\nthis field is removed.", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", + "type": "string" + }, + "kind": { + "description": "Kind specifies which instancetype resource is referenced.\nAllowed values are: \"VirtualMachineInstancetype\" and \"VirtualMachineClusterInstancetype\".\nIf not specified, \"VirtualMachineClusterInstancetype\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachineInstancetype or VirtualMachineClusterInstancetype", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially\ncaptured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "preference": { + "description": "PreferenceMatcher references a set of preference that is used to fill fields in Template", + "properties": { + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the preference\nto be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher\nthis field is removed.", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype.\nAllowed values are: \"RejectInferFromVolumeFailure\" and \"IgnoreInferFromVolumeFailure\".\nIf not specified, \"RejectInferFromVolumeFailure\" is used by default.", + "type": "string" + }, + "kind": { + "description": "Kind specifies which preference resource is referenced.\nAllowed values are: \"VirtualMachinePreference\" and \"VirtualMachineClusterPreference\".\nIf not specified, \"VirtualMachineClusterPreference\" is used by default.", + "type": "string" + }, + "name": { + "description": "Name is the name of the VirtualMachinePreference or VirtualMachineClusterPreference", + "type": "string" + }, + "revisionName": { + "description": "RevisionName specifies a ControllerRevision containing a specific copy of the\nVirtualMachinePreference or VirtualMachineClusterPreference to be used. This is\ninitially captured the first time the instancetype is applied to the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "runStrategy": { + "description": "Running state indicates the requested running state of the VirtualMachineInstance\nmutually exclusive with Running\nFollowing are allowed values:\n- \"Always\": VMI should always be running.\n- \"Halted\": VMI should never be running.\n- \"Manual\": VMI can be started/stopped using API endpoints.\n- \"RerunOnFailure\": VMI will initially be running and restarted if a failure occurs, but will not be restarted upon successful completion.\n- \"Once\": VMI will run once and not be restarted upon completion regardless if the completion is of phase Failure or Success.", + "type": "string" + }, + "running": { + "description": "Running controls whether the associatied VirtualMachineInstance is created or not\nMutually exclusive with RunStrategy\nDeprecated: VirtualMachineInstance field \"Running\" is now deprecated, please use RunStrategy instead.", + "type": "boolean" + }, + "template": { + "description": "Template is the direct specification of VirtualMachineInstance", + "properties": { + "metadata": { + "nullable": true, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "spec": { + "description": "VirtualMachineInstance Spec contains the VirtualMachineInstance specification.", + "properties": { + "accessCredentials": { + "description": "Specifies a set of public keys to inject into the vm guest", + "items": { + "description": "AccessCredential represents a credential source that can be used to\nauthorize remote access to the vm guest\nOnly one of its members may be specified.", + "properties": { + "sshPublicKey": { + "description": "SSHPublicKey represents the source and method of applying a ssh public\nkey into a guest virtual machine.", + "properties": { + "propagationMethod": { + "description": "PropagationMethod represents how the public key is injected into the vm guest.", + "properties": { + "configDrive": { + "description": "ConfigDrivePropagation means that the ssh public keys are injected\ninto the VM using metadata using the configDrive cloud-init provider", + "type": "object" + }, + "noCloud": { + "description": "NoCloudPropagation means that the ssh public keys are injected\ninto the VM using metadata using the noCloud cloud-init provider", + "type": "object" + }, + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means ssh public keys are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", + "properties": { + "users": { + "description": "Users represents a list of guest users that should have the ssh public keys\nadded to their authorized_keys file.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "users" + ], + "type": "object" + } + }, + "type": "object" + }, + "source": { + "description": "Source represents where the public keys are pulled from", + "properties": { + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } + }, + "required": [ + "secretName" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "propagationMethod", + "source" + ], + "type": "object" + }, + "userPassword": { + "description": "UserPassword represents the source and method for applying a guest user's\npassword", + "properties": { + "propagationMethod": { + "description": "propagationMethod represents how the user passwords are injected into the vm guest.", + "properties": { + "qemuGuestAgent": { + "description": "QemuGuestAgentAccessCredentailPropagation means passwords are\ndynamically injected into the vm at runtime via the qemu guest agent.\nThis feature requires the qemu guest agent to be running within the guest.", + "type": "object" + } + }, + "type": "object" + }, + "source": { + "description": "Source represents where the user passwords are pulled from", + "properties": { + "secret": { + "description": "Secret means that the access credential is pulled from a kubernetes secret", + "properties": { + "secretName": { + "description": "SecretName represents the name of the secret in the VMI's namespace", + "type": "string" + } + }, + "required": [ + "secretName" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "propagationMethod", + "source" + ], + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 256, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "affinity": { + "description": "If affinity is specifies, obey all the affinity rules", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "architecture": { + "description": "Specifies the architecture of the vm guest you are attempting to run. Defaults to the compiled architecture of the KubeVirt components", + "type": "string" + }, + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod.\nParameters specified here will be merged to the generated DNS\nconfiguration based on DNSPolicy.", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.\nDuplicated nameservers will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nDuplicated entries will be removed. Resolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is this DNS resolver option's name.\nRequired.", + "type": "string" + }, + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.\nDuplicated search paths will be removed.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod.\nDefaults to \"ClusterFirst\".\nValid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.\nDNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.\nTo have DNS options set along with hostNetwork, you have to specify DNS policy\nexplicitly to 'ClusterFirstWithHostNet'.", + "type": "string" + }, + "domain": { + "description": "Specification of the desired behavior of the VirtualMachineInstance on the host.", + "properties": { + "chassis": { + "description": "Chassis specifies the chassis info passed to the domain.", + "properties": { + "asset": { + "type": "string" + }, + "manufacturer": { + "type": "string" + }, + "serial": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "clock": { + "description": "Clock sets the clock and timers of the vmi.", + "properties": { + "timer": { + "description": "Timer specifies whih timers are attached to the vmi.", + "properties": { + "hpet": { + "description": "HPET (High Precision Event Timer) - multiple timers with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"merge\", \"discard\".", + "type": "string" + } + }, + "type": "object" + }, + "hyperv": { + "description": "Hyperv (Hypervclock) - lets guests read the host\u2019s wall clock time (paravirtualized). For windows guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "kvm": { + "description": "KVM \t(KVM clock) - lets guests read the host\u2019s wall clock time (paravirtualized). For linux guests.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "pit": { + "description": "PIT (Programmable Interval Timer) - a timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\", \"discard\".", + "type": "string" + } + }, + "type": "object" + }, + "rtc": { + "description": "RTC (Real Time Clock) - a continuously running timer with periodic interrupts.", + "properties": { + "present": { + "description": "Enabled set to false makes sure that the machine type or a preset can't add the timer.\nDefaults to true.", + "type": "boolean" + }, + "tickPolicy": { + "description": "TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest.\nOne of \"delay\", \"catchup\".", + "type": "string" + }, + "track": { + "description": "Track the guest or the wall clock.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "timezone": { + "description": "Timezone sets the guest clock to the specified timezone.\nZone name follows the TZ environment variable format (e.g. 'America/New_York').", + "type": "string" + }, + "utc": { + "description": "UTC sets the guest clock to UTC on each boot. If an offset is specified,\nguest changes to the clock will be kept during reboots and are not reset.", + "properties": { + "offsetSeconds": { + "description": "OffsetSeconds specifies an offset in seconds, relative to UTC. If set,\nguest changes to the clock will be kept during reboots and not reset.", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "cpu": { + "description": "CPU allow specified the detailed CPU topology inside the vmi.", + "properties": { + "cores": { + "description": "Cores specifies the number of cores inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + }, + "dedicatedCpuPlacement": { + "description": "DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node\nwith enough dedicated pCPUs and pin the vCPUs to it.", + "type": "boolean" + }, + "features": { + "description": "Features specifies the CPU features list inside the VMI.", + "items": { + "description": "CPUFeature allows specifying a CPU feature.", + "properties": { + "name": { + "description": "Name of the CPU feature", + "type": "string" + }, + "policy": { + "description": "Policy is the CPU feature attribute which can have the following attributes:\nforce - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU.\nrequire - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it.\noptional - The feature will be supported by virtual CPU if and only if it is supported by host CPU.\ndisable - The feature will not be supported by virtual CPU.\nforbid - Guest creation will fail if the feature is supported by host CPU.\nDefaults to require", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "isolateEmulatorThread": { + "description": "IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place\nthe emulator thread on it.", + "type": "boolean" + }, + "maxSockets": { + "description": "MaxSockets specifies the maximum amount of sockets that can\nbe hotplugged", + "format": "int32", + "type": "integer" + }, + "model": { + "description": "Model specifies the CPU model inside the VMI.\nList of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map.\nIt is possible to specify special cases like \"host-passthrough\" to get the same CPU as the node\nand \"host-model\" to get CPU closest to the node one.\nDefaults to host-model.", + "type": "string" + }, + "numa": { + "description": "NUMA allows specifying settings for the guest NUMA topology", + "properties": { + "guestMappingPassthrough": { + "description": "GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod.\nThe created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes.", + "type": "object" + } + }, + "type": "object" + }, + "realtime": { + "description": "Realtime instructs the virt-launcher to tune the VMI for lower latency, optional for real time workloads", + "properties": { + "mask": { + "description": "Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions.\nExample: \"0-3,^1\",\"0,2,3\",\"2-3\"", + "type": "string" + } + }, + "type": "object" + }, + "sockets": { + "description": "Sockets specifies the number of sockets inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + }, + "threads": { + "description": "Threads specifies the number of threads inside the vmi.\nMust be a value greater or equal 1.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "devices": { + "description": "Devices allows adding disks, network interfaces, and others", + "properties": { + "autoattachGraphicsDevice": { + "description": "Whether to attach the default graphics device or not.\nVNC will not be available if set to false. Defaults to true.", + "type": "boolean" + }, + "autoattachInputDevice": { + "description": "Whether to attach an Input Device.\nDefaults to false.", + "type": "boolean" + }, + "autoattachMemBalloon": { + "description": "Whether to attach the Memory balloon device with default period.\nPeriod can be adjusted in virt-config.\nDefaults to true.", + "type": "boolean" + }, + "autoattachPodInterface": { + "description": "Whether to attach a pod network interface. Defaults to true.", + "type": "boolean" + }, + "autoattachSerialConsole": { + "description": "Whether to attach the default virtio-serial console or not.\nSerial console access will not be available if set to false. Defaults to true.", + "type": "boolean" + }, + "autoattachVSOCK": { + "description": "Whether to attach the VSOCK CID to the VM or not.\nVSOCK access will be available if set to true. Defaults to false.", + "type": "boolean" + }, + "blockMultiQueue": { + "description": "Whether or not to enable virtio multi-queue for block devices.\nDefaults to false.", + "type": "boolean" + }, + "clientPassthrough": { + "description": "To configure and access client devices such as redirecting USB", + "type": "object" + }, + "disableHotplug": { + "description": "DisableHotplug disabled the ability to hotplug disks.", + "type": "boolean" + }, + "disks": { + "description": "Disks describes disks, cdroms and luns which are connected to the vmi.", + "items": { + "properties": { + "blockSize": { + "description": "If specified, the virtual disk will be presented with the given block sizes.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", + "type": "integer" + }, + "cache": { + "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "type": "string" + }, + "cdrom": { + "description": "Attach a volume as a cdrom to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to true.", + "type": "boolean" + }, + "tray": { + "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + "type": "string" + } + }, + "type": "object" + }, + "dedicatedIOThread": { + "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", + "type": "boolean" + }, + "disk": { + "description": "Attach a volume as a disk to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", + "type": "string" + }, + "pciAddress": { + "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "errorPolicy": { + "description": "If specified, it can change the default error policy (stop) for the disk", + "type": "string" + }, + "io": { + "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "string" + }, + "lun": { + "description": "Attach a volume as a LUN to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + }, + "reservation": { + "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", + "type": "boolean" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "serial": { + "description": "Serial provides the ability to specify a serial number for the disk device.", + "type": "string" + }, + "shareable": { + "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", + "type": "boolean" + }, + "tag": { + "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + }, + "downwardMetrics": { + "description": "DownwardMetrics creates a virtio serials for exposing the downward metrics to the vmi.", + "type": "object" + }, + "filesystems": { + "description": "Filesystems describes filesystem which is connected to the vmi.", + "items": { + "properties": { + "name": { + "description": "Name is the device name", + "type": "string" + }, + "virtiofs": { + "description": "Virtiofs is supported", + "type": "object" + } + }, + "required": [ + "name", + "virtiofs" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gpus": { + "description": "Whether to attach a GPU device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "description": "Name of the GPU device as exposed by a device plugin", + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + }, + "virtualGPUOptions": { + "properties": { + "display": { + "properties": { + "enabled": { + "description": "Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "ramFB": { + "description": "Enables a boot framebuffer, until the guest OS loads a real GPU driver\nDefaults to true.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "hostDevices": { + "description": "Whether to attach a host device to the vmi.", + "items": { + "properties": { + "claimName": { + "description": "ClaimName needs to be provided from the list vmi.spec.resourceClaims[].name where this\ndevice is allocated", + "type": "string" + }, + "deviceName": { + "description": "DeviceName is the name of the device provisioned by device-plugins", + "type": "string" + }, + "name": { + "type": "string" + }, + "requestName": { + "description": "RequestName needs to be provided from resourceClaim.spec.devices.requests[].name where this\ndevice is requested", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "inputs": { + "description": "Inputs describe input devices", + "items": { + "properties": { + "bus": { + "description": "Bus indicates the bus of input device to emulate.\nSupported values: virtio, usb.", + "type": "string" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "type": { + "description": "Type indicated the type of input device.\nSupported values: tablet.", + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "interfaces": { + "description": "Interfaces describe network interfaces which are added to the vmi.", + "items": { + "properties": { + "acpiIndex": { + "description": "If specified, the ACPI index is used to provide network interface device naming, that is stable across changes\nin PCI addresses assigned to the device.\nThis value is required to be unique across all devices and be between 1 and (16*1024-1).", + "type": "integer" + }, + "binding": { + "description": "Binding specifies the binding plugin that will be used to connect the interface to the guest.\nIt provides an alternative to InterfaceBindingMethod.\nversion: 1alphav1", + "properties": { + "name": { + "description": "Name references to the binding name as denined in the kubevirt CR.\nversion: 1alphav1", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach interface or disk that has a boot order must have a unique value.\nInterfaces without a boot order are not tried.", + "type": "integer" + }, + "bridge": { + "description": "InterfaceBridge connects to a given network via a linux bridge.", + "type": "object" + }, + "dhcpOptions": { + "description": "If specified the network interface will pass additional DHCP options to the VMI", + "properties": { + "bootFileName": { + "description": "If specified will pass option 67 to interface's DHCP server", + "type": "string" + }, + "ntpServers": { + "description": "If specified will pass the configured NTP server to the VM via DHCP option 042.", + "items": { + "type": "string" + }, + "type": "array" + }, + "privateOptions": { + "description": "If specified will pass extra DHCP options for private use, range: 224-254", + "items": { + "description": "DHCPExtraOptions defines Extra DHCP options for a VM.", + "properties": { + "option": { + "description": "Option is an Integer value from 224-254\nRequired.", + "type": "integer" + }, + "value": { + "description": "Value is a String value for the Option provided\nRequired.", + "type": "string" + } + }, + "required": [ + "option", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "tftpServerName": { + "description": "If specified will pass option 66 to interface's DHCP server", + "type": "string" + } + }, + "type": "object" + }, + "macAddress": { + "description": "Interface MAC address. For example: de:ad:00:00:be:af or DE-AD-00-00-BE-AF.", + "type": "string" + }, + "macvtap": { + "description": "DeprecatedMacvtap is an alias to the deprecated Macvtap interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "masquerade": { + "description": "InterfaceMasquerade connects to a given network using netfilter rules to nat the traffic.", + "type": "object" + }, + "model": { + "description": "Interface model.\nOne of: e1000, e1000e, igb, ne2k_pci, pcnet, rtl8139, virtio.\nDefaults to virtio.", + "type": "string" + }, + "name": { + "description": "Logical name of the interface as well as a reference to the associated networks.\nMust match the Name of a Network.", + "type": "string" + }, + "passt": { + "description": "DeprecatedPasst is an alias to the deprecated Passt interface,\nplease refer to Kubevirt user guide for alternatives.\nDeprecated: Removed in v1.3", + "type": "object" + }, + "pciAddress": { + "description": "If specified, the virtual network interface will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "ports": { + "description": "List of ports to be forwarded to the virtual machine.", + "items": { + "description": "Port represents a port to expose from the virtual machine.\nDefault protocol TCP.\nThe port field is mandatory", + "properties": { + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "port": { + "description": "Number of port to expose for the virtual machine.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "Protocol for port. Must be UDP or TCP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "type": "array" + }, + "slirp": { + "description": "DeprecatedSlirp is an alias to the deprecated Slirp interface\nDeprecated: Removed in v1.3", + "type": "object" + }, + "sriov": { + "description": "InterfaceSRIOV connects to a given network by passing-through an SR-IOV PCI device via vfio.", + "type": "object" + }, + "state": { + "description": "State represents the requested operational state of the interface.\nThe supported values are:\n'absent', expressing a request to remove the interface.\n'down', expressing a request to set the link down.\n'up', expressing a request to set the link up.\nEmpty value functions as 'up'.", + "type": "string" + }, + "tag": { + "description": "If specified, the virtual network interface address and its tag will be provided to the guest via config drive", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "maxItems": 256, + "type": "array" + }, + "logSerialConsole": { + "description": "Whether to log the auto-attached default serial console or not.\nSerial console logs will be collect to a file and then streamed from a named 'guest-console-log'.\nNot relevant if autoattachSerialConsole is disabled.\nDefaults to cluster wide setting on VirtualMachineOptions.", + "type": "boolean" + }, + "networkInterfaceMultiqueue": { + "description": "If specified, virtual network interfaces configured with a virtio bus will also enable the vhost multiqueue feature for network devices. The number of queues created depends on additional factors of the VirtualMachineInstance, like the number of guest CPUs.", + "type": "boolean" + }, + "panicDevices": { + "description": "PanicDevices provides additional crash information when a guest crashes.", + "items": { + "properties": { + "model": { + "description": "Model specifies what type of panic device is provided.\nThe panic model used when this attribute is missing depends on the hypervisor and guest arch.\nOne of: isa, hyperv, pvpanic.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "rng": { + "description": "Whether to have random number generator from host", + "type": "object" + }, + "sound": { + "description": "Whether to emulate a sound device.", + "properties": { + "model": { + "description": "We only support ich9 or ac97.\nIf SoundDevice is not set: No sound card is emulated.\nIf SoundDevice is set but Model is not: ich9", + "type": "string" + }, + "name": { + "description": "User's defined name for this sound device", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "tpm": { + "description": "Whether to emulate a TPM device.", + "properties": { + "enabled": { + "description": "Enabled allows a user to explicitly disable the vTPM even when one is enabled by a preference referenced by the VirtualMachine\nDefaults to True", + "type": "boolean" + }, + "persistent": { + "description": "Persistent indicates the state of the TPM device should be kept accross reboots\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "useVirtioTransitional": { + "description": "Fall back to legacy virtio 0.9 support if virtio bus is selected on devices.\nThis is helpful for old machines like CentOS6 or RHEL6 which\ndo not understand virtio_non_transitional (virtio 1.0).", + "type": "boolean" + }, + "video": { + "description": "Video describes the video device configuration for the vmi.", + "properties": { + "type": { + "description": "Type specifies the video device type (e.g., virtio, vga, bochs, ramfb).\nIf not specified, the default is architecture-dependent (VGA for BIOS-based VMs, Bochs for EFI-based VMs on AMD64; virtio for Arm and s390x).", + "type": "string" + } + }, + "type": "object" + }, + "watchdog": { + "description": "Watchdog describes a watchdog device which can be added to the vmi.", + "properties": { + "diag288": { + "description": "diag288 watchdog device (specific to s390x architecture).", + "properties": { + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", + "type": "string" + } + }, + "type": "object" + }, + "i6300esb": { + "description": "i6300esb watchdog device.", + "properties": { + "action": { + "description": "The action to take. Valid values are poweroff, reset, shutdown.\nDefaults to reset.", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the watchdog.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" + "features": { + "description": "Features like acpi, apic, hyperv, smm.", + "properties": { + "acpi": { + "description": "ACPI enables/disables ACPI inside the guest.\nDefaults to enabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "apic": { + "description": "Defaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "endOfInterrupt": { + "description": "EndOfInterrupt enables the end of interrupt notification in the guest.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "hyperv": { + "description": "Defaults to the machine type setting.", + "properties": { + "evmcs": { + "description": "EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "frequencies": { + "description": "Frequencies improves the TSC clock source handling for Hyper-V on KVM.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "ipi": { + "description": "IPI improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reenlightenment": { + "description": "Reenlightenment enables the notifications on TSC frequency changes.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "relaxed": { + "description": "Relaxed instructs the guest OS to disable watchdog timeouts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "reset": { + "description": "Reset enables Hyperv reboot/reset for the vmi. Requires synic.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime": { + "description": "Runtime improves the time accounting to improve scheduling in the guest.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "spinlocks": { + "description": "Spinlocks allows to configure the spinlock retry attempts.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "spinlocks": { + "description": "Retries indicates the number of retries.\nMust be a value greater or equal 4096.\nDefaults to 4096.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "synic": { + "description": "SyNIC enables the Synthetic Interrupt Controller.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "synictimer": { + "description": "SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load.\nDefaults to the machine type setting.", + "properties": { + "direct": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "tlbflush": { + "description": "TLBFlush improves performances in overcommited environments. Requires vpindex.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vapic": { + "description": "VAPIC improves the paravirtualized handling of interrupts.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "vendorid": { + "description": "VendorID allows setting the hypervisor vendor id.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + }, + "vendorid": { + "description": "VendorID sets the hypervisor vendor id, visible to the vmi.\nString up to twelve characters.", + "type": "string" + } + }, + "type": "object" + }, + "vpindex": { + "description": "VPIndex enables the Virtual Processor Index to help windows identifying virtual processors.\nDefaults to the machine type setting.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "hypervPassthrough": { + "description": "This enables all supported hyperv flags automatically.\nBear in mind that if this enabled hyperV features cannot\nbe enabled explicitly. In addition, a Virtual Machine\nusing it will be non-migratable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "kvm": { + "description": "Configure how KVM presence is exposed to the guest.", + "properties": { + "hidden": { + "description": "Hide the KVM hypervisor from standard MSR based discovery.\nDefaults to false", + "type": "boolean" + } + }, + "type": "object" + }, + "pvspinlock": { + "description": "Notify the guest that the host supports paravirtual spinlocks.\nFor older kernels this feature should be explicitly disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + }, + "smm": { + "description": "SMM enables/disables System Management Mode.\nTSEG not yet implemented.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" + "firmware": { + "description": "Firmware.", + "properties": { + "acpi": { + "description": "Information that can be set in the ACPI table", + "properties": { + "msdmNameRef": { + "description": "Similar to SlicNameRef, another ACPI entry that is used in more recent Windows versions.\nThe above points to the spec of MSDM too.", + "type": "string" + }, + "slicNameRef": { + "description": "SlicNameRef should match the volume name of a secret object. The data in the secret should\nbe a binary blob that follows the ACPI SLIC standard, see:\nhttps://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85)", + "type": "string" + } + }, + "type": "object" + }, + "bootloader": { + "description": "Settings to control the bootloader that is used.", + "properties": { + "bios": { + "description": "If set (default), BIOS will be used.", + "properties": { + "useSerial": { + "description": "If set, the BIOS output will be transmitted over serial", + "type": "boolean" + } + }, + "type": "object" + }, + "efi": { + "description": "If set, EFI will be used instead of BIOS.", + "properties": { + "persistent": { + "description": "If set to true, Persistent will persist the EFI NVRAM across reboots.\nDefaults to false", + "type": "boolean" + }, + "secureBoot": { + "description": "If set, SecureBoot will be enabled and the OVMF roms will be swapped for\nSecureBoot-enabled ones.\nRequires SMM to be enabled.\nDefaults to true", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "kernelBoot": { + "description": "Settings to set the kernel for booting.", + "properties": { + "container": { + "description": "Container defines the container that containes kernel artifacts", + "properties": { + "image": { + "description": "Image that contains initrd / kernel files.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "initrdPath": { + "description": "the fully-qualified path to the ramdisk image in the host OS", + "type": "string" + }, + "kernelPath": { + "description": "The fully-qualified path to the kernel image in the host OS", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "kernelArgs": { + "description": "Arguments to be passed to the kernel at boot time", + "type": "string" + } + }, + "type": "object" + }, + "serial": { + "description": "The system-serial-number in SMBIOS", + "type": "string" + }, + "uuid": { + "description": "UUID reported by the vmi bios.\nDefaults to a random generated uid.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" + "type": "object" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "ioThreads": { + "description": "IOThreads specifies the IOThreads options.", + "properties": { + "supplementalPoolThreadCount": { + "description": "SupplementalPoolThreadCount specifies how many iothreads are allocated for the supplementalPool policy.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "ioThreadsPolicy": { + "description": "Controls whether or not disks will share IOThreads.\nOmitting IOThreadsPolicy disables use of IOThreads.\nOne of: shared, auto, supplementalPool", "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" + "launchSecurity": { + "description": "Launch Security setting of the vmi.", + "properties": { + "sev": { + "description": "AMD Secure Encrypted Virtualization (SEV).", + "properties": { + "attestation": { + "description": "If specified, run the attestation process for a vmi.", + "type": "object" + }, + "dhCert": { + "description": "Base64 encoded guest owner's Diffie-Hellman key.", + "type": "string" + }, + "policy": { + "description": "Guest policy flags as defined in AMD SEV API specification.\nNote: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true.", + "properties": { + "encryptedState": { + "description": "SEV-ES is required.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" + }, + "session": { + "description": "Base64 encoded session blob.", + "type": "string" + } + }, + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + }, + "machine": { + "description": "Machine type.", + "properties": { + "type": { + "description": "QEMU machine type is the actual chipset of the VirtualMachineInstance.", + "type": "string" + } + }, + "type": "object" + }, + "memory": { + "description": "Memory allow specifying the VMI memory features.", + "properties": { + "guest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Guest allows to specifying the amount of memory which is visible inside the Guest OS.\nThe Guest must lie between Requests and Limits from the resources section.\nDefaults to the requested memory in the resources section if not specified.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "hugepages": { + "description": "Hugepages allow to use hugepages for the VirtualMachineInstance instead of regular memory.", + "properties": { + "pageSize": { + "description": "PageSize specifies the hugepage size, for x86_64 architecture valid values are 1Gi and 2Mi.", + "type": "string" + } + }, + "type": "object" + }, + "maxGuest": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS.\nThe delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "resources": { + "description": "Resources describes the Compute Resources required by this vmi.", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" + }, + "overcommitGuestOverhead": { + "description": "Don't ask the scheduler to take the guest-management overhead into account. Instead\nput the overhead only into the container's memory limit. This can lead to crashes if\nall memory is in use on a node. Defaults to false.", + "type": "boolean" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests is a description of the initial vmi resources.\nValid resource keys are \"memory\" and \"cpu\".", + "type": "object" + } + }, + "type": "object" } }, "required": [ - "key", - "operator" + "devices" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "format": "int32", - "type": "integer" - } - }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", - "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "items": { - "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", - "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "evictionStrategy": { + "description": "EvictionStrategy describes the strategy to follow when a node drain occurs.\nThe possible options are:\n- \"None\": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown.\n- \"LiveMigrate\": the VirtualMachineInstance will be migrated instead of being shutdown.\n- \"LiveMigrateIfPossible\": the same as \"LiveMigrate\" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as \"None\".\n- \"External\": the VirtualMachineInstance will be protected and 'vmi.Status.EvacuationNodeName' will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa.", + "type": "string" + }, + "hostname": { + "description": "Specifies the hostname of the vmi\nIf not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly.", + "type": "string" + }, + "livenessProbe": { + "description": "Periodic probe of VirtualMachineInstance liveness.\nVirtualmachineInstances will be stopped if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { - "type": "string" + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" } }, - "required": [ - "key", - "operator" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - "type": "string" - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", - "items": { + "networks": { + "description": "List of networks that can be attached to a vm's virtual interface.", + "items": { + "description": "Network represents a network type and a resource that should be connected to the vm.", + "properties": { + "multus": { + "description": "Represents the multus cni network.", + "properties": { + "default": { + "description": "Select the default network and add it to the\nmultus-cni.io/default-network annotation.", + "type": "boolean" + }, + "networkName": { + "description": "References to a NetworkAttachmentDefinition CRD object. Format:\n, /. If namespace is not\nspecified, VMI namespace is assumed.", + "type": "string" + } + }, + "required": [ + "networkName" + ], + "type": "object" + }, + "name": { + "description": "Network name.\nMust be a DNS_LABEL and unique within the vm.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "pod": { + "description": "Represents the stock pod network interface.", + "properties": { + "vmIPv6NetworkCIDR": { + "description": "IPv6 CIDR for the vm network.\nDefaults to fd10:0:2::/120 if not specified.", + "type": "string" + }, + "vmNetworkCIDR": { + "description": "CIDR for vm network.\nDefault 10.0.2.0/24 if not specified.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], + "maxItems": 256, + "type": "array" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the vmi to fit on a node.\nSelector which must match a node's labels for the vmi to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "priorityClassName": { + "description": "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", + "type": "string" + }, + "readinessProbe": { + "description": "Periodic probe of VirtualMachineInstance service readiness.\nVirtualmachineInstances will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "One and only one of the following should be specified.\nExec specifies the action to take, it will be executed on the guest through the qemu-guest-agent.\nIf the guest agent is not available, this probe will fail.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "guestAgentPing": { + "description": "GuestAgentPing contacts the qemu-guest-agent for availability checks.", + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { - "type": "string" + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" } }, "required": [ - "key", - "operator" + "port" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "initialDelaySeconds": { + "description": "Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.\nTCP hooks not yet supported", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nFor exec probes the timeout fails the probe but does not terminate the command running on the guest.\nThis means a blocking command can result in an increasing load on the guest.\nA small buffer will be added to the resulting workload exec probe to compensate for delays\ncaused by the qemu guest exec mechanism.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "object" + }, + "resourceClaims": { + "description": "ResourceClaims define which ResourceClaims must be allocated\nand reserved before the VMI, hence virt-launcher pod is allowed to start. The resources\nwill be made available to the domain which consumes them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate in kubernetes\n https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/\nThis field should only be configured if one of the feature-gates GPUsWithDRA or HostDevicesWithDRA is enabled.\nThis feature is in alpha.", + "items": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name.", + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set.", + "type": "string" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "name" + ], "type": "object" - } + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "schedulerName": { + "description": "If specified, the VMI will be dispatched by specified scheduler.\nIf not specified, the VMI will be dispatched by default scheduler.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "startStrategy": { + "description": "StartStrategy can be set to \"Paused\" if Virtual Machine should be started in paused state.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "subdomain": { + "description": "If specified, the fully qualified vmi hostname will be \"...svc.\".\nIf not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi,\nno matter if the vmi itself can pick up a hostname.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Grace period observed after signalling a VirtualMachineInstance to stop after which the VirtualMachineInstance is force terminated.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If toleration is specified, obey all the toleration rules.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology\ndomains. K8s scheduler will schedule VMI pods in a way which abides by the constraints.", + "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen 'whenUnsatisfiable=DoNotSchedule', it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen 'whenUnsatisfiable=ScheduleAnyway', it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumes": { + "description": "List of volumes that can be mounted by disks belonging to the vmi.", + "items": { + "description": "Volume represents a named volume in a vmi.", + "properties": { + "cloudInitConfigDrive": { + "description": "CloudInitConfigDrive represents a cloud-init Config Drive user-data source.\nThe Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html", + "properties": { + "networkData": { + "description": "NetworkData contains config drive inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains config drive cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains config drive networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains config drive userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains config drive inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains config drive cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "cloudInitNoCloud": { + "description": "CloudInitNoCloud represents a cloud-init NoCloud user-data source.\nThe NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest.\nMore info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html", + "properties": { + "networkData": { + "description": "NetworkData contains NoCloud inline cloud-init networkdata.", + "type": "string" + }, + "networkDataBase64": { + "description": "NetworkDataBase64 contains NoCloud cloud-init networkdata as a base64 encoded string.", + "type": "string" + }, + "networkDataSecretRef": { + "description": "NetworkDataSecretRef references a k8s secret that contains NoCloud networkdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretRef": { + "description": "UserDataSecretRef references a k8s secret that contains NoCloud userdata.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userData": { + "description": "UserData contains NoCloud inline cloud-init userdata.", + "type": "string" + }, + "userDataBase64": { + "description": "UserDataBase64 contains NoCloud cloud-init userdata as a base64 encoded string.", + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "description": "ConfigMapSource represents a reference to a ConfigMap in the same namespace.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or it's keys must be defined", + "type": "boolean" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "containerDisk": { + "description": "ContainerDisk references a docker image, embedding a qcow or raw disk.\nMore info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html", + "properties": { + "image": { + "description": "Image is the name of the image with the embedded disk.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "imagePullSecret": { + "description": "ImagePullSecret is the name of the Docker registry secret required to pull the image. The secret must already exist.", + "type": "string" + }, + "path": { + "description": "Path defines the path to disk file in the container", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "dataVolume": { + "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", + "properties": { + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "name": { + "description": "Name of both the DataVolume and the PVC in the same namespace.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "downwardAPI": { + "description": "DownwardAPI represents downward API about the pod that should populate this volume", + "properties": { + "fields": { + "description": "Fields is a list of downward API volume file", + "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "downwardMetrics": { + "description": "DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest\nmetrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics.", + "type": "object" + }, + "emptyDisk": { + "description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.\nMore info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "capacity" + ], + "type": "object" + }, + "ephemeral": { + "description": "Ephemeral is a special volume source that \"wraps\" specified source and provides copy-on-write image on top of it.", + "properties": { + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + } + }, + "type": "object" + }, + "hostDisk": { + "description": "HostDisk represents a disk created on the cluster level", + "properties": { + "capacity": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Capacity of the sparse disk", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "path": { + "description": "The path to HostDisk image located on the cluster", + "type": "string" + }, + "shared": { + "description": "Shared indicate whether the path is shared between nodes", + "type": "boolean" + }, + "type": { + "description": "Contains information if disk.img exists or should be created\nallowed options are 'Disk' and 'DiskOrCreate'", + "type": "string" + } + }, + "required": [ + "path", + "type" + ], + "type": "object" + }, + "memoryDump": { + "description": "MemoryDump is attached to the virt launcher and is populated with a memory dump of the vmi", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "name": { + "description": "Volume's name.\nMust be a DNS_LABEL and unique within the vmi.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "secret": { + "description": "SecretVolumeSource represents a reference to a secret data in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret/", + "properties": { + "optional": { + "description": "Specify whether the Secret or it's keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "Name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + }, + "volumeLabel": { + "description": "The volume label of the resulting disk inside the VMI.\nDifferent bootstrapping mechanisms require different values.\nTypical values are \"cidata\" (cloud-init), \"config-2\" (cloud-init) or \"OEMDRV\" (kickstart).", + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "ServiceAccountVolumeSource represents a reference to a service account.\nThere can only be one volume of this type!\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "properties": { + "serviceAccountName": { + "description": "Name of the service account in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + } + }, + "type": "object" + }, + "sysprep": { + "description": "Represents a Sysprep volume source.", + "properties": { + "configMap": { + "description": "ConfigMap references a ConfigMap that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret references a k8s Secret that contains Sysprep answer file named autounattend.xml that should be attached as disk of CDROM type.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "required": [ + "name" + ], "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" + }, + "maxItems": 256, + "type": "array" + } }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "domain" + ], + "type": "object" + } + }, + "type": "object" + }, + "updateVolumesStrategy": { + "description": "UpdateVolumesStrategy is the strategy to apply on volumes updates", + "type": "string" + } + }, + "required": [ + "template" + ], + "type": "object" + }, + "status": { + "description": "Status holds the current state of the controller and brief information\nabout its associated VirtualMachineInstance", + "properties": { + "conditions": { + "description": "Hold the state information of the VirtualMachine and its VirtualMachineInstance", + "items": { + "description": "VirtualMachineCondition represents the state of VirtualMachine", + "properties": { + "lastProbeTime": { + "format": "date-time", + "nullable": true, + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "lastTransitionTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { "type": "string" } }, "required": [ - "topologyKey" + "status", + "type" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "created": { + "description": "Created indicates if the virtual machine is created in the cluster", + "type": "boolean" + }, + "desiredGeneration": { + "description": "DesiredGeneration is the generation which is desired for the VMI.\nThis will be used in comparisons with ObservedGeneration to understand when\nthe VMI is out of sync. This will be changed at the same time as\nObservedGeneration to remove errors which could occur if Generation is\nupdated through an Update() before ObservedGeneration in Status.", + "format": "int64", + "type": "integer" + }, + "instancetypeRef": { + "description": "InstancetypeRef captures the state of any referenced instance type from the VirtualMachine", + "nullable": true, + "properties": { + "controllerRevisionRef": { + "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", + "properties": { + "name": { + "description": "Name of the ControllerRevision", + "type": "string" + } }, - "matchLabels": { - "additionalProperties": { + "type": "object" + }, + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "type": "string" + }, + "kind": { + "description": "Kind specifies the kind of resource", + "type": "string" + }, + "name": { + "description": "Name is the name of resource", + "type": "string" + } + }, + "type": "object" + }, + "memoryDumpRequest": { + "description": "MemoryDumpRequest tracks memory dump request phase and info of getting a memory\ndump to the given pvc", + "nullable": true, + "properties": { + "claimName": { + "description": "ClaimName is the name of the pvc that will contain the memory dump", + "type": "string" + }, + "endTimestamp": { + "description": "EndTimestamp represents the time the memory dump was completed", + "format": "date-time", + "type": "string" + }, + "fileName": { + "description": "FileName represents the name of the output file", + "type": "string" + }, + "message": { + "description": "Message is a detailed message about failure of the memory dump", + "type": "string" + }, + "phase": { + "description": "Phase represents the memory dump phase", + "type": "string" + }, + "remove": { + "description": "Remove represents request of dissociating the memory dump pvc", + "type": "boolean" + }, + "startTimestamp": { + "description": "StartTimestamp represents the time the memory dump started", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "claimName", + "phase" + ], + "type": "object" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation observed by the vmi when started.", + "format": "int64", + "type": "integer" + }, + "preferenceRef": { + "description": "PreferenceRef captures the state of any referenced preference from the VirtualMachine", + "nullable": true, + "properties": { + "controllerRevisionRef": { + "description": "ControllerRef specifies the ControllerRevision storing a copy of the object captured\nwhen it is first seen by the VirtualMachine controller", + "properties": { + "name": { + "description": "Name of the ControllerRevision", "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } + } + }, + "type": "object" + }, + "inferFromVolume": { + "description": "InferFromVolume lists the name of a volume that should be used to infer or discover the resource", + "type": "string" + }, + "inferFromVolumeFailurePolicy": { + "description": "InferFromVolumeFailurePolicy controls what should happen on failure when inferring the resource", + "type": "string" + }, + "kind": { + "description": "Kind specifies the kind of resource", + "type": "string" + }, + "name": { + "description": "Name is the name of resource", + "type": "string" + } + }, + "type": "object" + }, + "printableStatus": { + "default": "Stopped", + "description": "PrintableStatus is a human readable, high-level representation of the status of the virtual machine", + "type": "string" + }, + "ready": { + "description": "Ready indicates if the virtual machine is running and ready", + "type": "boolean" + }, + "restoreInProgress": { + "description": "RestoreInProgress is the name of the VirtualMachineRestore currently executing", + "type": "string" + }, + "runStrategy": { + "description": "RunStrategy tracks the last recorded RunStrategy used by the VM.\nThis is needed to correctly process the next strategy (for now only the RerunOnFailure)", + "type": "string" + }, + "snapshotInProgress": { + "description": "SnapshotInProgress is the name of the VirtualMachineSnapshot currently executing", + "type": "string" + }, + "startFailure": { + "description": "StartFailure tracks consecutive VMI startup failures for the purposes of\ncrash loop backoffs", + "nullable": true, + "properties": { + "consecutiveFailCount": { + "type": "integer" }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "lastFailedVMIUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { + "retryAfterTimestamp": { + "format": "date-time", "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + } }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object" + }, + "stateChangeRequests": { + "description": "StateChangeRequests indicates a list of actions that should be taken on a VMI\ne.g. stop a specific VMI then start a new one.", + "items": { "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "action": { + "description": "Indicates the type of action that is requested. e.g. Start or Stop", + "type": "string" }, - "matchLabels": { + "data": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "Provides additional data in order to perform the Action", "type": "object" + }, + "uid": { + "description": "Indicates the UUID of an existing Virtual Machine Instance that this change request applies to -- if applicable", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "action" + ], + "type": "object" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } + "type": "array" }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", - "items": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", - "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", + "volumeRequests": { + "description": "VolumeRequests indicates a list of volumes add or remove from the VMI template and\nhotplug on an active running VMI.", + "items": { "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "addVolumeOptions": { + "description": "AddVolumeOptions when set indicates a volume should be added. The details\nwithin this field specify how to add the volume", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "disk": { + "description": "Disk represents the hotplug disk that will be plugged into the running VMI", + "properties": { + "blockSize": { + "description": "If specified, the virtual disk will be presented with the given block sizes.", + "properties": { + "custom": { + "description": "CustomBlockSize represents the desired logical and physical block size for a VM disk.", + "properties": { + "logical": { + "type": "integer" + }, + "physical": { + "type": "integer" + } + }, + "required": [ + "logical", + "physical" + ], + "type": "object" + }, + "matchVolume": { + "description": "Represents if a feature is enabled or disabled.", + "properties": { + "enabled": { + "description": "Enabled determines if the feature should be enabled or disabled on the guest.\nDefaults to true.", + "type": "boolean" + } + }, + "type": "object" + } }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" + "type": "object" + }, + "bootOrder": { + "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices.\nLower values take precedence.\nEach disk or interface that has a boot order must have a unique value.\nDisks without a boot order are not tried if a disk with a boot order exists.", + "type": "integer" + }, + "cache": { + "description": "Cache specifies which kvm disk cache mode should be used.\nSupported values are:\nnone: Guest I/O not cached on the host, but may be kept in a disk cache.\nwritethrough: Guest I/O cached on the host but written through to the physical medium. Slowest but with most guarantees.\nwriteback: Guest I/O cached on the host.\nDefaults to none if the storage supports O_DIRECT, otherwise writethrough.", + "type": "string" + }, + "cdrom": { + "description": "Attach a volume as a cdrom to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to true.", + "type": "boolean" + }, + "tray": { + "description": "Tray indicates if the tray of the device is open or closed.\nAllowed values are \"open\" and \"closed\".\nDefaults to closed.", + "type": "string" + } }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { + "type": "object" + }, + "dedicatedIOThread": { + "description": "dedicatedIOThread indicates this disk should have an exclusive IO Thread.\nEnabling this implies useIOThreads = true.\nDefaults to false.", + "type": "boolean" + }, + "disk": { + "description": "Attach a volume as a disk to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi, usb.", "type": "string" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "pciAddress": { + "description": "If specified, the virtual disk will be placed on the guests pci address with the specified PCI address. For example: 0000:81:01.10", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + } + }, + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" + "errorPolicy": { + "description": "If specified, it can change the default error policy (stop) for the disk", + "type": "string" + }, + "io": { + "description": "IO specifies which QEMU disk IO mode should be used.\nSupported values are: native, default, threads.", + "type": "string" + }, + "lun": { + "description": "Attach a volume as a LUN to the vmi.", + "properties": { + "bus": { + "description": "Bus indicates the type of disk device to emulate.\nsupported values: virtio, sata, scsi.", + "type": "string" + }, + "readonly": { + "description": "ReadOnly.\nDefaults to false.", + "type": "boolean" + }, + "reservation": { + "description": "Reservation indicates if the disk needs to support the persistent reservation for the SCSI disk", + "type": "boolean" + } + }, + "type": "object" + }, + "name": { + "description": "Name is the device name", + "type": "string" + }, + "serial": { + "description": "Serial provides the ability to specify a serial number for the disk device.", + "type": "string" + }, + "shareable": { + "description": "If specified the disk is made sharable and multiple write from different VMs are permitted", + "type": "boolean" + }, + "tag": { + "description": "If specified, disk address and its tag will be provided to the guest via config drive metadata", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "dryRun": { + "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", + "items": { + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" + "name": { + "description": "Name represents the name that will be used to map the\ndisk to the corresponding volume. This overrides any name\nset inside the Disk struct itself.", + "type": "string" + }, + "volumeSource": { + "description": "VolumeSource represents the source of the volume to map to the disk.", + "properties": { + "dataVolume": { + "description": "DataVolume represents the dynamic creation a PVC for this volume as well as\nthe process of populating that PVC with a disk image.", + "properties": { + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "name": { + "description": "Name of both the DataVolume and the PVC in the same namespace.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace.\nDirectly attached to the vmi via qemu.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "hotpluggable": { + "description": "Hotpluggable indicates whether the volume can be hotplugged and hotunplugged.", + "type": "boolean" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + } }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "required": [ + "disk", + "name", + "volumeSource" + ], + "type": "object" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "removeVolumeOptions": { + "description": "RemoveVolumeOptions when set indicates a volume should be removed. The details\nwithin this field specify how to add the volume", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "dryRun": { + "description": "When present, indicates that modifications should not be\npersisted. An invalid or unrecognized dryRun directive will\nresult in an error response and no further processing of the\nrequest. Valid values are:\n- All: all dry run stages will be processed", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" + "name": { + "description": "Name represents the name that maps to both the disk and volume that\nshould be removed", + "type": "string" } }, - "type": "object", - "x-kubernetes-map-type": "atomic" + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumeSnapshotStatuses": { + "description": "VolumeSnapshotStatuses indicates a list of statuses whether snapshotting is\nsupported by each volume.", + "items": { + "properties": { + "enabled": { + "description": "True if the volume supports snapshotting", + "type": "boolean" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Volume name", + "type": "string" }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "reason": { + "description": "Empty if snapshotting is enabled, contains reason otherwise", "type": "string" } }, "required": [ - "topologyKey" + "enabled", + "name" ], "type": "object" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", - "format": "int32", - "type": "integer" - } + "type": "array" }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", - "items": { - "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", - "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "volumeUpdateState": { + "description": "VolumeUpdateState contains the information about the volumes set\nupdates related to the volumeUpdateStrategy", + "properties": { + "volumeMigrationState": { + "description": "VolumeMigrationState tracks the information related to the volume migration", + "properties": { + "migratedVolumes": { + "description": "MigratedVolumes lists the source and destination volumes during the volume migration", + "items": { + "description": "StorageMigratedVolumeInfo tracks the information about the source and destination volumes during the volume migration", + "properties": { + "destinationPVCInfo": { + "description": "DestinationPVCInfo contains the information about the destination PVC", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Capacity represents the capacity set on the corresponding PVC status", + "type": "object" + }, + "claimName": { + "description": "ClaimName is the name of the PVC", + "type": "string" + }, + "filesystemOverhead": { + "description": "Percentage of filesystem's size to be reserved when resizing the PVC", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "preallocated": { + "description": "Preallocated indicates if the PVC's storage is preallocated or not", + "type": "boolean" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests represents the resources requested by the corresponding PVC spec", + "type": "object" + }, + "volumeMode": { + "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + } + }, + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "sourcePVCInfo": { + "description": "SourcePVCInfo contains the information about the source PVC", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Capacity represents the capacity set on the corresponding PVC status", + "type": "object" + }, + "claimName": { + "description": "ClaimName is the name of the PVC", + "type": "string" + }, + "filesystemOverhead": { + "description": "Percentage of filesystem's size to be reserved when resizing the PVC", + "pattern": "^(0(?:\\.\\d{1,3})?|1)$", + "type": "string" + }, + "preallocated": { + "description": "Preallocated indicates if the PVC's storage is preallocated or not", + "type": "boolean" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests represents the resources requested by the corresponding PVC spec", + "type": "object" + }, + "volumeMode": { + "description": "VolumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + } + }, + "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + "volumeName": { + "description": "VolumeName is the name of the volume that is being migrated", + "type": "string" + } + }, + "required": [ + "volumeName" + ], + "type": "object" }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" + } }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", - "type": "string" - } - }, - "required": [ - "topologyKey" - ], - "type": "object" + "type": "object" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "object" } }, "type": "object" @@ -324437,1011 +283697,805 @@ }, "type": "object" }, - "extraConfig": { - "description": "ExtraConfig defines any extra (overlay) configuration of components.", - "properties": { - "tempo": { - "description": "Tempo defines any extra Tempo configuration, which will be merged with the operator's generated Tempo configuration", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" + "virtualMachineSnapshotName": { + "type": "string" }, - "ingestion": { - "description": "Ingestion defines the trace ingestion configuration.", - "properties": { - "otlp": { - "description": "OTLP defines the ingestion configuration for the OTLP protocol.", - "properties": { - "grpc": { - "description": "GRPC defines the OTLP over gRPC configuration.", - "properties": { - "enabled": { - "default": true, - "description": "Enabled defines if OTLP over gRPC is enabled.\nDefault: enabled.", - "type": "boolean" - }, - "tls": { - "description": "TLS defines the TLS configuration for OTLP/gRPC ingestion.\n\nOn OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName`\nare provided it will use OpenShift serving certificate service.", - "properties": { - "caName": { - "description": "CA is the name of a ConfigMap containing a CA certificate (service-ca.crt).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "certName": { - "description": "Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "enabled": { - "description": "Enabled defines if TLS is enabled.", - "type": "boolean" - }, - "minVersion": { - "description": "MinVersion defines the minimum acceptable TLS version.", - "type": "string" - } - }, - "type": "object" - } + "volumeBackups": { + "items": { + "description": "VolumeBackup contains the data neeed to restore a PVC", + "properties": { + "persistentVolumeClaim": { + "properties": { + "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true }, - "required": [ - "enabled" - ], - "type": "object" - }, - "http": { - "description": "HTTP defines the OTLP over HTTP configuration.", - "properties": { - "enabled": { - "default": true, - "description": "Enabled defines if OTLP over HTTP is enabled.\nDefault: enabled.", - "type": "boolean" - }, - "tls": { - "description": "TLS defines the TLS configuration for OTLP/HTTP ingestion.\n\nOn OpenShift when operator config `servingCertsService` and TLS is enabled but no `certName` and `caName`\nare provided it will use OpenShift serving certificate service.", - "properties": { - "caName": { - "description": "CA is the name of a ConfigMap containing a CA certificate (service-ca.crt).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "certName": { - "description": "Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key).\nIt needs to be in the same namespace as the Tempo custom resource.", + "spec": { + "description": "Spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { "type": "string" }, - "enabled": { - "description": "Enabled defines if TLS is enabled.", - "type": "boolean" - }, - "minVersion": { - "description": "MinVersion defines the minimum acceptable TLS version.", - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "object" - } - }, - "required": [ - "enabled" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "jaegerui": { - "description": "JaegerUI defines the Jaeger UI configuration.", - "properties": { - "authentication": { - "description": "Authentication defines the options for the oauth proxy used to protect jaeger UI", - "properties": { - "enabled": { - "description": "Defines if the authentication will be enabled for jaeger UI.", - "type": "boolean" - }, - "resources": { - "description": "Resources defines the compute resource requirements of the OAuth Proxy container.\nThe OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, "required": [ + "kind", "name" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" }, - { + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" }, - { + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } + }, + "required": [ + "kind", + "name" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "sar": { - "description": "SAR defines the SAR to be used in the oauth-proxy\ndefault is \"{\"namespace\": \"\", \"resource\": \"pods\", \"verb\": \"get\"}", - "type": "string" - } - }, - "type": "object" - }, - "enabled": { - "description": "Enabled defines if the Jaeger UI component should be created.", - "type": "boolean" - }, - "findTracesConcurrentRequests": { - "description": "FindTracesConcurrentRequests defines how many concurrent request a single trace search can submit (defaults 2).\nThe search for traces in Jaeger submits limit+1 requests. First requests finds trace IDs and then it fetches\nentire traces by ID. This property allows Jaeger to fetch traces in parallel.\nNote that by default a single Tempo querier can process 20 concurrent search jobs.\nIncreasing this property might require scaling up querier instances, especially on error \"job queue full\"\nSee also Tempo's extraConfig:\nquerier.max_concurrent_queries (20 default)\nquery_frontend.max_outstanding_per_tenant: (2000 default). Increase if the query-frontend returns 429", - "type": "integer" - }, - "ingress": { - "description": "Ingress defines the Ingress configuration for the Jaeger UI.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations defines the annotations of the Ingress object.", - "type": "object" - }, - "enabled": { - "description": "Enabled defines if an Ingress object should be created for Jaeger UI.", - "type": "boolean" - }, - "host": { - "description": "Host defines the hostname of the Ingress object.", - "type": "string" - }, - "ingressClassName": { - "description": "IngressClassName defines the name of an IngressClass cluster resource.\nDefines which ingress controller serves this ingress resource.", - "type": "string" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "resources": { - "description": "Resources defines the compute resource requirements of the Jaeger UI container.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "route": { - "description": "Route defines the OpenShift route configuration for the Jaeger UI.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations defines the annotations of the Route object.", - "type": "object" - }, - "enabled": { - "description": "Enabled defines if a Route object should be created for Jaeger UI.", - "type": "boolean" - }, - "host": { - "description": "Host defines the hostname of the Route object.", - "type": "string" - }, - "termination": { - "description": "Termination specifies the termination type.", - "enum": [ - "insecure", - "edge", - "passthrough", - "reencrypt" - ], - "type": "string" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "servicesQueryDuration": { - "description": "ServicesQueryDuration defines how long the services will be available in the services list", - "type": "string" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "management": { - "description": "ManagementState defines whether this instance is managed by the operator or self-managed.\nDefault: Managed.", - "enum": [ - "Managed", - "Unmanaged" - ], - "type": "string" - }, - "multitenancy": { - "description": "Multitenancy defines the multi-tenancy configuration.", - "properties": { - "authentication": { - "description": "Authentication defines the tempo-gateway component authentication configuration spec per tenant.", - "items": { - "description": "AuthenticationSpec defines the oidc configuration per tenant for tempo Gateway component.", - "properties": { - "oidc": { - "description": "OIDC defines the spec for the OIDC tenant's authentication.", - "properties": { - "groupClaim": { - "description": "Group claim field from ID Token", - "type": "string" - }, - "issuerURL": { - "description": "IssuerURL defines the URL for issuer.", - "type": "string" - }, - "redirectURL": { - "description": "RedirectURL defines the URL for redirect.", - "type": "string" + "type": "object" }, - "secret": { - "description": "Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant's authentication.", + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { - "name": { - "description": "Name of a secret in the namespace configured for tenant secrets.", - "type": "string" + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" } }, "type": "object" }, - "usernameClaim": { - "description": "User claim field from ID Token", - "type": "string" - } - }, - "type": "object" - }, - "tenantId": { - "description": "TenantID defines a universally unique identifier of the tenant.\nUnlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment.\nTempo uses this ID to prefix objects in the object storage.", - "type": "string" - }, - "tenantName": { - "description": "TenantName defines a human readable, unique name of the tenant.\nThe value of this field must be specified in the X-Scope-OrgID header and in the resources field of a ClusterRole to identify the tenant.", - "type": "string" - } - }, - "required": [ - "tenantId", - "tenantName" - ], - "type": "object" - }, - "type": "array" - }, - "authorization": { - "description": "Authorization defines the tempo-gateway component authorization configuration spec per tenant.", - "properties": { - "roleBindings": { - "description": "RoleBindings defines configuration to bind a set of roles to a set of subjects.", - "items": { - "description": "RoleBindingsSpec binds a set of roles to a set of subjects.", - "properties": { - "name": { - "type": "string" - }, - "roles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subjects": { - "items": { - "description": "Subject represents a subject that has been bound to a role.", - "properties": { - "kind": { - "description": "SubjectKind is a kind of Tempo Gateway RBAC subject.", - "enum": [ - "user", - "group" + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" ], - "type": "string" + "type": "object" }, - "name": { - "type": "string" - } + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "kind", - "name" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } }, - "type": "array" - } - }, - "required": [ - "name", - "roles", - "subjects" - ], - "type": "object" - }, - "type": "array" - }, - "roles": { - "description": "Roles defines a set of permissions to interact with a tenant.", - "items": { - "description": "RoleSpec describes a set of permissions to interact with a tenant.", - "properties": { - "name": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "permissions": { - "items": { - "description": "PermissionType is a Tempo Gateway RBAC permission.", - "enum": [ - "read", - "write" - ], - "type": "string" - }, - "type": "array" + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" }, - "resources": { - "items": { - "type": "string" - }, - "type": "array" + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" }, - "tenants": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "name", - "permissions", - "resources", - "tenants" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "enabled": { - "description": "Enabled defines if multi-tenancy is enabled.", - "type": "boolean" - }, - "mode": { - "default": "static", - "description": "Mode defines the multitenancy mode.", - "enum": [ - "static", - "openshift" - ], - "type": "string" - }, - "resources": { - "description": "Resources defines the compute resource requirements of the gateway container.\nThe gateway performs authentication and authorization of incoming requests when multi-tenancy is enabled.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "required": [ - "name" - ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "object" }, - "type": "object" - } - }, - "required": [ - "enabled", - "mode" - ], - "type": "object" - }, - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines which labels are required by a node to schedule the pod onto it.", - "type": "object" - }, - "observability": { - "description": "Observability defines the observability configuration of the Tempo deployment.", - "properties": { - "grafana": { - "description": "Grafana defines the Grafana configuration of the Tempo deployment.", - "properties": { - "dataSource": { - "description": "DataSource defines the Grafana data source configuration.", - "properties": { - "enabled": { - "description": "Enabled defines if a Grafana data source should be created for this Tempo deployment.", - "type": "boolean" - }, - "instanceSelector": { - "description": "InstanceSelector defines the Grafana instance where the data source should be created.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "required": [ - "enabled" - ], - "type": "object" - } + "volumeName": { + "type": "string" }, - "type": "object" + "volumeSnapshotName": { + "type": "string" + } }, - "metrics": { - "description": "Metrics defines the metric configuration of the Tempo deployment.", - "properties": { - "prometheusRules": { - "description": "ServiceMonitors defines the PrometheusRule configuration.", - "properties": { - "enabled": { - "description": "Enabled defines if PrometheusRule objects should be created for this Tempo deployment.", - "type": "boolean" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "serviceMonitors": { - "description": "ServiceMonitors defines the ServiceMonitor configuration.", - "properties": { - "enabled": { - "description": "Enabled defines if ServiceMonitor objects should be created for this Tempo deployment.", - "type": "boolean" - } - }, - "required": [ - "enabled" - ], - "type": "object" - } - }, - "type": "object" - } + "required": [ + "persistentVolumeClaim", + "volumeName" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "status": { + "description": "VirtualMachineSnapshotContentStatus is the status for a VirtualMachineSnapshotStatus resource", + "properties": { + "creationTime": { + "format": "date-time", + "nullable": true, + "type": "string" }, - "query": { - "description": "Query defines query configuration.", + "error": { + "description": "Error is the last error encountered during the snapshot/restore", "properties": { - "rbac": { - "description": "RBAC defines query RBAC options.\nThis option can be used only with multi-tenancy.", - "properties": { - "enabled": { - "description": "Enabled defines if the query RBAC should be enabled.", - "type": "boolean" - } - }, - "type": "object" + "message": { + "type": "string" + }, + "time": { + "format": "date-time", + "type": "string" } }, "type": "object" }, - "resources": { - "description": "Resources defines the compute resource requirements of the Tempo container.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "readyToUse": { + "type": "boolean" + }, + "volumeSnapshotStatus": { + "items": { + "description": "VolumeSnapshotStatus is the status of a VolumeSnapshot", + "properties": { + "creationTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "error": { + "description": "Error is the last error encountered during the snapshot/restore", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "message": { "type": "string" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "time": { + "format": "date-time", "type": "string" } }, - "required": [ - "name" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "readyToUse": { + "type": "boolean" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "volumeSnapshotName": { + "type": "string" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "required": [ + "volumeSnapshotName" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotContent", + "version": "v1beta1" + } + ] + }, + "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotContentList": { + "description": "VirtualMachineSnapshotContentList is a list of VirtualMachineSnapshotContent", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of virtualmachinesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineSnapshotContent" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotContentList", + "version": "v1beta1" + } + ] + }, + "snapshot.kubevirt.io/v1beta1/VirtualMachineSnapshotList": { + "description": "VirtualMachineSnapshotList is a list of VirtualMachineSnapshot", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of virtualmachinesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.snapshot.v1beta1.VirtualMachineSnapshot" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.kubevirt.io", + "kind": "VirtualMachineSnapshotList", + "version": "v1beta1" + } + ] + }, + "snapshot.storage.k8s.io/v1/VolumeSnapshot": { + "description": "VolumeSnapshot is a user's request for either creating a point-in-time\nsnapshot of a persistent volume, or binding to a pre-existing snapshot.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec defines the desired characteristics of a snapshot requested by a user.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots\nRequired.", + "properties": { + "source": { + "description": "source specifies where a snapshot will be created from.\nThis field is immutable after creation.\nRequired.", + "properties": { + "persistentVolumeClaimName": { + "description": "persistentVolumeClaimName specifies the name of the PersistentVolumeClaim\nobject representing the volume from which a snapshot should be created.\nThis PVC is assumed to be in the same namespace as the VolumeSnapshot\nobject.\nThis field should be set if the snapshot does not exists, and needs to be\ncreated.\nThis field is immutable.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "persistentVolumeClaimName is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeSnapshotContentName": { + "description": "volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent\nobject representing an existing volume snapshot.\nThis field should be set if the snapshot already exists and only needs a representation in Kubernetes.\nThis field is immutable.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeSnapshotContentName is immutable", + "rule": "self == oldSelf" + } + ] + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "persistentVolumeClaimName is required once set", + "rule": "!has(oldSelf.persistentVolumeClaimName) || has(self.persistentVolumeClaimName)" + }, + { + "message": "volumeSnapshotContentName is required once set", + "rule": "!has(oldSelf.volumeSnapshotContentName) || has(self.volumeSnapshotContentName)" + }, + { + "message": "exactly one of volumeSnapshotContentName and persistentVolumeClaimName must be set", + "rule": "(has(self.volumeSnapshotContentName) && !has(self.persistentVolumeClaimName)) || (!has(self.volumeSnapshotContentName) && has(self.persistentVolumeClaimName))" + } + ] + }, + "volumeSnapshotClassName": { + "description": "VolumeSnapshotClassName is the name of the VolumeSnapshotClass\nrequested by the VolumeSnapshot.\nVolumeSnapshotClassName may be left nil to indicate that the default\nSnapshotClass should be used.\nA given cluster may have multiple default Volume SnapshotClasses: one\ndefault per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass,\nVolumeSnapshotSource will be checked to figure out what the associated\nCSI Driver is, and the default VolumeSnapshotClass associated with that\nCSI Driver will be used. If more than one VolumeSnapshotClass exist for\na given CSI Driver and more than one have been marked as default,\nCreateSnapshot will fail and generate an event.\nEmpty string is not allowed for this field.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeSnapshotClassName must not be the empty string when set", + "rule": "size(self) > 0" + } + ] + } + }, + "required": [ + "source" + ], + "type": "object" + }, + "status": { + "description": "status represents the current information of a snapshot.\nConsumers must verify binding between VolumeSnapshot and\nVolumeSnapshotContent objects is successful (by validating that both\nVolumeSnapshot and VolumeSnapshotContent point at each other) before\nusing this object.", + "properties": { + "boundVolumeSnapshotContentName": { + "description": "boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent\nobject to which this VolumeSnapshot object intends to bind to.\nIf not specified, it indicates that the VolumeSnapshot object has not been\nsuccessfully bound to a VolumeSnapshotContent object yet.\nNOTE: To avoid possible security issues, consumers must verify binding between\nVolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that\nboth VolumeSnapshot and VolumeSnapshotContent point at each other) before using\nthis object.", + "type": "string" + }, + "creationTime": { + "description": "creationTime is the timestamp when the point-in-time snapshot is taken\nby the underlying storage system.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"creation_time\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"creation_time\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nIf not specified, it may indicate that the creation time of the snapshot is unknown.", + "format": "date-time", + "type": "string" + }, + "error": { + "description": "error is the last observed error during snapshot creation, if any.\nThis field could be helpful to upper level controllers(i.e., application controller)\nto decide whether they should continue on waiting for the snapshot to be created\nbased on the type of error reported.\nThe snapshot controller will keep retrying when an error occurs during the\nsnapshot creation. Upon success, this error field will be cleared.", + "properties": { + "message": { + "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", + "type": "string" + }, + "time": { + "description": "time is the timestamp when the error was encountered.", + "format": "date-time", + "type": "string" } }, "type": "object" }, - "serviceAccount": { - "description": "ServiceAccount defines the Service Account to use for all Tempo components.", + "readyToUse": { + "description": "readyToUse indicates if the snapshot is ready to be used to restore a volume.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"ready_to_use\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"ready_to_use\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it,\notherwise, this field will be set to \"True\".\nIf not specified, it means the readiness of a snapshot is unknown.", + "type": "boolean" + }, + "restoreSize": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "restoreSize represents the minimum size of volume required to create a volume\nfrom this snapshot.\nIn dynamic snapshot creation case, this field will be filled in by the\nsnapshot controller with the \"size_bytes\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"size_bytes\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nWhen restoring a volume from this snapshot, the size of the volume MUST NOT\nbe smaller than the restoreSize if it is specified, otherwise the restoration will fail.\nIf not specified, it indicates that the size is unknown.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "type": "string", + "x-kubernetes-int-or-string": true + }, + "volumeGroupSnapshotName": { + "description": "VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot of which this\nVolumeSnapshot is a part of.", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshot", + "version": "v1" + } + ] + }, + "snapshot.storage.k8s.io/v1/VolumeSnapshotClass": { + "description": "VolumeSnapshotClass specifies parameters that a underlying storage system uses when\ncreating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its\nname in a VolumeSnapshot object.\nVolumeSnapshotClasses are non-namespaced", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "deletionPolicy": { + "description": "deletionPolicy determines whether a VolumeSnapshotContent created through\nthe VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted.\nRequired.", + "enum": [ + "Delete", + "Retain" + ], + "type": "string" + }, + "driver": { + "description": "driver is the name of the storage driver that handles this VolumeSnapshotClass.\nRequired.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "parameters": { + "additionalProperties": { + "type": "string" + }, + "description": "parameters is a key-value map with storage driver specific parameters for creating snapshots.\nThese values are opaque to Kubernetes.", + "type": "object" + } + }, + "required": [ + "deletionPolicy", + "driver" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshotClass", + "version": "v1" + } + ] + }, + "snapshot.storage.k8s.io/v1/VolumeSnapshotClassList": { + "description": "VolumeSnapshotClassList is a list of VolumeSnapshotClass", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of volumesnapshotclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshotClass" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshotClassList", + "version": "v1" + } + ] + }, + "snapshot.storage.k8s.io/v1/VolumeSnapshotContent": { + "description": "VolumeSnapshotContent represents the actual \"on-disk\" snapshot object in the\nunderlying storage system", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "spec defines properties of a VolumeSnapshotContent created by the underlying storage system.\nRequired.", + "properties": { + "deletionPolicy": { + "description": "deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on\nthe underlying storage system should be deleted when its bound VolumeSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted.\nFor dynamically provisioned snapshots, this field will automatically be filled in by the\nCSI snapshotter sidecar with the \"DeletionPolicy\" field defined in the corresponding\nVolumeSnapshotClass.\nFor pre-existing snapshots, users MUST specify this field when creating the\n VolumeSnapshotContent object.\nRequired.", + "enum": [ + "Delete", + "Retain" + ], "type": "string" }, - "storage": { - "description": "Storage defines the storage configuration.", + "driver": { + "description": "driver is the name of the CSI driver used to create the physical snapshot on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired.", + "type": "string" + }, + "source": { + "description": "source specifies whether the snapshot is (or should be) dynamically provisioned\nor already exists, and just requires a Kubernetes object representation.\nThis field is immutable after creation.\nRequired.", "properties": { - "traces": { - "description": "Traces defines the storage configuration for traces.", - "properties": { - "azure": { - "description": "Azure defines the configuration for Azure Storage.", - "properties": { - "secret": { - "description": "Secret is the name of a Secret containing credentials for accessing object storage.\nIt needs to be in the same namespace as the TempoMonolithic custom resource.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "secret" - ], - "type": "object" - }, - "backend": { - "default": "memory", - "description": "Backend defines the backend for storing traces.\nDefault: memory.", - "enum": [ - "memory", - "pv", - "azure", - "gcs", - "s3" - ], - "type": "string" - }, - "gcs": { - "description": "GCP defines the configuration for Google Cloud Storage.", - "properties": { - "secret": { - "description": "Secret is the name of a Secret containing credentials for accessing object storage.\nIt needs to be in the same namespace as the TempoMonolithic custom resource.", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "secret" - ], - "type": "object" - }, - "s3": { - "description": "S3 defines the configuration for Amazon S3.", - "properties": { - "credentialMode": { - "description": "CredentialMode can be used to set the desired credential mode for authenticating with the object storage.\nIf this is not set, then the operator tries to infer the credential mode from the provided secret and its\nown configuration.", - "enum": [ - "static", - "token", - "token-cco" - ], - "type": "string" - }, - "secret": { - "description": "Secret is the name of a Secret containing credentials for accessing object storage.\nIt needs to be in the same namespace as the TempoMonolithic custom resource.", - "minLength": 1, - "type": "string" - }, - "tls": { - "description": "TLS defines the TLS configuration for Amazon S3.", - "properties": { - "caName": { - "description": "CA is the name of a ConfigMap containing a CA certificate (service-ca.crt).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "certName": { - "description": "Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "enabled": { - "description": "Enabled defines if TLS is enabled.", - "type": "boolean" - }, - "minVersion": { - "description": "MinVersion defines the minimum acceptable TLS version.", - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "secret" - ], - "type": "object" - }, - "size": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "description": "Size defines the size of the volume where traces are stored.\nFor in-memory storage, this defines the size of the tmpfs volume.\nFor persistent volume storage, this defines the size of the persistent volume.\nFor object storage, this defines the size of the persistent volume containing the Write-Ahead Log (WAL) of Tempo.\nDefault: 2Gi for memory, 10Gi for all other backends.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "snapshotHandle": { + "description": "snapshotHandle specifies the CSI \"snapshot_id\" of a pre-existing snapshot on\nthe underlying storage system for which a Kubernetes object representation\nwas (or should be) created.\nThis field is immutable.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "snapshotHandle is immutable", + "rule": "self == oldSelf" } - }, - "required": [ - "backend" - ], - "type": "object" + ] + }, + "volumeHandle": { + "description": "volumeHandle specifies the CSI \"volume_id\" of the volume from which a snapshot\nshould be dynamically taken from.\nThis field is immutable.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "volumeHandle is immutable", + "rule": "self == oldSelf" + } + ] } }, - "required": [ - "traces" - ], - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "volumeHandle is required once set", + "rule": "!has(oldSelf.volumeHandle) || has(self.volumeHandle)" + }, + { + "message": "snapshotHandle is required once set", + "rule": "!has(oldSelf.snapshotHandle) || has(self.snapshotHandle)" + }, + { + "message": "exactly one of volumeHandle and snapshotHandle must be set", + "rule": "(has(self.volumeHandle) && !has(self.snapshotHandle)) || (!has(self.volumeHandle) && has(self.snapshotHandle))" + } + ] }, - "timeout": { - "description": "Timeout configures the same timeout on all components starting at ingress down to the ingestor/querier.\nTimeout configuration on a specific component has a higher precedence.\nDefault is 30 seconds.", + "sourceVolumeMode": { + "description": "SourceVolumeMode is the mode of the volume whose snapshot is taken.\nCan be either \u201cFilesystem\u201d or \u201cBlock\u201d.\nIf not specified, it indicates the source volume's mode is unknown.\nThis field is immutable.\nThis field is an alpha field.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "sourceVolumeMode is immutable", + "rule": "self == oldSelf" + } + ] + }, + "volumeSnapshotClassName": { + "description": "name of the VolumeSnapshotClass from which this snapshot was (or will be)\ncreated.\nNote that after provisioning, the VolumeSnapshotClass may be deleted or\nrecreated with different set of values, and as such, should not be referenced\npost-snapshot creation.", "type": "string" }, - "tolerations": { - "description": "Tolerations defines the tolerations of a node to schedule the pod onto it.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } + "volumeSnapshotRef": { + "description": "volumeSnapshotRef specifies the VolumeSnapshot object to which this\nVolumeSnapshotContent object is bound.\nVolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to\nthis VolumeSnapshotContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeSnapshotContent object, name and namespace of the\nVolumeSnapshot object MUST be provided for binding to happen.\nThis field is immutable after creation.\nRequired.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" }, - "type": "object" + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } }, - "type": "array" + "type": "object", + "x-kubernetes-map-type": "atomic", + "x-kubernetes-validations": [ + { + "message": "both spec.volumeSnapshotRef.name and spec.volumeSnapshotRef.namespace must be set", + "rule": "has(self.name) && has(self.__namespace__)" + } + ] } }, - "type": "object" + "required": [ + "deletionPolicy", + "driver", + "source", + "volumeSnapshotRef" + ], + "type": "object", + "x-kubernetes-validations": [ + { + "message": "sourceVolumeMode is required once set", + "rule": "!has(oldSelf.sourceVolumeMode) || has(self.sourceVolumeMode)" + } + ] }, "status": { - "description": "TempoMonolithicStatus defines the observed state of TempoMonolithic.", + "description": "status represents the current information of a snapshot.", "properties": { - "components": { - "description": "Components provides summary of all Tempo pod status, grouped per component.", + "creationTime": { + "description": "creationTime is the timestamp when the point-in-time snapshot is taken\nby the underlying storage system.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"creation_time\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"creation_time\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nIf not specified, it indicates the creation time is unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command `date +%s%N` returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.", + "format": "int64", + "type": "integer" + }, + "error": { + "description": "error is the last observed error during snapshot creation, if any.\nUpon success after retry, this error field will be cleared.", "properties": { - "tempo": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Tempo is a map of the pod status of the Tempo pods.", - "type": "object" + "message": { + "description": "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation.", + "type": "string" + }, + "time": { + "description": "time is the timestamp when the error was encountered.", + "format": "date-time", + "type": "string" } }, "type": "object" }, - "conditions": { - "description": "Conditions of the Tempo deployment health.", - "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, - "type": "string" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], - "type": "string" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" - } - }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "readyToUse": { + "description": "readyToUse indicates if a snapshot is ready to be used to restore a volume.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"ready_to_use\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"ready_to_use\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it,\notherwise, this field will be set to \"True\".\nIf not specified, it means the readiness of a snapshot is unknown.", + "type": "boolean" }, - "operatorVersion": { - "description": "Version of the Tempo Operator.", + "restoreSize": { + "description": "restoreSize represents the complete size of the snapshot in bytes.\nIn dynamic snapshot creation case, this field will be filled in by the\nCSI snapshotter sidecar with the \"size_bytes\" value returned from CSI\n\"CreateSnapshot\" gRPC call.\nFor a pre-existing snapshot, this field will be filled with the \"size_bytes\"\nvalue returned from the CSI \"ListSnapshots\" gRPC call if the driver supports it.\nWhen restoring a volume from this snapshot, the size of the volume MUST NOT\nbe smaller than the restoreSize if it is specified, otherwise the restoration will fail.\nIf not specified, it indicates that the size is unknown.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "snapshotHandle": { + "description": "snapshotHandle is the CSI \"snapshot_id\" of a snapshot on the underlying storage system.\nIf not specified, it indicates that dynamic snapshot creation has either failed\nor it is still in progress.", "type": "string" }, - "tempoVersion": { - "description": "Version of the managed Tempo instance.", + "volumeGroupSnapshotHandle": { + "description": "VolumeGroupSnapshotHandle is the CSI \"group_snapshot_id\" of a group snapshot\non the underlying storage system.", "type": "string" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "tempo.grafana.com", - "kind": "TempoMonolithic", - "version": "v1alpha1" + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshotContent", + "version": "v1" } ] }, - "tempo.grafana.com/v1alpha1/TempoMonolithicList": { - "description": "TempoMonolithicList is a list of TempoMonolithic", + "snapshot.storage.k8s.io/v1/VolumeSnapshotContentList": { + "description": "VolumeSnapshotContentList is a list of VolumeSnapshotContent", "namespaced": true, "properties": { "apiVersion": { @@ -325449,9 +284503,9 @@ "type": "string" }, "items": { - "description": "List of tempomonolithics. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of volumesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/com.grafana.tempo.v1alpha1.TempoMonolithic" + "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshotContent" }, "type": "array" }, @@ -325474,14 +284528,54 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "tempo.grafana.com", - "kind": "TempoMonolithicList", - "version": "v1alpha1" + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshotContentList", + "version": "v1" + } + ] + }, + "snapshot.storage.k8s.io/v1/VolumeSnapshotList": { + "description": "VolumeSnapshotList is a list of VolumeSnapshot", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of volumesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.k8s.storage.snapshot.v1.VolumeSnapshot" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "snapshot.storage.k8s.io", + "kind": "VolumeSnapshotList", + "version": "v1" } ] }, - "tempo.grafana.com/v1alpha1/TempoStack": { - "description": "TempoStack manages a Tempo deployment in microservices mode.", + "ssp.kubevirt.io/v1beta2/SSP": { + "description": "SSP is the Schema for the ssps API", "namespaced": true, "properties": { "apiVersion": { @@ -325501,1591 +284595,1624 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "TempoStackSpec defines the desired state of TempoStack.", + "description": "SSPSpec defines the desired state of SSP", "properties": { - "extraConfig": { - "description": "ExtraConfigSpec defines extra configurations for tempo that will be merged with the operator generated, configurations defined here\nhas precedence and could override generated config.", - "properties": { - "tempo": { - "description": "Tempo defines any extra Tempo configuration, which will be merged with the operator's generated Tempo configuration", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "type": "object" - }, - "hashRing": { - "description": "HashRing defines the spec for the distributed hash ring configuration.", - "properties": { - "memberlist": { - "description": "MemberList configuration spec", - "properties": { - "enableIPv6": { - "description": "EnableIPv6 enables IPv6 support for the memberlist based hash ring.", - "type": "boolean" - }, - "instanceAddrType": { - "description": "InstanceAddrType defines the type of address to use to advertise to the ring.\nDefaults to the first address from any private network interfaces of the current pod.\nAlternatively the public pod IP can be used in case private networks (RFC 1918 and RFC 6598)\nare not available.", - "enum": [ - "default", - "podIP" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "images": { - "description": "Images defines the image for each container.", + "commonInstancetypes": { + "description": "CommonInstancetypes is ignored.\nDeprecated: This field is ignored.", "properties": { - "jaegerQuery": { - "description": "JaegerQuery defines the tempo-query container image.", - "type": "string" - }, - "oauthProxy": { - "description": "OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant.", - "type": "string" - }, - "tempo": { - "description": "Tempo defines the tempo container image.", - "type": "string" - }, - "tempoGateway": { - "description": "TempoGateway defines the tempo-gateway container image.", - "type": "string" - }, - "tempoGatewayOpa": { - "description": "TempoGatewayOpa defines the OPA sidecar container for TempoGateway.", - "type": "string" - }, - "tempoQuery": { - "description": "TempoQuery defines the tempo-query container image.", + "url": { + "description": "URL of a remote Kustomize target from which to generate and deploy resources.\n\nThe following caveats apply to the provided URL:\n\n* Only 'https://' and 'git://' URLs are supported.\n\n* The URL must include '?ref=$ref' or '?version=$ref' pinning it to a specific\n reference. It is recommended that the reference be a specific commit or tag\n to ensure the generated contents does not change over time. As such it is\n recommended not to use branches as the ref for the time being.\n\n* Only VirtualMachineClusterPreference and VirtualMachineClusterInstancetype\n resources generated from the URL are deployed by the operand.\n\nSee the following Kustomize documentation for more details:\n\nremote targets\nhttps://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md", "type": "string" } }, "type": "object" }, - "limits": { - "description": "LimitSpec is used to limit ingestion and querying rates.", + "commonTemplates": { + "description": "CommonTemplates is the configuration of the common templates operand", "properties": { - "global": { - "description": "Global is used to define global rate limits.", - "properties": { - "ingestion": { - "description": "Ingestion is used to define ingestion rate limits.", - "properties": { - "ingestionBurstSizeBytes": { - "description": "IngestionBurstSizeBytes defines the burst size (bytes) used in ingestion.", - "type": "integer" - }, - "ingestionRateLimitBytes": { - "description": "IngestionRateLimitBytes defines the Per-user ingestion rate limit (bytes) used in ingestion.", - "type": "integer" - }, - "maxBytesPerTrace": { - "description": "MaxBytesPerTrace defines the maximum number of bytes of an acceptable trace.", - "type": "integer" - }, - "maxTracesPerUser": { - "description": "MaxTracesPerUser defines the maximum number of traces a user can send.", - "type": "integer" - } - }, - "type": "object" - }, - "query": { - "description": "Query is used to define query rate limits.", - "properties": { - "maxBytesPerTagValues": { - "description": "MaxBytesPerTagValues defines the maximum size in bytes of a tag-values query.", - "type": "integer" - }, - "maxSearchBytesPerTrace": { - "description": "DEPRECATED. MaxSearchBytesPerTrace defines the maximum size of search data for a single\ntrace in bytes.\ndefault: `0` to disable.", - "type": "integer" - }, - "maxSearchDuration": { - "description": "MaxSearchDuration defines the maximum allowed time range for a search.\nIf this value is not set, then spec.search.maxDuration is used.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "perTenant": { - "additionalProperties": { - "description": "RateLimitSpec defines rate limits for Ingestion and Query components.", + "dataImportCronTemplates": { + "description": "DataImportCronTemplates defines a list of DataImportCrons managed by the SSP\nOperator. This is intended for images used by CommonTemplates.", + "items": { + "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", "properties": { - "ingestion": { - "description": "Ingestion is used to define ingestion rate limits.", + "metadata": { "properties": { - "ingestionBurstSizeBytes": { - "description": "IngestionBurstSizeBytes defines the burst size (bytes) used in ingestion.", - "type": "integer" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "ingestionRateLimitBytes": { - "description": "IngestionRateLimitBytes defines the Per-user ingestion rate limit (bytes) used in ingestion.", - "type": "integer" + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" }, - "maxBytesPerTrace": { - "description": "MaxBytesPerTrace defines the maximum number of bytes of an acceptable trace.", - "type": "integer" + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" }, - "maxTracesPerUser": { - "description": "MaxTracesPerUser defines the maximum number of traces a user can send.", - "type": "integer" + "name": { + "type": "string" + }, + "namespace": { + "type": "string" } }, "type": "object" }, - "query": { - "description": "Query is used to define query rate limits.", + "spec": { + "description": "DataImportCronSpec defines specification for DataImportCron", "properties": { - "maxBytesPerTagValues": { - "description": "MaxBytesPerTagValues defines the maximum size in bytes of a tag-values query.", - "type": "integer" + "garbageCollect": { + "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", + "type": "string" }, - "maxSearchBytesPerTrace": { - "description": "DEPRECATED. MaxSearchBytesPerTrace defines the maximum size of search data for a single\ntrace in bytes.\ndefault: `0` to disable.", + "importsToKeep": { + "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", + "format": "int32", "type": "integer" }, - "maxSearchDuration": { - "description": "MaxSearchDuration defines the maximum allowed time range for a search.\nIf this value is not set, then spec.search.maxDuration is used.", + "managedDataSource": { + "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "description": "PerTenant is used to define rate limits per tenant.", - "type": "object" - } - }, - "type": "object" - }, - "managementState": { - "default": "Managed", - "description": "ManagementState defines if the CR should be managed by the operator or not.\nDefault is managed.", - "enum": [ - "Managed", - "Unmanaged" - ], - "type": "string" - }, - "observability": { - "description": "ObservabilitySpec defines how telemetry data gets handled.", - "properties": { - "grafana": { - "description": "Grafana defines the Grafana configuration for operands.", - "properties": { - "createDatasource": { - "description": "CreateDatasource specifies if a Grafana Datasource should be created for Tempo.", - "type": "boolean" - }, - "instanceSelector": { - "description": "InstanceSelector specifies the Grafana instance where the datasource should be created.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + }, + "retentionPolicy": { + "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", + "type": "string" + }, + "schedule": { + "description": "Schedule specifies in cron format when and how often to look for new imports", + "type": "string" + }, + "template": { + "description": "Template specifies template for the DVs to be created", "properties": { - "key": { - "description": "key is the label key that the selector applies to.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "metrics": { - "description": "Metrics defines the metrics configuration for operands.", - "properties": { - "createPrometheusRules": { - "description": "CreatePrometheusRules specifies if Prometheus rules for alerts should be created for Tempo components.", - "type": "boolean" - }, - "createServiceMonitors": { - "description": "CreateServiceMonitors specifies if ServiceMonitors should be created for Tempo components.", - "type": "boolean" - } - }, - "type": "object" - }, - "tracing": { - "description": "Tracing defines a config for operands.", - "properties": { - "jaeger_agent_endpoint": { - "default": "localhost:6831", - "description": "JaegerAgentEndpoint defines the jaeger endpoint data gets send to.\nDeprecated: in favor of OTLPHttpEndpoint.", - "type": "string" - }, - "otlp_http_endpoint": { - "default": "http://localhost:4320", - "description": "OTLPHttpEndpoint defines the OTLP/http endpoint data gets send to.\nFor example, \"http://localhost:4320\".\nThe default OTLP/http port 4318 collides with the distributor ports, therefore it is recommended to use a different port\non the sidecar injected to the Tempo (e.g. 4320).", - "type": "string" - }, - "sampling_fraction": { - "description": "SamplingFraction defines the sampling ratio. Valid values are 0 to 1.\nThe SamplingFraction has to be defined to enable tracing.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "replicationFactor": { - "description": "The replication factor is a configuration setting that determines how many ingesters need to acknowledge the data from the distributors before accepting a span.", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources configuration.", - "properties": { - "total": { - "description": "The total amount of resources for Tempo instance.\nThe operator autonomously splits resources between deployed Tempo components.\nOnly limits are supported, the operator calculates requests automatically.\nSee http://github.com/grafana/tempo/issues/1540.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "type": "object" + }, + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } + }, + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "DataVolumeStatus contains the current status of the DataVolume", + "properties": { + "claimName": { + "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", + "type": "string" + }, + "conditions": { + "items": { + "description": "DataVolumeCondition represents the state of a data volume condition.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataVolumeConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "phase": { + "description": "Phase is the current phase of the data volume", + "type": "string" + }, + "progress": { + "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", + "type": "string" + }, + "restartCount": { + "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" } }, "required": [ - "name" + "managedDataSource", + "schedule", + "template" ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "retention": { - "description": "Retention period defined by dataset.\nUser can specify how long data should be stored.", - "properties": { - "global": { - "description": "Global is used to configure global retention.", - "properties": { - "traces": { - "description": "Traces defines retention period. Supported parameter suffixes are \"s\", \"m\" and \"h\".\nexample: 336h\ndefault: value is 48h.", - "type": "string" - } - }, - "type": "object" - }, - "perTenant": { - "additionalProperties": { - "description": "RetentionConfig defines how long data should be provided.", - "properties": { - "traces": { - "description": "Traces defines retention period. Supported parameter suffixes are \"s\", \"m\" and \"h\".\nexample: 336h\ndefault: value is 48h.", - "type": "string" } }, + "required": [ + "spec" + ], "type": "object" }, - "description": "PerTenant is used to configure retention per tenant.", - "type": "object" + "type": "array" + }, + "namespace": { + "description": "Namespace is the k8s namespace where CommonTemplates should be installed", + "maxLength": 63, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" } }, + "required": [ + "namespace" + ], "type": "object" }, - "search": { - "description": "SearchSpec control the configuration for the search capabilities.", + "featureGates": { + "description": "FeatureGates for SSP", "properties": { - "defaultResultLimit": { - "description": "Limit used for search requests if none is set by the caller (default: 20)", - "type": "integer" + "deployCommonInstancetypes": { + "description": "Deprecated: This field is ignored.", + "type": "boolean" }, - "maxDuration": { - "description": "The maximum allowed time range for a search, default: 0s which means unlimited.", - "type": "string" + "deployTektonTaskResources": { + "description": "Deprecated: This field is ignored.", + "type": "boolean" }, - "maxResultLimit": { - "description": "The maximum allowed value of the limit parameter on search requests. If the search request limit parameter\nexceeds the value configured here it will be set to the value configured here.\nThe default value of 0 disables this limit.", - "type": "integer" + "deployVmConsoleProxy": { + "description": "Deprecated: This field is ignored.", + "type": "boolean" } }, "type": "object" }, - "serviceAccount": { - "description": "ServiceAccount defines the service account to use for all tempo components.", - "type": "string" - }, - "storage": { - "description": "Storage defines the spec for the object storage endpoint to store traces.\nUser is required to create secret and supply it.", + "tektonPipelines": { + "description": "TektonPipelines is the configuration of the tekton-pipelines operand\nDeprecated: This field is ignored.", "properties": { - "secret": { - "description": "Secret for object storage authentication.\nName of a secret in the same namespace as the TempoStack custom resource.", - "properties": { - "credentialMode": { - "description": "CredentialMode can be used to set the desired credential mode for authenticating with the object storage.\nIf this is not set, then the operator tries to infer the credential mode from the provided secret and its\nown configuration.", - "enum": [ - "static", - "token", - "token-cco" - ], - "type": "string" - }, - "name": { - "description": "Name of a secret in the namespace configured for object storage secrets.", - "minLength": 1, - "type": "string" - }, - "type": { - "description": "Type of object storage that should be used", - "enum": [ - "azure", - "gcs", - "s3" - ], - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "tls": { - "description": "TLS configuration for reaching the object storage endpoint.", - "properties": { - "caName": { - "description": "CA is the name of a ConfigMap containing a CA certificate (service-ca.crt).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "certName": { - "description": "Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "enabled": { - "description": "Enabled defines if TLS is enabled.", - "type": "boolean" - }, - "minVersion": { - "description": "MinVersion defines the minimum acceptable TLS version.", - "type": "string" - } - }, - "type": "object" + "namespace": { + "type": "string" } }, - "required": [ - "secret" - ], "type": "object" }, - "storageClassName": { - "description": "StorageClassName for PVCs used by ingester. Defaults to nil (default storage class in the cluster).", - "type": "string" - }, - "storageSize": { - "anyOf": [ - { - "type": "integer" - }, - { + "tektonTasks": { + "description": "TektonTasks is the configuration of the tekton-tasks operand\nDeprecated: This field is ignored.", + "properties": { + "namespace": { "type": "string" } - ], - "default": "10Gi", - "description": "StorageSize for PVCs used by ingester. Defaults to 10Gi.", - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object" }, - "template": { - "description": "Template defines requirements for a set of tempo components.", + "templateValidator": { + "description": "TemplateValidator is configuration of the template validator operand", "properties": { - "compactor": { - "description": "Compactor defines the tempo compactor component spec.", - "properties": { - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" - }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "distributor": { - "description": "Distributor defines the distributor component spec.", + "placement": { + "description": "Placement describes the node scheduling configuration", "properties": { - "component": { - "description": "TempoComponentSpec is embedded to extend this definition with further options.\n\nCurrently, there is no way to inline this field.\nSee: https://github.com/golang/go/issues/6213", + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", "properties": { - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" - }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "Sysctl defines a kernel parameter to be set", + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value of a property to set", - "type": "string" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name", - "value" + "preference", + "weight" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name" + "podAffinityTerm", + "weight" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "tls": { - "description": "TLS defines TLS configuration for distributor receivers\n\nIf openshift feature flag `servingCertsService` is enabled and TLS is enabled but no\ncertName or caName is specified, OpenShift service serving certificates will be used.", - "properties": { - "caName": { - "description": "CA is the name of a ConfigMap containing a CA certificate (service-ca.crt).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "certName": { - "description": "Cert is the name of a Secret containing a certificate (tls.crt) and private key (tls.key).\nIt needs to be in the same namespace as the Tempo custom resource.", - "type": "string" - }, - "enabled": { - "description": "Enabled defines if TLS is enabled.", - "type": "boolean" - }, - "minVersion": { - "description": "MinVersion defines the minimum acceptable TLS version.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "gateway": { - "description": "Gateway defines the tempo gateway spec.", - "properties": { - "component": { - "description": "TempoComponentSpec is embedded to extend this definition with further options.\n\nCurrently there is no way to inline this field.\nSee: https://github.com/golang/go/issues/6213", - "properties": { - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" - }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", "x-kubernetes-list-type": "atomic" }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "Sysctl defines a kernel parameter to be set", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value of a property to set", + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "name", - "value" + "topologyKey" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" } }, "type": "object" }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name" + "podAffinityTerm", + "weight" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } + }, + "required": [ + "topologyKey" ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "type": "object" }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "ingress": { - "description": "Ingress defines gateway Ingress options.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations defines the annotations of the Ingress object.", - "type": "object" - }, - "host": { - "description": "Host defines the hostname of the Ingress object.", - "type": "string" - }, - "ingressClassName": { - "description": "IngressClassName defines the name of an IngressClass cluster resource.\nDefines which ingress controller serves this ingress resource.", - "type": "string" - }, - "route": { - "description": "Route defines the options for the OpenShift route.", - "properties": { - "termination": { - "description": "Termination defines the termination type.\nThe default is \"edge\".", - "enum": [ - "insecure", - "edge", - "passthrough", - "reencrypt" - ], - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" - }, - "type": { - "description": "Type defines the type of Ingress for the Jaeger Query UI.\nCurrently ingress, route and none are supported.", - "enum": [ - "ingress", - "route", - "" - ], - "type": "string" } }, "type": "object" }, - "rbac": { - "description": "RBAC defines query RBAC options.", - "properties": { - "enabled": { - "description": "Enabled defines if the query RBAC should be enabled.", - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "ingester": { - "description": "Ingester defines the ingester component spec.", - "properties": { "nodeSelector": { "additionalProperties": { "type": "string" }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" - }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", "type": "object" }, "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", "items": { "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { @@ -327113,978 +286240,1851 @@ }, "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" + "type": "array" } }, "type": "object" }, - "querier": { - "description": "Querier defines the querier component spec.", + "replicas": { + "default": 2, + "description": "Replicas is the number of replicas of the template validator pod", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "tlsSecurityProfile": { + "description": "TLSSecurityProfile is a configuration for the TLS.", + "properties": { + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, "properties": { - "nodeSelector": { - "additionalProperties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { "type": "string" }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "description": "Sysctl defines a kernel parameter to be set", - "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" - }, - "value": { - "description": "Value of a property to set", - "type": "string" - } + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], + "type": "string" + } + }, + "type": "object" + }, + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, + "type": "object" + }, + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, + "type": "object" + }, + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, + "type": "object" + }, + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" + } + }, + "type": "object" + }, + "tokenGenerationService": { + "description": "TokenGenerationService configures the service for generating tokens to access VNC for a VM.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "commonTemplates" + ], + "type": "object" + }, + "status": { + "description": "SSPStatus defines the observed state of SSP", + "properties": { + "conditions": { + "description": "A list of current conditions of the resource", + "items": { + "description": "Condition represents the state of the operator's\nreconciliation functionality.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "ConditionType is the state of the operator's reconciliation functionality.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the latest generation observed by the operator.", + "format": "int64", + "type": "integer" + }, + "observedVersion": { + "description": "The observed version of the resource", + "type": "string" + }, + "operatorVersion": { + "description": "The version of the resource as defined by the operator", + "type": "string" + }, + "paused": { + "description": "Paused is true when the operator notices paused annotation.", + "type": "boolean" + }, + "phase": { + "description": "Phase is the current phase of the deployment", + "type": "string" + }, + "targetVersion": { + "description": "The desired version of the resource", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ssp.kubevirt.io", + "kind": "SSP", + "version": "v1beta2" + } + ] + }, + "ssp.kubevirt.io/v1beta2/SSPList": { + "description": "SSPList is a list of SSP", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ssps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.kubevirt.ssp.v1beta2.SSP" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "ssp.kubevirt.io", + "kind": "SSPList", + "version": "v1beta2" + } + ] + }, + "ssp.kubevirt.io/v1beta3/SSP": { + "description": "SSP is the Schema for the ssps API", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "SSPSpec defines the desired state of SSP", + "properties": { + "cluster": { + "description": "Cluster specifies what node architectures are present in the cluster.", + "properties": { + "controlPlaneArchitectures": { + "description": "ControlPlaneArchitectures is a list of control plane architectures supported by the cluster", + "items": { + "type": "string" + }, + "type": "array" + }, + "workloadArchitectures": { + "description": "WorkloadArchitectures is a list of workload architectures supported by the cluster", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "commonTemplates": { + "description": "CommonTemplates is the configuration of the common templates operand", + "properties": { + "dataImportCronTemplates": { + "description": "DataImportCronTemplates defines a list of DataImportCrons managed by the SSP Operator.", + "items": { + "description": "DataImportCronTemplate defines the template type for DataImportCrons.\nIt requires metadata.name to be specified while leaving namespace as optional.", + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" }, - "required": [ - "name", - "value" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", - "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "finalizers": { + "items": { "type": "string" }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" - } + "type": "array" }, - "type": "object" - } - }, - "type": "object" - }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" - }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" - } + "labels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "name" - ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "name": { + "type": "string" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "namespace": { + "type": "string" + } }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "type": "object" }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "spec": { + "description": "DataImportCronSpec defines specification for DataImportCron", "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "garbageCollect": { + "description": "GarbageCollect specifies whether old PVCs should be cleaned up after a new PVC is imported.\nOptions are currently \"Outdated\" and \"Never\", defaults to \"Outdated\".", "type": "string" }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" + "importsToKeep": { + "description": "Number of import PVCs to keep when garbage collecting. Default is 3.", + "format": "int32", + "type": "integer" }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "managedDataSource": { + "description": "ManagedDataSource specifies the name of the corresponding DataSource this cron will manage.\nDataSource has to be in the same namespace.", "type": "string" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" + "retentionPolicy": { + "description": "RetentionPolicy specifies whether the created DataVolumes and DataSources are retained when their DataImportCron is deleted. Default is RatainAll.", + "type": "string" }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "schedule": { + "description": "Schedule specifies in cron format when and how often to look for new imports", "type": "string" + }, + "template": { + "description": "Template specifies template for the DVs to be created", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "description": "DataVolumeSpec defines the DataVolume type specification", + "properties": { + "checkpoints": { + "description": "Checkpoints is a list of DataVolumeCheckpoints, representing stages in a multistage import.", + "items": { + "description": "DataVolumeCheckpoint defines a stage in a warm migration.", + "properties": { + "current": { + "description": "Current is the identifier of the snapshot created for this checkpoint.", + "type": "string" + }, + "previous": { + "description": "Previous is the identifier of the snapshot from the previous checkpoint.", + "type": "string" + } + }, + "required": [ + "current", + "previous" + ], + "type": "object" + }, + "type": "array" + }, + "contentType": { + "description": "DataVolumeContentType options: \"kubevirt\", \"archive\"", + "enum": [ + "kubevirt", + "archive" + ], + "type": "string" + }, + "finalCheckpoint": { + "description": "FinalCheckpoint indicates whether the current DataVolumeCheckpoint is the final checkpoint.", + "type": "boolean" + }, + "preallocation": { + "description": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", + "type": "boolean" + }, + "priorityClassName": { + "description": "PriorityClassName for Importer, Cloner and Uploader pod", + "type": "string" + }, + "pvc": { + "description": "PVC is the PVC specification", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "source": { + "description": "Source is the src of the data for the requested DataVolume", + "properties": { + "blank": { + "description": "DataVolumeBlankImage provides the parameters to create a new raw blank image for the PVC", + "type": "object" + }, + "gcs": { + "description": "DataVolumeSourceGCS provides the parameters to create a Data Volume from an GCS source", + "properties": { + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the GCS source", + "type": "string" + }, + "url": { + "description": "URL is the url of the GCS source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "http": { + "description": "DataVolumeSourceHTTP can be either an http or https endpoint, with an optional basic auth user name and password, and an optional configmap containing additional CAs", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "extraHeaders": { + "description": "ExtraHeaders is a list of strings containing extra headers to include with HTTP transfer requests", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretExtraHeaders": { + "description": "SecretExtraHeaders is a list of Secret references, each containing an extra HTTP header that may include sensitive information", + "items": { + "type": "string" + }, + "type": "array" + }, + "secretRef": { + "description": "SecretRef A Secret reference, the secret should contain accessKeyId (user name) base64 encoded, and secretKey (password) also base64 encoded", + "type": "string" + }, + "url": { + "description": "URL is the URL of the http(s) endpoint", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "imageio": { + "description": "DataVolumeSourceImageIO provides the parameters to create a Data Volume from an imageio source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the CA cert", + "type": "string" + }, + "diskId": { + "description": "DiskID provides id of a disk to be imported", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the ovirt-engine", + "type": "string" + }, + "url": { + "description": "URL is the URL of the ovirt-engine", + "type": "string" + } + }, + "required": [ + "diskId", + "url" + ], + "type": "object" + }, + "pvc": { + "description": "DataVolumeSourcePVC provides the parameters to create a Data Volume from an existing PVC", + "properties": { + "name": { + "description": "The name of the source PVC", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source PVC", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "registry": { + "description": "DataVolumeSourceRegistry provides the parameters to create a Data Volume from an registry source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap provides a reference to the Registry certs", + "type": "string" + }, + "imageStream": { + "description": "ImageStream is the name of image stream for import", + "type": "string" + }, + "platform": { + "description": "Platform describes the minimum runtime requirements of the image", + "properties": { + "architecture": { + "description": "Architecture specifies the image target CPU architecture", + "type": "string" + } + }, + "type": "object" + }, + "pullMethod": { + "description": "PullMethod can be either \"pod\" (default import), or \"node\" (node docker cache based import)", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the Registry source", + "type": "string" + }, + "url": { + "description": "URL is the url of the registry source (starting with the scheme: docker, oci-archive)", + "type": "string" + } + }, + "type": "object" + }, + "s3": { + "description": "DataVolumeSourceS3 provides the parameters to create a Data Volume from an S3 source", + "properties": { + "certConfigMap": { + "description": "CertConfigMap is a configmap reference, containing a Certificate Authority(CA) public key, and a base64 encoded pem certificate", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides the secret reference needed to access the S3 source", + "type": "string" + }, + "url": { + "description": "URL is the url of the S3 source", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "snapshot": { + "description": "DataVolumeSourceSnapshot provides the parameters to create a Data Volume from an existing VolumeSnapshot", + "properties": { + "name": { + "description": "The name of the source VolumeSnapshot", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source VolumeSnapshot", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "upload": { + "description": "DataVolumeSourceUpload provides the parameters to create a Data Volume by uploading the source", + "type": "object" + }, + "vddk": { + "description": "DataVolumeSourceVDDK provides the parameters to create a Data Volume from a Vmware source", + "properties": { + "backingFile": { + "description": "BackingFile is the path to the virtual hard disk to migrate from vCenter/ESXi", + "type": "string" + }, + "extraArgs": { + "description": "ExtraArgs is a reference to a ConfigMap containing extra arguments to pass directly to the VDDK library", + "type": "string" + }, + "initImageURL": { + "description": "InitImageURL is an optional URL to an image containing an extracted VDDK library, overrides v2v-vmware config map", + "type": "string" + }, + "secretRef": { + "description": "SecretRef provides a reference to a secret containing the username and password needed to access the vCenter or ESXi host", + "type": "string" + }, + "thumbprint": { + "description": "Thumbprint is the certificate thumbprint of the vCenter or ESXi host", + "type": "string" + }, + "url": { + "description": "URL is the URL of the vCenter or ESXi host with the VM to migrate", + "type": "string" + }, + "uuid": { + "description": "UUID is the UUID of the virtual machine that the backing file is attached to in vCenter/ESXi", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sourceRef": { + "description": "SourceRef is an indirect reference to the source of data for the requested DataVolume", + "properties": { + "kind": { + "description": "The kind of the source reference, currently only \"DataSource\" is supported", + "type": "string" + }, + "name": { + "description": "The name of the source reference", + "type": "string" + }, + "namespace": { + "description": "The namespace of the source reference, defaults to the DataVolume namespace", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storage": { + "description": "Storage is the requested storage specification", + "properties": { + "accessModes": { + "description": "AccessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "description": "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.\nIf the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner.\nThis field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty.\nThere are two important differences between DataSource and DataSourceRef:\n* While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.\n* While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "description": "Resources represents the minimum resources the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "description": "A label query over volumes to consider for binding.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "description": "Name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "VolumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "status": { + "description": "DataVolumeStatus contains the current status of the DataVolume", + "properties": { + "claimName": { + "description": "ClaimName is the name of the underlying PVC used by the DataVolume.", + "type": "string" + }, + "conditions": { + "items": { + "description": "DataVolumeCondition represents the state of a data volume condition.", + "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "DataVolumeConditionType is the string representation of known condition types", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "phase": { + "description": "Phase is the current phase of the data volume", + "type": "string" + }, + "progress": { + "description": "DataVolumeProgress is the current progress of the DataVolume transfer operation. Value between 0 and 100 inclusive, N/A if not available", + "type": "string" + }, + "restartCount": { + "description": "RestartCount is the number of times the pod populating the DataVolume has restarted", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" } }, + "required": [ + "managedDataSource", + "schedule", + "template" + ], "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } + } + }, + "required": [ + "spec" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "queryFrontend": { - "description": "TempoQueryFrontendSpec defines the query frontend spec.", + "namespace": { + "description": "Namespace is the k8s namespace where CommonTemplates should be installed", + "maxLength": 63, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "enableMultipleArchitectures": { + "description": "EnableMultipleArchitectures enables deployment of common Templates,\nDataSources and DataImportCrons for multiple node architectures.", + "type": "boolean" + }, + "templateValidator": { + "description": "TemplateValidator is configuration of the template validator operand", + "properties": { + "placement": { + "description": "Placement describes the node scheduling configuration", "properties": { - "component": { - "description": "TempoComponentSpec is embedded to extend this definition with further options.\n\nCurrently there is no way to inline this field.\nSee: https://github.com/golang/go/issues/6213", + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", "properties": { - "nodeSelector": { - "additionalProperties": { - "type": "string" - }, - "description": "NodeSelector defines the simple form of the node-selection constraint.", - "type": "object" - }, - "podSecurityContext": { - "description": "PodSecurityContext defines security context will be applied to all pods of this component.", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", - "type": "string" - }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", - "format": "int64", - "type": "integer" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" - }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" - } - }, - "type": "object" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", - "items": { - "format": "int64", - "type": "integer" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "Sysctl defines a kernel parameter to be set", + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { - "name": { - "description": "Name of a property to set", - "type": "string" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "value": { - "description": "Value of a property to set", - "type": "string" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name", - "value" + "preference", + "weight" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" - }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" - }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" - }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" }, - "replicas": { - "description": "Replicas defines the number of replicas to be created for this component.", - "format": "int32", - "type": "integer" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" } }, "required": [ - "name" + "podAffinityTerm", + "weight" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "tolerations": { - "description": "Tolerations defines component-specific pod tolerations.", - "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", - "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", - "type": "string" - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", - "type": "string" - }, - "operator": { - "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", - "type": "string" - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", - "format": "int64", - "type": "integer" - }, - "value": { - "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "type": "object" - }, - "jaegerQuery": { - "description": "JaegerQuery defines options specific to the Jaeger Query component.", - "properties": { - "authentication": { - "description": "Authentication defines the options for the oauth proxy used to protect jaeger UI", - "properties": { - "enabled": { - "description": "Defines if the authentication will be enabled for jaeger UI.", - "type": "boolean" + "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Resources defines the compute resource requirements of the OAuth Proxy container.\nThe OAuth Proxy performs authentication and authorization of incoming requests to Jaeger UI when multi-tenancy is disabled.", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } }, - "required": [ - "name" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } - }, - "type": "object" - }, - "sar": { - "description": "SAR defines the SAR to be used in the oauth-proxy\ndefault is \"{\"namespace\": \"\", \"resource\": \"pods\", \"verb\": \"get\"}", - "type": "string" - } - }, - "type": "object" - }, - "enabled": { - "description": "Enabled defines if the Jaeger Query component should be created.", - "type": "boolean" - }, - "findTracesConcurrentRequests": { - "description": "FindTracesConcurrentRequests defines how many concurrent request a single trace search can submit (defaults querier.replicas*2).\nThe search for traces in Jaeger submits limit+1 requests. First requests finds trace IDs and then it fetches\nentire traces by ID. This property allows Jaeger to fetch traces in parallel.\nNote that by default a single Tempo querier can process 20 concurrent search jobs.\nIncreasing this property might require scaling up querier instances, especially on error \"job queue full\"\nSee also Tempo's extraConfig:\nquerier.max_concurrent_queries (20 default)\nquery_frontend.max_outstanding_per_tenant: (2000 default). Increase if the query-frontend returns 429", - "type": "integer" - }, - "ingress": { - "description": "Ingress defines the options for the Jaeger Query ingress.", - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations defines the annotations of the Ingress object.", - "type": "object" - }, - "host": { - "description": "Host defines the hostname of the Ingress object.", - "type": "string" - }, - "ingressClassName": { - "description": "IngressClassName defines the name of an IngressClass cluster resource.\nDefines which ingress controller serves this ingress resource.", - "type": "string" - }, - "route": { - "description": "Route defines the options for the OpenShift route.", - "properties": { - "termination": { - "description": "Termination defines the termination type.\nThe default is \"edge\".", - "enum": [ - "insecure", - "edge", - "passthrough", - "reencrypt" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "description": "Type defines the type of Ingress for the Jaeger Query UI.\nCurrently ingress, route and none are supported.", - "enum": [ - "ingress", - "route", - "" - ], - "type": "string" - } - }, - "type": "object" - }, - "monitorTab": { - "description": "MonitorTab defines the monitor tab configuration.", - "properties": { - "enabled": { - "description": "Enabled enables the monitor tab in the Jaeger console.\nThe PrometheusEndpoint must be configured to enable this feature.", - "type": "boolean" - }, - "prometheusEndpoint": { - "description": "PrometheusEndpoint defines the endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics.\nFor instance on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091", - "type": "string" - }, - "redMetricsNamespace": { - "description": "REDMetricsNamespace defines the a prefix used retrieve span rate, error, and duration (RED) metrics.", - "type": "string" - } - }, - "type": "object" - }, - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "name" + "topologyKey" ], "type": "object" }, "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true - }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, - "servicesQueryDuration": { - "description": "ServicesQueryDuration defines how long the services will be available in the services list", - "type": "string" - }, - "tempoQuery": { - "description": "TempoQuery defines options specific to the Tempoo Query component.", + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { - "resources": { - "description": "Resources defines resources for this component, this will override the calculated resources derived from total", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", - "items": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", - "type": "string" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "required": [ - "name" + "topologyKey" ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } }, - "limits": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - }, - "requests": { - "additionalProperties": { - "anyOf": [ - { - "type": "integer" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - { - "type": "string" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" } - ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "x-kubernetes-int-or-string": true + }, + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object" - } + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" }, - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" } }, "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "tenants": { - "description": "Tenants defines the per-tenant authentication and authorization spec.", - "properties": { - "authentication": { - "description": "Authentication defines the tempo-gateway component authentication configuration spec per tenant.", - "items": { - "description": "AuthenticationSpec defines the oidc configuration per tenant for tempo Gateway component.", - "properties": { - "oidc": { - "description": "OIDC defines the spec for the OIDC tenant's authentication.", - "properties": { - "groupClaim": { - "description": "Group claim field from ID Token", - "type": "string" - }, - "issuerURL": { - "description": "IssuerURL defines the URL for issuer.", - "type": "string" - }, - "redirectURL": { - "description": "RedirectURL defines the URL for redirect.", - "type": "string" - }, - "secret": { - "description": "Secret defines the spec for the clientID, clientSecret and issuerCAPath for tenant's authentication.", - "properties": { - "name": { - "description": "Name of a secret in the namespace configured for tenant secrets.", - "type": "string" - } - }, - "type": "object" - }, - "usernameClaim": { - "description": "User claim field from ID Token", - "type": "string" - } - }, - "type": "object" - }, - "tenantId": { - "description": "TenantID defines a universally unique identifier of the tenant.\nUnlike the tenantName, which must be unique at a given time, the tenantId must be unique over the entire lifetime of the Tempo deployment.\nTempo uses this ID to prefix objects in the object storage.", + }, + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "tenantName": { - "description": "TenantName defines a human readable, unique name of the tenant.\nThe value of this field must be specified in the X-Scope-OrgID header and in the resources field of a ClusterRole to identify the tenant.", - "type": "string" - } + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" }, - "required": [ - "tenantId", - "tenantName" - ], - "type": "object" - }, - "type": "array" - }, - "authorization": { - "description": "Authorization defines the tempo-gateway component authorization configuration spec per tenant.", - "properties": { - "roleBindings": { - "description": "RoleBindings defines configuration to bind a set of roles to a set of subjects.", + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", "items": { - "description": "RoleBindingsSpec binds a set of roles to a set of subjects.", + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { - "name": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, - "roles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subjects": { - "items": { - "description": "Subject represents a subject that has been bound to a role.", - "properties": { - "kind": { - "description": "SubjectKind is a kind of Tempo Gateway RBAC subject.", - "enum": [ - "user", - "group" - ], - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "kind", - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "name", - "roles", - "subjects" - ], - "type": "object" - }, - "type": "array" - }, - "roles": { - "description": "Roles defines a set of permissions to interact with a tenant.", - "items": { - "description": "RoleSpec describes a set of permissions to interact with a tenant.", - "properties": { - "name": { + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, - "permissions": { - "items": { - "description": "PermissionType is a Tempo Gateway RBAC permission.", - "enum": [ - "read", - "write" - ], - "type": "string" - }, - "type": "array" + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" }, - "resources": { - "items": { - "type": "string" - }, - "type": "array" + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" }, - "tenants": { - "items": { - "type": "string" - }, - "type": "array" + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" } }, - "required": [ - "name", - "permissions", - "resources", - "tenants" - ], "type": "object" }, "type": "array" @@ -328092,149 +288092,118 @@ }, "type": "object" }, - "mode": { - "default": "static", - "description": "Mode defines the multitenancy mode.", - "enum": [ - "static", - "openshift" - ], - "type": "string" + "replicas": { + "default": 2, + "description": "Replicas is the number of replicas of the template validator pod", + "format": "int32", + "minimum": 0, + "type": "integer" } }, - "required": [ - "mode" - ], "type": "object" }, - "timeout": { - "description": "Timeout configures the same timeout on all components starting at ingress down to the ingestor/querier.\nTimeout configuration on a specific component has a higher precedence.\nDefaults to 30 seconds.", - "type": "string" - } - }, - "required": [ - "managementState", - "storage" - ], - "type": "object" - }, - "status": { - "description": "TempoStackStatus defines the observed state of TempoStack.", - "properties": { - "components": { - "description": "Components provides summary of all Tempo pod status grouped\nper component.", + "tlsSecurityProfile": { + "description": "TLSSecurityProfile is a configuration for the TLS.", "properties": { - "compactor": { - "additionalProperties": { - "items": { - "type": "string" + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom\nprofile as invalid configurations can be catastrophic. An example custom profile\nlooks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", + "nullable": true, + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated\nduring the TLS handshake. Operators may remove entries their operands\ndo not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array" - }, - "description": "Compactor is a map to the pod status of the compactor pod.", - "type": "object" - }, - "distributor": { - "additionalProperties": { - "items": { + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol\nthat is negotiated during the TLS handshake. For example, to use TLS\nversions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "enum": [ + "VersionTLS10", + "VersionTLS11", + "VersionTLS12", + "VersionTLS13" + ], "type": "string" - }, - "type": "array" + } }, - "description": "Distributor is a map to the per pod status of the distributor deployment", "type": "object" }, - "gateway": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Gateway is a map to the per pod status of the query frontend deployment", + "intermediate": { + "description": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "nullable": true, "type": "object" }, - "ingester": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Ingester is a map to the per pod status of the ingester statefulset", + "modern": { + "description": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "nullable": true, "type": "object" }, - "querier": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "Querier is a map to the per pod status of the querier deployment", + "old": { + "description": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "nullable": true, "type": "object" }, - "queryFrontend": { - "additionalProperties": { - "items": { - "type": "string" - }, - "type": "array" - }, - "description": "QueryFrontend is a map to the per pod status of the query frontend deployment", - "type": "object" + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides\nthe ability to specify individual TLS security profile parameters.\nOld, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers\nare found to be insecure. Depending on precisely which ciphers are available to a process, the list may be\nreduced.\n\nNote that the Modern profile is currently not supported because it is not\nyet well adopted by common software libraries.", + "enum": [ + "Old", + "Intermediate", + "Modern", + "Custom" + ], + "type": "string" } }, "type": "object" }, + "tokenGenerationService": { + "description": "TokenGenerationService configures the service for generating tokens to access VNC for a VM.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "commonTemplates" + ], + "type": "object" + }, + "status": { + "description": "SSPStatus defines the observed state of SSP", + "properties": { "conditions": { - "description": "Conditions of the Tempo deployment health.", + "description": "A list of current conditions of the resource", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition represents the state of the operator's\nreconciliation functionality.", "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", - "maxLength": 32768, "type": "string" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", - "format": "int64", - "minimum": 0, - "type": "integer" - }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", - "maxLength": 1024, - "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { - "description": "status of the condition, one of True, False, Unknown.", - "enum": [ - "True", - "False", - "Unknown" - ], "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "description": "ConditionType is the state of the operator's reconciliation functionality.", "type": "string" } }, "required": [ - "lastTransitionTime", - "message", - "reason", "status", "type" ], @@ -328242,16 +288211,29 @@ }, "type": "array" }, + "observedGeneration": { + "description": "ObservedGeneration is the latest generation observed by the operator.", + "format": "int64", + "type": "integer" + }, + "observedVersion": { + "description": "The observed version of the resource", + "type": "string" + }, "operatorVersion": { - "description": "Version of the Tempo Operator.", + "description": "The version of the resource as defined by the operator", "type": "string" }, - "tempoQueryVersion": { - "description": "DEPRECATED. Version of the Tempo Query component used.", + "paused": { + "description": "Paused is true when the operator notices paused annotation.", + "type": "boolean" + }, + "phase": { + "description": "Phase is the current phase of the deployment", "type": "string" }, - "tempoVersion": { - "description": "Version of the managed Tempo instance.", + "targetVersion": { + "description": "The desired version of the resource", "type": "string" } }, @@ -328262,14 +288244,14 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "tempo.grafana.com", - "kind": "TempoStack", - "version": "v1alpha1" + "group": "ssp.kubevirt.io", + "kind": "SSP", + "version": "v1beta3" } ] }, - "tempo.grafana.com/v1alpha1/TempoStackList": { - "description": "TempoStackList is a list of TempoStack", + "ssp.kubevirt.io/v1beta3/SSPList": { + "description": "SSPList is a list of SSP", "namespaced": true, "properties": { "apiVersion": { @@ -328277,9 +288259,9 @@ "type": "string" }, "items": { - "description": "List of tempostacks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "List of ssps. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "$ref": "#/components/schemas/com.grafana.tempo.v1alpha1.TempoStack" + "$ref": "#/components/schemas/io.kubevirt.ssp.v1beta3.SSP" }, "type": "array" }, @@ -328302,9 +288284,828 @@ "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "tempo.grafana.com", - "kind": "TempoStackList", - "version": "v1alpha1" + "group": "ssp.kubevirt.io", + "kind": "SSPList", + "version": "v1beta3" + } + ] + }, + "storage.k8s.io/v1/CSIDriver": { + "description": "CSIDriver captures information about a Container Storage Interface (CSI) volume driver deployed on the cluster. Kubernetes attach detach controller uses this object to determine whether attach is required. Kubelet uses this object to determine whether pod information needs to be passed on mount. CSIDriver objects are non-namespaced.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object metadata. metadata.Name indicates the name of the CSI driver that this object refers to; it MUST be the same name returned by the CSI GetPluginName() call for that driver. The driver name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIDriverSpec" + } + ], + "default": {}, + "description": "spec represents the specification of the CSI Driver." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSIDriver", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/CSIDriverList": { + "description": "CSIDriverList is a collection of CSIDriver objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of CSIDriver", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIDriver" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSIDriverList", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/CSINode": { + "description": "CSINode holds information about all CSI drivers installed on a node. CSI drivers do not need to create the CSINode object directly. As long as they use the node-driver-registrar sidecar container, the kubelet will automatically populate the CSINode object for the CSI driver as part of kubelet plugin registration. CSINode has the same name as a node. If the object is missing, it means either there are no CSI Drivers available on the node, or the Kubelet version is low enough that it doesn't create this object. CSINode has an OwnerReference that points to the corresponding node object.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. metadata.name must be the Kubernetes node name." + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSINodeSpec" + } + ], + "default": {}, + "description": "spec is the specification of CSINode" + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSINode", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/CSINodeList": { + "description": "CSINodeList is a collection of CSINode objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of CSINode", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSINode" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSINodeList", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/CSIStorageCapacity": { + "description": "CSIStorageCapacity stores the result of one CSI GetCapacity call. For a given StorageClass, this describes the available capacity in a particular topology segment. This can be used when considering where to instantiate new PersistentVolumes.\n\nFor example this can express things like: - StorageClass \"standard\" has \"1234 GiB\" available in \"topology.kubernetes.io/zone=us-east1\" - StorageClass \"localssd\" has \"10 GiB\" available in \"kubernetes.io/hostname=knode-abc123\"\n\nThe following three cases all imply that no capacity is available for a certain combination: - no object exists with suitable topology and storage class name - such an object exists, but the capacity is unset - such an object exists, but the capacity is zero\n\nThe producer of these objects can decide which approach is more suitable.\n\nThey are consumed by the kube-scheduler when a CSI driver opts into capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler compares the MaximumVolumeSize against the requested size of pending volumes to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back to a comparison against the less precise Capacity. If that is also unset, the scheduler assumes that capacity is insufficient and tries some other node.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "capacity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + ], + "description": "capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.\n\nThe semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "maximumVolumeSize": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + ], + "description": "maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.\n\nThis is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim." + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-, a generated name, or a reverse-domain name which ends with the unique CSI driver name.\n\nObjects are namespaced.\n\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "nodeTopology": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "nodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable." + }, + "storageClassName": { + "default": "", + "description": "storageClassName represents the name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.", + "type": "string" + } + }, + "required": [ + "storageClassName" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSIStorageCapacity", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/CSIStorageCapacityList": { + "description": "CSIStorageCapacityList is a collection of CSIStorageCapacity objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of CSIStorageCapacity objects.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.CSIStorageCapacity" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "CSIStorageCapacityList", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/StorageClass": { + "description": "StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.\n\nStorageClasses are non-namespaced; the name of the storage class according to etcd is in ObjectMeta.Name.", + "namespaced": false, + "properties": { + "allowVolumeExpansion": { + "description": "allowVolumeExpansion shows whether the storage class allow volume expand.", + "type": "boolean" + }, + "allowedTopologies": { + "description": "allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TopologySelectorTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "mountOptions": { + "description": "mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. e.g. [\"ro\", \"soft\"]. Not validated - mount of the PVs will simply fail if one is invalid.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "parameters": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "parameters holds the parameters for the provisioner that should create volumes of this storage class.", + "type": "object" + }, + "provisioner": { + "default": "", + "description": "provisioner indicates the type of the provisioner.", + "type": "string" + }, + "reclaimPolicy": { + "description": "reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. Defaults to Delete.\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", + "enum": [ + "Delete", + "Recycle", + "Retain" + ], + "type": "string" + }, + "volumeBindingMode": { + "description": "volumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.\n\nPossible enum values:\n - `\"Immediate\"` indicates that PersistentVolumeClaims should be immediately provisioned and bound. This is the default mode.\n - `\"WaitForFirstConsumer\"` indicates that PersistentVolumeClaims should not be provisioned and bound until the first Pod is created that references the PeristentVolumeClaim. The volume provisioning and binding will occur during Pod scheduing.", + "enum": [ + "Immediate", + "WaitForFirstConsumer" + ], + "type": "string" + } + }, + "required": [ + "provisioner" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "StorageClass", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/StorageClassList": { + "description": "StorageClassList is a collection of storage classes.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of StorageClasses", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.StorageClass" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "StorageClassList", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/VolumeAttachment": { + "description": "VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node.\n\nVolumeAttachment objects are non-namespaced.", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachmentSpec" + } + ], + "default": {}, + "description": "spec represents specification of the desired attach/detach volume behavior. Populated by the Kubernetes system." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachmentStatus" + } + ], + "default": {}, + "description": "status represents status of the VolumeAttachment request. Populated by the entity completing the attach or detach operation, i.e. the external-attacher." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "VolumeAttachment", + "version": "v1" + } + ] + }, + "storage.k8s.io/v1/VolumeAttachmentList": { + "description": "VolumeAttachmentList is a collection of VolumeAttachment objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of VolumeAttachments", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.storage.v1.VolumeAttachment" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "storage.k8s.io", + "kind": "VolumeAttachmentList", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/BrokerTemplateInstance": { + "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" + } + ], + "default": {}, + "description": "spec describes the state of this BrokerTemplateInstance." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "BrokerTemplateInstance", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/BrokerTemplateInstanceList": { + "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of BrokerTemplateInstances", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.BrokerTemplateInstance" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "BrokerTemplateInstanceList", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/Template": { + "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", + "type": "object" + }, + "message": { + "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "objects": { + "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", + "items": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "type": "array" + }, + "parameters": { + "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.Parameter" + } + ], + "default": {} + }, + "type": "array" + } + }, + "required": [ + "objects" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "Template", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/TemplateInstance": { + "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstanceSpec" + } + ], + "default": {}, + "description": "spec describes the desired state of this TemplateInstance." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstanceStatus" + } + ], + "default": {}, + "description": "status describes the current state of this TemplateInstance." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "TemplateInstance", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/TemplateInstanceList": { + "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of Templateinstances", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.TemplateInstance" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "TemplateInstanceList", + "version": "v1" + } + ] + }, + "template.openshift.io/v1/TemplateList": { + "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of templates", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.template.v1.Template" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "template.openshift.io", + "kind": "TemplateList", + "version": "v1" } ] }, @@ -329151,43 +289952,6 @@ } ] }, - "v1/APIGroupList": { - "description": "APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.", - "namespaced": true, - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "groups": { - "description": "groups is a list of APIGroup.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - } - ], - "default": {} - }, - "type": "array" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - }, - "required": [ - "groups" - ], - "type": "object", - "x-kubernetes-group-version-kind": [ - { - "group": "", - "kind": "APIGroupList", - "version": "v1" - } - ] - }, "v1/APIResourceList": { "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", "namespaced": true, diff --git a/class_generator/tests/manifests/ClusterOperator/cluster_operator.py b/class_generator/tests/manifests/ClusterOperator/cluster_operator.py index 93ed44581f..6691842c8f 100644 --- a/class_generator/tests/manifests/ClusterOperator/cluster_operator.py +++ b/class_generator/tests/manifests/ClusterOperator/cluster_operator.py @@ -7,10 +7,9 @@ class ClusterOperator(Resource): """ - ClusterOperator is the Custom Resource object which holds the current state - of an operator. This object is used by operators to convey their state to - the rest of the cluster. - + ClusterOperator holds the status of a core or optional OpenShift component + managed by the Cluster Version Operator (CVO). This object is used by + operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). """ diff --git a/class_generator/tests/test_class_generator.py b/class_generator/tests/test_class_generator.py index 9e9f3485d3..3c95982f95 100644 --- a/class_generator/tests/test_class_generator.py +++ b/class_generator/tests/test_class_generator.py @@ -91,21 +91,21 @@ def test_parse_explain(tmp_path: Path) -> None: """Test all resource kinds in parallel and collect all failures.""" # List of all resource kinds to test resource_kinds = [ - "Pod", - "Pipeline", - "OAuth", - "Ingress", + "APIServer", "ClusterOperator", - "ImageContentSourcePolicy", - "ServiceMeshMember", - "NMState", + "ConfigMap", + "DNS", "Deployment", + "ImageContentSourcePolicy", "Machine", - "APIServer", + "NMState", + "OAuth", + "Pipeline", + "Pod", "Secret", - "ConfigMap", - "DNS", + "ServiceMeshMember", "ServingRuntime", + "Ingress", "RouteAdvertisements", ] diff --git a/ocp_resources/multi_namespace_virtual_machine_storage_migration.py b/ocp_resources/multi_namespace_virtual_machine_storage_migration.py new file mode 100644 index 0000000000..7fde705020 --- /dev/null +++ b/ocp_resources/multi_namespace_virtual_machine_storage_migration.py @@ -0,0 +1,49 @@ +# Generated using https://github.com/RedHatQE/openshift-python-wrapper/blob/main/scripts/resource/README.md + + +from typing import Any +from ocp_resources.resource import NamespacedResource +from ocp_resources.exceptions import MissingRequiredArgumentError + + +class MultiNamespaceVirtualMachineStorageMigration(NamespacedResource): + """ + VirtualMachineStorageMigration is the Schema for the virtualmachinestoragemigrations API + """ + + api_group: str = NamespacedResource.ApiGroup.MIGRATIONS_KUBEVIRT_IO + + def __init__( + self, + multi_namespace_virtual_machine_storage_migration_plan_ref: dict[str, Any] | None = None, + **kwargs: Any, + ) -> None: + r""" + Args: + multi_namespace_virtual_machine_storage_migration_plan_ref (dict[str, Any]): ObjectReference contains enough information to let you inspect or + modify the referred object. + + """ + super().__init__(**kwargs) + + self.multi_namespace_virtual_machine_storage_migration_plan_ref = ( + multi_namespace_virtual_machine_storage_migration_plan_ref + ) + + def to_dict(self) -> None: + super().to_dict() + + if not self.kind_dict and not self.yaml_file: + if self.multi_namespace_virtual_machine_storage_migration_plan_ref is None: + raise MissingRequiredArgumentError( + argument="self.multi_namespace_virtual_machine_storage_migration_plan_ref" + ) + + self.res["spec"] = {} + _spec = self.res["spec"] + + _spec["multiNamespaceVirtualMachineStorageMigrationPlanRef"] = ( + self.multi_namespace_virtual_machine_storage_migration_plan_ref + ) + + # End of generated code diff --git a/ocp_resources/multi_namespace_virtual_machine_storage_migration_plan.py b/ocp_resources/multi_namespace_virtual_machine_storage_migration_plan.py new file mode 100644 index 0000000000..d8a15e7cb1 --- /dev/null +++ b/ocp_resources/multi_namespace_virtual_machine_storage_migration_plan.py @@ -0,0 +1,54 @@ +# Generated using https://github.com/RedHatQE/openshift-python-wrapper/blob/main/scripts/resource/README.md + + +from typing import Any +from ocp_resources.resource import NamespacedResource +from ocp_resources.exceptions import MissingRequiredArgumentError + + +class MultiNamespaceVirtualMachineStorageMigrationPlan(NamespacedResource): + """ + MultiNamespaceVirtualMachineStorageMigrationPlan is the Schema for the multinamespacevmstoragemigrationplans API + """ + + api_group: str = NamespacedResource.ApiGroup.MIGRATIONS_KUBEVIRT_IO + + def __init__( + self, + namespaces: list[Any] | None = None, + retention_policy: str | None = None, + **kwargs: Any, + ) -> None: + r""" + Args: + namespaces (list[Any]): The virtual machines to migrate per namespace. + + retention_policy (str): RetentionPolicy indicates whether to keep or delete the source + DataVolume/PVC after each VM migration completes in each created + namespace plan. When set to "deleteSource", every created + VirtualMachineStorageMigrationPlan will have retentionPolicy set + to deleteSource. When "keepSource" or unset, child plans keep + their per-namespace spec or default to keepSource. + + """ + super().__init__(**kwargs) + + self.namespaces = namespaces + self.retention_policy = retention_policy + + def to_dict(self) -> None: + super().to_dict() + + if not self.kind_dict and not self.yaml_file: + if self.namespaces is None: + raise MissingRequiredArgumentError(argument="self.namespaces") + + self.res["spec"] = {} + _spec = self.res["spec"] + + _spec["namespaces"] = self.namespaces + + if self.retention_policy is not None: + _spec["retentionPolicy"] = self.retention_policy + + # End of generated code diff --git a/ocp_resources/virtual_machine_storage_migration.py b/ocp_resources/virtual_machine_storage_migration.py new file mode 100644 index 0000000000..9bf0ff6158 --- /dev/null +++ b/ocp_resources/virtual_machine_storage_migration.py @@ -0,0 +1,43 @@ +# Generated using https://github.com/RedHatQE/openshift-python-wrapper/blob/main/scripts/resource/README.md + + +from typing import Any +from ocp_resources.resource import NamespacedResource +from ocp_resources.exceptions import MissingRequiredArgumentError + + +class VirtualMachineStorageMigration(NamespacedResource): + """ + VirtualMachineStorageMigration is the Schema for the virtualmachinestoragemigrations API + """ + + api_group: str = NamespacedResource.ApiGroup.MIGRATIONS_KUBEVIRT_IO + + def __init__( + self, + virtual_machine_storage_migration_plan_ref: dict[str, Any] | None = None, + **kwargs: Any, + ) -> None: + r""" + Args: + virtual_machine_storage_migration_plan_ref (dict[str, Any]): ObjectReference contains enough information to let you inspect or + modify the referred object. + + """ + super().__init__(**kwargs) + + self.virtual_machine_storage_migration_plan_ref = virtual_machine_storage_migration_plan_ref + + def to_dict(self) -> None: + super().to_dict() + + if not self.kind_dict and not self.yaml_file: + if self.virtual_machine_storage_migration_plan_ref is None: + raise MissingRequiredArgumentError(argument="self.virtual_machine_storage_migration_plan_ref") + + self.res["spec"] = {} + _spec = self.res["spec"] + + _spec["virtualMachineStorageMigrationPlanRef"] = self.virtual_machine_storage_migration_plan_ref + + # End of generated code diff --git a/ocp_resources/virtual_machine_storage_migration_plan.py b/ocp_resources/virtual_machine_storage_migration_plan.py new file mode 100644 index 0000000000..435c2eb4bc --- /dev/null +++ b/ocp_resources/virtual_machine_storage_migration_plan.py @@ -0,0 +1,53 @@ +# Generated using https://github.com/RedHatQE/openshift-python-wrapper/blob/main/scripts/resource/README.md + + +from typing import Any +from ocp_resources.resource import NamespacedResource +from ocp_resources.exceptions import MissingRequiredArgumentError + + +class VirtualMachineStorageMigrationPlan(NamespacedResource): + """ + VirtualMachineStorageMigrationPlan is the Schema for the virtualmachinestoragemigrationplans API + """ + + api_group: str = NamespacedResource.ApiGroup.MIGRATIONS_KUBEVIRT_IO + + def __init__( + self, + retention_policy: str | None = None, + virtual_machines: list[Any] | None = None, + **kwargs: Any, + ) -> None: + r""" + Args: + retention_policy (str): RetentionPolicy indicates whether to keep or delete the source + DataVolume/PVC after each VM migration completes. When + "keepSource" (default), the source is preserved. When + "deleteSource", the source DataVolume is deleted if it exists, + otherwise the source PVC is deleted. + + virtual_machines (list[Any]): The virtual machines to migrate. + + """ + super().__init__(**kwargs) + + self.retention_policy = retention_policy + self.virtual_machines = virtual_machines + + def to_dict(self) -> None: + super().to_dict() + + if not self.kind_dict and not self.yaml_file: + if self.virtual_machines is None: + raise MissingRequiredArgumentError(argument="self.virtual_machines") + + self.res["spec"] = {} + _spec = self.res["spec"] + + _spec["virtualMachines"] = self.virtual_machines + + if self.retention_policy is not None: + _spec["retentionPolicy"] = self.retention_policy + + # End of generated code